C
C#3mo ago
Abdesol

How to disable Microsoft Identity Web generated endpoints and redirection

So, in my project, I am trying to use microsoft identity for azure ad b2c configuration. But the problem is, it created its own endpoints, and now whenever I go to a non existing endpoint, it just chooses to redirect to the azure ad b2c provided remote url. It is weird what is going on. I only have it here in my asp.net webapi project: 
builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    builder.Configuration.GetSection("AzureAdB2C").Bind(options);
    options.Scope.Add(options.ClientId!);
    options.SaveTokens = true;
});
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));
builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    builder.Configuration.GetSection("AzureAdB2C").Bind(options);
    options.Scope.Add(options.ClientId!);
    options.SaveTokens = true;
});
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));
Is there any obvious way I can remove the additional things created with it? I tried directly setting up open id connect.. but it still does the same thing. Thank you!
21 Replies
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
okay, so, my program.cs is this: 
var builder = WebApplication.CreateBuilder(args);

builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    builder.Configuration.GetSection("AzureAdB2C").Bind(options);
    options.Scope.Add(options.ClientId!);
    options.SaveTokens = true;
});
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));

builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });

builder.Services.AddControllers();

builder.Services.AddScoped<IExpenseService, ExpenseService>();
builder.Services.AddScoped<IReceiptService, ReceiptService>();

builder.Services.AddCors(CorsConfig.CorsPolicyConfig);

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();
app.UseCors(CorsConfig.CorsPolicyName);
app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();
var builder = WebApplication.CreateBuilder(args);

builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    builder.Configuration.GetSection("AzureAdB2C").Bind(options);
    options.Scope.Add(options.ClientId!);
    options.SaveTokens = true;
});
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));

builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });

builder.Services.AddControllers();

builder.Services.AddScoped<IExpenseService, ExpenseService>();
builder.Services.AddScoped<IReceiptService, ReceiptService>();

builder.Services.AddCors(CorsConfig.CorsPolicyConfig);

builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();
app.UseCors(CorsConfig.CorsPolicyName);
app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();
and for example, I have AccountController.cs defined.. but it is actuall using the ones from the microsoft identity I tried removing my own version of account controller, but it actually exist additionally, it calls the signin endpoint from its account controller whenever I do endpoints which are not defined.. I tried with stuff like /dsffasdfdsafdsafds and it goes to the sign in path of the azure ad b2c
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
here, what I mean is basically, I do break points in my accounts controller endpoints, but when I go to the /account/signin endpoint on my browser, it doesn't break here, but it goes to the other account controller which is provided by microsoft.identity.web.ui
No description
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
Okay
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
let me show you
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
I am recording rn
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
this is what I mean
Abdesol
AbdesolOP3mo ago
btw, that user secret id that is in the video is just a guid generated by my pc.. it is not related to azure or anything
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
okay, I think I understand now. I was also looking for ways to disable this but btw, what is the problem when I do random non existing endpoints it is redirecting to azure ad b2c?
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
oh, interesting. Thank you so much for pointing that out
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
Yeah. I have seen that, and I appreciate that, I think I need to carefully go through every basic thing in the docs first The first task will be to fix the issue of not going to my breakpoint of accounts controller etc.. I wanna redirect users to azure ad b2c manually. I am really not looking for branding now, and this is azure services learning and practicing project I am working on. I just wanna have the authority of the endpoints to my self :catsweat:
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
Abdesol
AbdesolOP3mo ago
yeah @TeBeCo 
options.Events = new OpenIdConnectEvents()
{
    OnRedirectToIdentityProvider = context =>
    {
        if (context.Request.Path != "/account/signin")
        {
            var endpoint = context.HttpContext.GetEndpoint();
            context.Response.StatusCode = endpoint != null ? StatusCodes.Status401Unauthorized : StatusCodes.Status404NotFound;
            context.HandleResponse();
        }
        
        return Task.CompletedTask;
    }
};
options.Events = new OpenIdConnectEvents()
{
    OnRedirectToIdentityProvider = context =>
    {
        if (context.Request.Path != "/account/signin")
        {
            var endpoint = context.HttpContext.GetEndpoint();
            context.Response.StatusCode = endpoint != null ? StatusCodes.Status401Unauthorized : StatusCodes.Status404NotFound;
            context.HandleResponse();
        }
        
        return Task.CompletedTask;
    }
};
This was just what I was looking for and I made it so, only /account/signin can redirect to idp the problem was, when I call endpoints which need authorization, it used to redirect to idp
Want results from more Discord servers?
Add your server