How to redirect to a specific web page after sign out from Entra ID

How to redirect to a specific web page after sign out from Entra ID

With some more digging I found the below changes resulted in a successful redirect to a page of my choosing.

I found that if the SignedOutCallbackPath is set to anything other than /signout-oidc, then on sign out, the user gets redirected to /Account/SignOut. This happens regardless of what SignedOutRedirectUri gets set to, since it's hardcoded into the AccountController provided as part of the Microsoft.Identity.Web.UI nuget package.

This lead to the following OpenIdConnectOptions configuration in Program.cs

builder.Services.Configure<OpenIdConnectOptions>(
    OpenIdConnectDefaults.AuthenticationScheme,
    options => {
        options.SignedOutCallbackPath = "/signout-callback-oidc";
        options.SignedOutRedirectUri = "/Account/SignOut";
});

Next, I implemented my own AccountController, with a route that matches the signout redirect URI /Account/Signout. In this controller action, I redirect to the page I want to display:

public class AccountController : Controller
{
    public new IActionResult SignOut()
    {
        base.SignOut();

        return RedirectToAction("Index", "Home");
    }
}

Lastly, I updated my App Registration in Entra ID, setting "Front-channel logout URL" to match that of the SignedOutCallbackPath property:

Users are now correctly redirected to the public home page of the site once they've successfully signed out.

A special thanks to Jalpa Panchal, whose response set me on the path of providing a custom implementation for URI that the site is being redirected to.

 

How do I define the SignedOut page in Microsoft.Identity.Web?

Microsoft.Identity.Web v1.9

Updated: Here's my preferred method

Just add this to your startup.cs under Configure. Here I've just redirected to my home page, but you can redirect to your own custom signout page if you wish.

app.UseRewriter(
new RewriteOptions().Add(
    context =>
    {
        if (context.HttpContext.Request.Path == "/MicrosoftIdentity/Account/SignedOut")
        {
            context.HttpContext.Response.Redirect("/");
        }
    }));

Method #2

While writing the question I did find one way to do this that is very simple. It still seems odd this is the intended way, so please feel free to improve or add better answers. I suspect new versions will come out to make this easier.

Because Microsoft.Identity.Web.UI is a Reusable Class Library (RCL), any page can be overridden just by adding it to your web app in the same location.

As you can see, I almost accomplished this by creating my own SignedOut.razor page and giving it the same path as the URL. That doesn't work, because it's a razor component, and it has to match the path in the source, not the URL in the web app.

Thankfully it's open source. I had to find the path here, since it wasn't obvious to me. https://github.com/AzureAD/microsoft-identity-web

So here is the correct path you need in your project and the best answer I could find that is working to give yourself a real SignedOut page. I suppose you'd have to add a redirect here if you did not want a SignedOut page.

Areas/MicrosoftIdentity/Pages/Account/SignedOut.cshtml

 

 

 

posted @ 2024-05-14 18:07  ChuckLu  阅读(2)  评论(0编辑  收藏  举报