microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard
verified publisher icon AzureAD

How to change login path

Open DaleyKD opened this issue 2 years ago • 2 comments

Please check all that apply

  • [ ] typo
  • [x] documentation doesn't exist
  • [ ] documentation needs clarification
  • [ ] error(s) in the example
  • [ ] needs an example

Description of the issue

I feel like #906 wasn't properly answered.

When a user comes to my site, if they are not authenticated, I'd like them to be redirected to a Sign In page instead of immediately being redirected to login.microsoftonline.com (aka, /MicrosoftIdentity/Account/SignIn).

However, I can't find where we can change that path. Every thing I've tried so far doesn't work, and I'm always redirected to /MicrosoftIdentity/Account/SignIn (which issues a Challenge).

DaleyKD avatar Oct 09 '23 22:10 DaleyKD

I've tried the following combinations:

services.ConfigureApplicationCookie(o =>
{
    o.LoginPath = new PathString("/Account/Login");
});

services.PostConfigure<CookieAuthenticationOptions>(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
    options.LoginPath = new PathString("/Account/Login");
});

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
        .AddMicrosoftIdentityWebApp(
                    o => configuration.GetSection("AzureAD").Bind(o),
                    o =>
                    {
                        o.LoginPath = new PathString("/Account/Login");
                    });

DaleyKD avatar Oct 10 '23 13:10 DaleyKD

Here's what I have today, that seems to work (at least at first glance). However, I do have concern about any code that would issue a ChallengeAsync(). By default, it would try to redirect to the login page. (There are some instances where we want to go ahead and go straight to Azure AD, like incremental consent.)

var webApiAuthenticationBuilder = services
    .AddAuthentication(o =>
    {
        // This does not _feel_ right. Most online examples have these schemes swapped.
        o.DefaultScheme = OpenIdConnectDefaults.AuthenticationScheme;
        o.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    })
    .AddMicrosoftIdentityWebApp(o =>
    {
        configuration.GetSection("AzureAD").Bind(o);
    },
    o =>
    {
        o.LoginPath = new PathString("/Account/Login");
    })
    .EnableTokenAcquisitionToCallDownstreamApi(graphScopes)
    .AddMicrosoftGraph(configuration.GetSection("MicrosoftGraph"))
    .AddDownstreamApi("MyApi", configuration.GetSection("MyApi"));

if (isDev)
{
    webApiAuthenticationBuilder.AddInMemoryTokenCaches();
}
else
{
    webApiAuthenticationBuilder.AddDistributedTokenCaches();
    services.AddStackExchangeRedisCache(options =>
    {
        options.Configuration = configuration.GetConnectionString("RedisCache");
        options.InstanceName = "MyWeb";
    });
}

DaleyKD avatar Oct 10 '23 16:10 DaleyKD