New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microsoft Account OAuth2 sign-on fails when redirect URL is not under the website root #203
Comments
Scenario: The application root is Suppose public ActionResult LoginFB()
{
HttpContext.GetOwinContext().Authentication.Challenge(new
Microsoft.Owin.Security.AuthenticationProperties {
RedirectUri = "/securepage"
}, "Facebook");
return new HttpUnauthorizedResult();
} The issue is that after successful login through Facebook it will redirect to |
You're able to work around it by setting RedirectUri = "/OwinFbDemo/securepage", correct? The awkward bit is that if we fixed it anybody that had used this workaround would break. |
That worked. Thanks! |
The issue that shahriarhusainy described has obviously nothing to do with the issue I reported. Tratcher, did you have a chance to verify and/or take a look at what's going on? Just to be clear, I don't manually set RedirectUrl. it's just that because my app is hosted not under the website root, but under virtual directory. Thank you! |
Virtual directory or sub application? They behave quite differently. |
Sub application, sorry |
The error=access_denied parameter is fishy, that would be coming from the external MSA server. It sounds like an app registration problem in MSA. |
Not sure what you mean by "fishy". I just created a new application, under a different microsoft account. I have exactly the same problem. Works perfectly with https://localhost:44300/signin-microsoft. Fails with https://localhost:44300/booking/signin-microsoft. Is that a limitation of MSA? What can I do to help diagnose/fix this? |
@rxd2 your issue seems to be a dup of #212, not this one. @shahriarhusainy glad your issue is resolved, thanks @Tratcher! Closing this one. |
@rxd2 please file a separate issue as your issue doesn't seem to be related to this one either. |
@muratg Excuse me? It is my issue, I created it. How can it possibly be not "related to this issue"? |
@rxd2 you're right, my apologies. @shahriarhusainy's issue was unrelated. |
@muratg No problem, thank you! |
For example, https://my.site.com/signin-microsoft works but https://my.site.com/myapp/signin-microsoft does not.
GetOwinContext().Authentication.GetExternalLoginInfo() returns null. Callback URL contains error=access_denied parameter. Tracing shows Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationMiddleware Error: 0 : Authentication failed messages.
This is broken in 4.0.0, starting with 3.1.0.
Reproducible both with localhost and the actual domain name.
The text was updated successfully, but these errors were encountered: