search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.34k stars 9.99k forks source link

Pathbase with AAD authentication in Blazor Webassembly 3.2 Preview 4 not working correctly #21167

Closed tommiie closed 4 years ago

tommiie commented 4 years ago
  1. Create a Blazor wasm app with AAD authentication
  2. Run the app with a specific pathbase dotnet run –pathbase=/myapp
  3. Open the app
  4. The app is redirected to the AAD login
  5. Following exception occurs in the web browser console System.InvalidOperationException: Invalid return url. The return url needs to have the same origin as the current page.

The returnUrl in the URL is set correctly.

mkArtakMSFT commented 4 years ago

Thanks for contacting us. @javiercn can you please look into this? @tommiie, do you experience the same issue with Blazor WebAssembly 3.2 Preview 5? It actually shipped today!

javiercn commented 4 years ago

@tommiie thanks for contacting us.

You need to change the base path in the Index.html and account for that in the registered redirect url on your AAD application.

tommiie commented 4 years ago

@javiercn sorry but it is not working for me. Maybe it is important to know, that I built my app as a PWA. Here is what I tried:

  1. Update to version: Blazor Webassembly 3.2 Preview 5
  2. Add following redirectUri to my app registration: http://localhost:5000/timemanagement-dev
  3. Change base href tag in the index.html to <base href="/timemanagement-dev/" />
  4. Change start_url in manifest.json to "start_url": "/timemanagement-dev/"
  5. Add scope value to manifest.json: "scope": "/timemanagement-dev/"
  6. Open the app in a chrome browser: http://localhost:5000/timemanagement-dev
  7. App navigates to following url: http://localhost:5000/timemanagement-dev/authentication/login?returnUrl=http%3A%2F%2Flocalhost%3A5000%2Ftimemanagement-dev
  8. System.InvalidOperationException: Invalid return url. The return url needs to have the same origin as the current page. is thrown in web browser console
  9. Focus the address bar in the browser and press enter
  10. App redirects to http://localhost:5000/timemanagement-dev/authentication/login?returnUrl=http%3A%2F%2Flocalhost%3A5000%2Ftimemanagement-dev%2Fauthentication%2Flogin%3FreturnUrl%3Dhttp%253A%252F%252Flocalhost%253A5000%252Ftimemanagement-dev
  11. Login-Window opens
  12. Do login
  13. Now you are logged in successfully
tommiie commented 4 years ago

@javiercn now I found the problem. The exception is correct. The returnUrl is different to the origin. origin: http://localhost:5000/timemanagement-dev/authentication/login returnUrl: http://localhost:5000/timemanagement-dev

I have to add the string /authentication/login to the navigation url in RedirectToLogin.razor:

@code {
    protected override void OnInitialized()
    {
        Navigation.NavigateTo($"authentication/login?returnUrl={Uri.EscapeDataString(Navigation.Uri + "/authentication/login")}");
    }
}

But I cannot imagine that this should be default behavior/solution if you are working with different pathbases. Or am I wrong?

javiercn commented 4 years ago

@tommiie the "origin" should be http://localhost:5000/timemanagement-dev as in your sample. Otherwise there is an issue with your base path.

ghost commented 4 years ago

This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.

See our Issue Management Policies for more information.

JefSchraag commented 4 years ago

The generated returnUrl value is 

http://localhost:5000/timemanagement-dev

This value is checked to have the same origin as the base path which is

http://localhost:5000/timemanagement-dev/

The check fails because the generated returnUrl does not have the trailing slash.