0

When the user login with his e-mail and it is not registered on Azure AD then the custom error page should be redirected instead of static microsoft page. When the authentication is verified and the user is not in the my enterprise then the user should be redirected to custom access denied page.I tried using UsestatusCodePages but it was not working. I have attatched the startup.auth.cs code below

//This is my startup.auth.cs file

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Configuration;
using System.IdentityModel.Claims;
using System.Threading.Tasks;
using System.Web;
using wdgportal.Models;

namespace wdgportal
{
    public partial class Startup
    {
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        public static readonly string Authority = aadInstance + tenantId;

        // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
        string graphResourceId = "https://graph.microsoft.com";

        public void ConfigureAuth(IAppBuilder app)
        {
            ApplicationDbContext db = new ApplicationDbContext();

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());


            //app.UseStatusCodePages(context =>
            //{
            //    if (context.HttpContext.Response.StatusCode == 403)
            //    {
            //        // your redirect
            //    }
            //});

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = Authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,

                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {
                        // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                        AuthorizationCodeReceived = (context) =>
                        {
                            var code = context.Code;
                            ClientCredential credential = new ClientCredential(clientId, appKey);
                            string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                            AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                            AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                            code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
                           // AccountHelper.token = result.AccessToken;
                            return Task.FromResult(0);
                        },
                         AuthenticationFailed = context =>
                         {
                             context.HandleResponse();
                             context.Response.Redirect("/Error/message=" + context.Exception.Message);

                             return Task.FromResult(0);
                         }
                    }
                });
        }
           

    }
}
sadiqshaik
  • 11
  • 5
  • Inside your OIDC middleware, you're using the AuthenticationFailed callback, why not just redirect them to your custom page there? – GH DevOps Nov 30 '22 at 20:24
  • @GHDevOps could you please let me know how I could get inside the OIDC middleware? – sadiqshaik Dec 01 '22 at 17:56
  • Inisde app.UseOpenIdConnectAuthentication(), you're setting the callback notifications (OpenIdConnectAuthenticationNotfications()), put a breakpoint at context.HandleResponse(); inside AuthenticationFailed and see the context object when broken. – GH DevOps Dec 01 '22 at 19:11
  • context.Response.Redirect is probably handling your error redirects. – GH DevOps Dec 01 '22 at 19:12
  • I have tried the same but it is not redirecting and when a non-access user tries to log in it will redirect to the official Microsoft page as authentication failed, contact the owner. – sadiqshaik Dec 05 '22 at 13:01

0 Answers0