Razor WebApp & Azure Active Directory SSO Redirect Non tenant users

Dylan Bell 0 Reputation points
2024-03-19T02:08:51.04+00:00

I have connected my razor web app with aad sso which works and performs as expected. However, when a user tries to login that is not part of the aad tenant, it defaults to the basic error page which then shows the tenant's name, appid etc.

How am I able to redirect users?

Connected aad/sso in vs2022 via: Connected Services -> Microsoft Identity platform

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,799 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,293 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carlos Solís Salazar 16,346 Reputation points
    2024-03-23T19:02:29.57+00:00

    I think you should fix it at the code level of your application.

    You can customize the CallbackPath in your AzureAd settings in the appsettings.json file. This path is where the user is redirected after they authenticate with AAD (https://stackoverflow.com/questions/61426913/change-redirecturi-and-callbackpath-for-azuread-authentication-in-net-core-3-1)

    You can also create a custom controller action that checks the role of the logged user and redirects them accordingly

    Here’s a sample code snippet for your Startup.cs file:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));
        services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
        {
            options.Events = new OpenIdConnectEvents
            {
                OnRemoteFailure = context =>
                {
                    context.HandleResponse();
                    context.Response.Redirect("/Error");
                    return Task.FromResult(0);
                }
            };
        });
    }
    
    

    In this code, "/Error" is the path to your custom error page. You can replace it with the path to your error page.

    More info: https://devcodef1.com/news/1183190/razorwebapp-and-azure-ad-sso-non-tenant-user-redirects

    If the answer helped you consider accepting it.

    0 comments No comments