Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect to application endpoint in custom RemoteAuthenticationHandler #61018

Closed
WenningQiu opened this issue Mar 19, 2025 · 1 comment
Closed

Redirect to application endpoint in custom RemoteAuthenticationHandler #61018

WenningQiu opened this issue Mar 19, 2025 · 1 comment
Labels
area-security

Comments

@WenningQiu
Copy link

I am implementing a custom RemoteAuthenticationHandler for ASP.NET Core applications (.NET 8), but cannot redirect to the application's endpoint after establishing the user's identity. I was able to see a 302 response in browser's network trace, but the location header does not contain the redirect URL argument passed to Context.Response.Redirect() (the header has a value of "/").

Below is the gist of my HandleRemoteAuthenticateAsync() method. Any suggestion is appreciated.

    public class MySsoHandler : RemoteAuthenticationHandler<MySsoOptions>
    {
        protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
        {
            // Build identity. Some code is omitted for clarity.
            var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
            var principal = new ClaimsPrincipal(identity);

            await Context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties()
                {
                    IsPersistent = true
                });

             // Want to redirect to application endpoint since the user identity is established
             // variable "redirectURL" has value of "https://localhost/AspNetCoreSample/Sample/login" at this point but the location header of the response message (302) has a value of "/" in browser's message trace.
             Context.Response.Redirect(redirectUrl);

             return HandleRequestResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name));
        }
    }
@WenningQiu
Copy link
Author

Instead of explicitly calling Context.Response.Redirect(), setting AuthenticationProperties.RedirectUri property appears to be the right thing to do.

                var authProperties = new AuthenticationProperties()
                {
                    RedirectUri = redirectUrl,
                };
                var ticket = new AuthenticationTicket(principal, authProperties, Scheme.Name);
                return HandleRequestResult.Success(ticket);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WenningQiu