Azure B2C authorize loop in sub-application

GccDev 1 Reputation point
2022-04-21T14:42:39.787+00:00

0

I'm currently using Azure B2C to authenticate a series of .NET 6 server-side Blazor apps and Web APIs. In IIS, the apps are setup as follows:

domain.com

domain.com/admin
domain.com/api1
domain.com/api2
domain.com/api3
If a user logs into domain.com and then navigates to domain.com/admin, /admin gets caught in an infinite authorize loop with Azure B2C. Then, if you browse back to domain.com and logout, you can navigate back to /admin and currently be signed in.

However, if you log into /admin first and navigate to domain.com, you will be successfully logged in. Then, if you navigate back to /admin, you get stuck in a auth loop again.

I have verified that the only difference between the 2 access tokens is the audience and the timestamps issued (of course). In B2C, I have both web applications set to accept access tokens from any app authorizing with the B2C domain.

I have also tried setting up my cookies with settings from here: Cookie Sharing.

Logging into domain.com then logging into /admin causes the loop. Then, if I log out of domain.com and navigate back /admin, the loop stops and I'm authenticated.

Dev tools show zero errors and from what I can tell in code, it appears like I am authenticated.

Any help/guidance I can get would be greatly appreciated.

Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,495 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Michael Washington 911 Reputation points MVP
    2022-04-23T14:25:22.873+00:00

    "domain.com" and "domain.com/admin" need to each have a Redirect URIs. It appears to me that "domain.com/admin" does not a a redirect URI set.

    0 comments No comments