Closed
Description
I am implementing a custom RemoteAuthenticationHandler for ASP.NET Core applications (.NET 8), but cannot redirect to the application's endpoint after establishing the user's identity. I was able to see a 302 response in browser's network trace, but the location header does not contain the redirect URL argument passed to Context.Response.Redirect() (the header has a value of "/").
Below is the gist of my HandleRemoteAuthenticateAsync() method. Any suggestion is appreciated.
public class MySsoHandler : RemoteAuthenticationHandler<MySsoOptions>
{
protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync()
{
// Build identity. Some code is omitted for clarity.
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
await Context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties()
{
IsPersistent = true
});
// Want to redirect to application endpoint since the user identity is established
// variable "redirectURL" has value of "https://localhost/AspNetCoreSample/Sample/login" at this point but the location header of the response message (302) has a value of "/" in browser's message trace.
Context.Response.Redirect(redirectUrl);
return HandleRequestResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name));
}
}