This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 0%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
0
I'm currently using Azure B2C to authenticate a series of .NET 6 server-side Blazor apps and Web APIs. In IIS, the apps are setup as follows:
domain.com
domain.com/admin
domain.com/api1
domain.com/api2
domain.com/api3
If a user logs into domain.com and then navigates to domain.com/admin, /admin gets caught in an infinite authorize loop with Azure B2C. Then, if you browse back to domain.com and logout, you can navigate back to /admin and currently be signed in.
However, if you log into /admin first and navigate to domain.com, you will be successfully logged in. Then, if you navigate back to /admin, you get stuck in a auth loop again.
I have verified that the only difference between the 2 access tokens is the audience and the timestamps issued (of course). In B2C, I have both web applications set to accept access tokens from any app authorizing with the B2C domain.
I have also tried setting up my cookies with settings from here: Cookie Sharing.
Logging into domain.com then logging into /admin causes the loop. Then, if I log out of domain.com and navigate back /admin, the loop stops and I'm authenticated.
Dev tools show zero errors and from what I can tell in code, it appears like I am authenticated.
Any help/guidance I can get would be greatly appreciated.
Did you register both Blazor applications with Azure?
"domain.com" and "domain.com/admin" need to each have a Redirect URIs. It appears to me that "domain.com/admin" does not a a redirect URI set.