I think you should fix it at the code level of your application.
You can customize the CallbackPath
in your AzureAd
settings in the appsettings.json
file. This path is where the user is redirected after they authenticate with AAD (https://stackoverflow.com/questions/61426913/change-redirecturi-and-callbackpath-for-azuread-authentication-in-net-core-3-1)
You can also create a custom controller action that checks the role of the logged user and redirects them accordingly
Here’s a sample code snippet for your Startup.cs
file:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = context =>
{
context.HandleResponse();
context.Response.Redirect("/Error");
return Task.FromResult(0);
}
};
});
}
In this code, "/Error"
is the path to your custom error page. You can replace it with the path to your error page.
More info: https://devcodef1.com/news/1183190/razorwebapp-and-azure-ad-sso-non-tenant-user-redirects
If the answer helped you consider accepting it.