Microsoft-identity-web: Cancel button redirects to /

Created on 29 Sep 2020  路  10Comments  路  Source: AzureAD/microsoft-identity-web

On the B2C login form we have two additional links:
image

which lead us to the next sections:
image
image

Both of them have cancel button in place.

But when I click cancel I'm redirected not to the main login form, but to my_app_host/.

Could you please describe how can I override this behavior and make those buttons redirect me to the login form (first image)?

Answered b2c external question

All 10 comments

We have this web app B2C sample. When I run it, the cancel button redirects to the login page correctly. Perhaps Reply URL needs to be set?

Hi @pmaytak the problem was that in my application I have [Authorize] applied on a single action only when in the app you mentioned it's applied globally. It also has / route (which leads to /Home/Index) and that makes the cancel button work.

Ok, probably I know another case.

  1. Open the app and go to https://localhost:5000/todolist/create
  2. Login properly
  3. You are on /todolist/create as expected

But

  1. Open the app and go to https://localhost:5000/todolist/create
  2. Press Forgot your password?
  3. Press Cancel
  4. Log in properly
  5. Boom! You are on /, but not on /todolist/create as requested

Thank you for that detailed repro. We'll investigate.

@pmaytak do you have an update on this?

@jennyf19 I didn't get a chance to look at it. Could you investigate, if not I can make time after my current work item.

@hankovich Apologies for a late reply.

This behavior applies also to the Sign up, and Edit Profile flows. When a user cancels that action, the error is caught and redirected back to home page here:
https://github.com/AzureAD/microsoft-identity-web/blob/66103b7790904221f04f70592c8e6d4dcc73428c/src/Microsoft.Identity.Web/AzureADB2COpenIDConnectEventHandlers.cs#L83

And additionally in Microsoft.Identity.Web.UI AccountController, there are home page redirects after those user flows are successfully finished. Like here:
https://github.com/AzureAD/microsoft-identity-web/blob/66103b7790904221f04f70592c8e6d4dcc73428c/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs#L144

I'll research a bit more on the fix.

@hankovich the problem is that currently the "reset-password" flow is handled by the application. the b2C team is working on making it handled by the service itself (which should have been). When that's done, the behavior will be right.

Meanwhile, if you want to override the onRedirectToIdentityProvider even to detect that there is a password reset and it got cancelled, you might be able to do something. Would that work for you?
cc; @pmaytak

@jmprieur For now I do not want to handle it myself, I was thinking about it as a workaround for the issue with redirect.

Do you have any information on when the b2c team is going to release the changes you mentioned?

@nickgmicrosoft would you know?

@hankovich we have been told end of Dec 2020, so we will see. We'll keep you posted.

Was this page helpful?
0 / 5 - 0 ratings