I have an ASP.NET Core MVC, .NET6 based WebApplication hosted in AWS as a docker image. It use Azure AD Identity to sign in users.
When the user opens up the page and logs in with Microsoft AD successfully but the redirect provided in the login URL is incorrect.
As for the flow:
- User opens the page in inPrivate view (no cookies/session)
- User is being redirected to Microsoft Login page
- User logs in successfully
- User is being redirected to the provided redired_uri
- User encounters an error message that the redirect_uri is incorrect.
Now the issue is that during redirect, the request_uri has http, which is invalid. Though this is not something I have set in the application. How/Where can edit/override the redirect_uri query parameter sent during the request?
There are tons of SO posts about how to edit Azure Application URI, but that one is correct. It is the REQUEST that is incorrect.
Also I do not want to redirect to alternative page, /home is prefect. The issue is the scheme is marked http:// and not https://.
Relevant snapshot of the program.cs
I appreciate your help!
CodePudding user response:
Issue
This is happening because your Docker application is using HTTP. SSL appears to have already been terminated by ALB or something similar.
About Redirect URI
Now, to answer your question, where does this /signin-oidc Uri originate? The.NET library uses this hard-coded Redirect Uri internally while constructing the authentication request. Once AzureAD redirects back to this Uri, the library internally intercepts and retrieves the code from the query parameter. Library further obtain access-token or ID Token by making another request to graph API.
Solution
You can look at and implement any solution suggested in the links below for the same problem.