Azure B2C SignIn Policy Custom Page URI is not called from OWIN

0
votes

I have set sign-in policy custom page URI in blob storage, but it always go to Microsoft login page. I am using owin and code as follow : 

 public void ConfigureAuth(IAppBuilder app)
 {                 app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

 app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                PostLogoutRedirectUri = postLogoutRedirectUri,
                RedirectUri = postLogoutRedirectUri,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthenticationFailed = context =>
                    {
                        context.HandleResponse();
                        context.Response.Redirect("/Error?message=" + context.Exception.Message);
                        return Task.FromResult(0);
                    }
                }
            });
    }

Page is configured and it is working.

enter image description here

Following URL I am using 

 <add key="ida:AADInstance" value="https://login.microsoftonline.com/te/{0}/{1}/v2.0/.well-known/openid-configuration" />

I using following sample : https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi

Getting following error:

 Response status code does not indicate success: 404 (Not Found). 

 Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).

Following is the Microsoft default login screen : enter image description here

2
asp.net-mvc-4owinazure-ad-b2c
Can you add a screenshot of the "Microsoft login page" you are referring to? - Saca
@Saca: I have updated question with Microsoft login page. - Furqan Misarwala
When do you get the 404 error then if the page seems to look successfully (though without your customization) - Saca
I am facing the same issue as it has been mentioned in the following, I see the different URL generated from owin, in this case I am getting 404 error: stackoverflow.com/questions/44133401/… - Furqan Misarwala
What is the different URL that you see generated? Did you update your Identity related nugget packages as per that StackOverflow post? - Saca

2 Answers

1
votes

Never mind guys the problem was resolved by updating Microsoft.IdentityModel.Protocol.Extensions to version 1.0.4.4 or later.

Hope this helps anyone who is still struggling with this.

0
votes

If you're still getting the 404 error, you might consider checking the following:

  1. Check your B2C policie's metadata endpoint and base your AADInstance url on that. Example in my policy I have the following: Sign-in policy metadata endpoint

So I would have an AADInstance url = "https://login.microsoftonline.com/{0}/v2.0/.well-known/openid-configuration?p={1}"

  1. In your OpenIdConnectAuthenticationOptions, use the Metadata property instead of Authority and use the AADInstance above from your metadata endpoint.

    new OpenIdConnectAuthenticationOptions { ClientId = clientId, MetadataAddress = String.Format(<AadInstance>, <Tenant>,<SignInPolicyId>), PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = context => { context.HandleResponse(); context.Response.Redirect("/Error?message=" + context.Exception.Message); return Task.FromResult(0); } } });

Additional note, you mentioned in your question that you

have set sign-in policy custom page URI in blob storage, but it always go to Microsoft login page

Note that your custom HTML will only be used to change how the page looks, but the page will still have the login.microsoftonline.com domain. And also, as stated in the documentation, "currently, local account sign-in pages, its accompanying password reset pages and verification emails can be customized only by using the company branding feature" .