Windows Azure Active Directory Application Setup

StackOverflow https://stackoverflow.com/questions/23619969

  •  21-07-2023
  •  | 
  •  

Question

I have created WAAD application with several reply urls, e.g.

https://localhost:4444/Search

https://server/Search

https://stage.company.com/Search

https://production.company.com/Search

I am using WSFederationAuthencationModule.CreateSignInRequest method and passing in the reply URL based upon where the code is being executed 

    public ActionResult Federated()
    {
        var module = FederatedAuthentication.WSFederationAuthenticationModule;
        var scheme = Request.Url.Scheme;
        var replyUrl = Url.Action("Index", "Search", null, scheme);
        var requestMessage = module.CreateSignInRequest(Guid.NewGuid().ToString(), replyUrl, true);
        return new RedirectResult(requestMessage.RequestUrl);
    }

It seems that the code always redirects to the last Reply URL that I modified in the UI. It seems when you modify the Reply Url it is placed first in the manifest only that Reply Url is used.

Is my understanding Reply URL flawed?

Was it helpful?

Solution 2

What worked for me was setting the passiveRedirectEnabled to true in the config file. Then the returnUrl parameter in the FederatedAuthentication.WSFederationAuthenticationModule.CreateSignInRequest call worked!

  <wsFederation passiveRedirectEnabled="true" ....>

OTHER TIPS

I used your code in my project but wasn't able to reproduce the issue. The method that you are using produces a WSFed SSO request that contains the replyUrl encoded in the wctx parameter (pass the below SSO request produced by your code via a URL decoder and you'll see the encoded ru).

https://login.windows.net/dushyantgill.com/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fdushyantgill.com%2fWSFedTest&wctx=rm%3d1%26id%3d01b22db4-bfdc-4efd-abb5-2909cf445a51%26ru%3dhttps%253a%252f%252flocalhost%253a44311%252fHome%252fAbout&wct=2014-05-14T05%3a37%3a01Z

The OnAuthenticateRequest handler of the authentication module after processing the response, extracts the replyUrl from the wctx and redirects the user's agent. See http://msdn.microsoft.com/en-us/library/system.identitymodel.services.wsfederationauthenticationmodule.onauthenticaterequest(v=vs.110).aspx

Can you confirm that you have a SessionAuthenticationModule in the pipeline too. Finally, you can always construct your owner WSFed SSO request, with an explicit WReply parameter with one of the reply URLs that you have configured with your application in AAD.

Hope this helps.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top