I have an asp.net core 5 website that I've deployed to an Azure App Service.
Within Startup.ConfigureServices it has the following:
services.AddRazorPages().AddMvcOptions(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
Startup.Configure includes the following:
app.UseAuthentication();
app.UseAuthorization();
In the App Registration on Azure, I have on "ID tokens" checked on the "Authentication" tab:
When I browse to the deployed site in Azure I get redirected to:
https://login.microsoftonline.com/xxx/oauth2/v2.0/authorize?response_type=id_token&redirect_uri=https://azapp-contactcentre-surveyadmin-dev-001.azurewebsites.net/.auth/login/aad/**callback**&client_id=xxx&scope=openid profile email&response_mode=form_post&nonce=xxx
However, if I run the same site from Visual Studio, then the redirect is:
https://login.microsoftonline.com/xxx/oauth2/v2.0/authorize?client_id=xxx&redirect_uri=https://localhost:44381/**signin-oidc**&response_type=id_token&scope=openid profile&response_mode=form_post&nonce=637719649643589555.Y2U0YmY1MjQtZjVmNS00ZWQ0LTlkMzAtNWRkMzBmOTMwNmQ5NWUzNWJmNTItMTAzZC00ZTUwLTk0ODMtYjVlZjgzM2NhYWIx&client_info=1&x-client-brkrver=IDWeb.1.16.1.0&state=xxx
I am able to login and use the site in both cases but I'd like to understand why the behaviour differs?
Looks like you are using the Authentication feature on Azure App Service (aka EasyAuth). The redirect URI (.auth/login/aad/callback) looks like the one it uses. If you configure authentication in your code, it is most likely better to disable this at App Service level.