Override redirectURI in Microsoft Identity Web

⚠️ Please refer to this GitHub issue link for more info on this feature.

Update the target framework (Optional!)

This sample was created on dotnet core 3.1, to update the target framework to use net5.0 intead, please do the following or refer back to this doc:

• Update YOUR_PROJECT.csproj under <Project Sdk="Microsoft.NET.Sdk.Web">:

  <Project Sdk="Microsoft.NET.Sdk.Web">
  
      <PropertyGroup>
  -    <TargetFramework>netcoreapp3.1</  TargetFramework>
  +    <TargetFramework>net5.0</  TargetFramework>
      </PropertyGroup>
  
  </Project>

  

• Delete bin and obj folders

  You may need to delete the bin and obj folders. Run dotnet nuget locals --clear all to clear the NuGet package cache

How to run this sample

Please refer back to the official Microsoft azure-samples page to learn more.

About the code

• Add the API permissions for your registered app

• From Startup.cs we will update the configure to implement OpenIdConnectOptions:

  services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
              .AddMicrosoftIdentityWebApp(Configuration)
              .EnableTokenAcquisitionToCallDownstreamApi()
              .AddInMemoryTokenCaches();
  
          services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme,
          options =>
          {
              var redirectToIdpHandler = options.Events.OnRedirectToIdentityProvider;
              options.Events.OnRedirectToIdentityProvider = async context =>
              {
                  // Call what Microsoft.Identity.Web is doing
                  await redirectToIdpHandler(context);
  
                  // Override the redirect URI to be what you want https://localhost:44321/signin-oidc
                  if (Configuration["AzureAd:WebAppURI"] != null)
                  {
                      context.ProtocolMessage.RedirectUri = Configuration["AzureAd:WebAppURI"] + Configuration["AzureAd:CallbackPath"];
                      System.Console.WriteLine("RedirectURL: " + Configuration["AzureAd:WebAppURI"] + Configuration["AzureAd:CallbackPath"]);
                  }
              };
  
              var redirectToIdpForSignOutHandler = options.Events.OnRedirectToIdentityProviderForSignOut;
              options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
              {
                  // Call what Microsoft.Identity.Web is doing
                  await redirectToIdpForSignOutHandler(context);
  
                  // Override the redirect URI to be what you want
                  if (Configuration["AzureAd:WebAppURI"] != null)
                  {
                      context.ProtocolMessage.PostLogoutRedirectUri = Configuration["AzureAd:WebAppURI"] + Configuration["AzureAd:SignedOutCallbackPath"];
                      System.Console.WriteLine("PostLogoutRedirectURL: " + Configuration["AzureAd:WebAppURI"] + Configuration["AzureAd:SignedOutCallbackPath"]);
                  }
              };
          });

• Update the appsettings.json and add the following parameter

  "AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "addidev.onmicrosoft.com",
  "TenantId": "YOUR_TENANTID",
  "ClientId": "YOUR_APPID",
  "CallbackPath": "/signin-oidc",
  "SignedOutCallbackPath": "/signout-callback-oidc",
  + "WebAppURI": "https://localhost:44321",
  
  // To call an API
  "ClientSecret": "YOUR_SECRET"
  
  },

• The expected output from running the code:

  Generate accessToken to call azure service management API

  Let's decode the accessToken