From 95a5913fca693ec26eb73969c47b0f7a494eff16 Mon Sep 17 00:00:00 2001 From: PJ Evans Date: Sun, 12 Dec 2021 13:13:48 -0500 Subject: [PATCH] fix: SignOut callback URL breaks with custom dotnet areas We were having an issue with the signout function, upon looking into the code, it seems that the hardcoded callback URL is setup off of root /Account/SignedOut omitting the area /MicrosoftIdentity/. This caused our app to append the /SignOut off of the last route config action setup... As we renamed/commented them out the action would just append off of the next final action. Our instincts would be to declare the full area/controller/action here as: /MicrosoftIdentity/Account/SignedOut into the Callback path here, however, we did see other coding consistancy utilizing the ~ home root. Unsure of which to do (nor are we sure ~ will work here) we went with keeping coding consistant (as it looked like it could have been possible to have this be a simple type-o omission). Leaving out the declared area is grabbing the current area and sending the request to somewhere that simply doesn't exist. Please feel free to update as we are pretty new to all of this and are unaware of understanding how to actually test this fix locally before sending a PR. And please feel free to send an email/message with any questions. Thank you, have a great day, --PJ --- .../Areas/MicrosoftIdentity/Controllers/AccountController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs b/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs index fb2075676..99e919992 100644 --- a/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs +++ b/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs @@ -119,7 +119,7 @@ public IActionResult SignOut( else { scheme ??= OpenIdConnectDefaults.AuthenticationScheme; - var callbackUrl = Url.Page("/Account/SignedOut", pageHandler: null, values: null, protocol: Request.Scheme); + var callbackUrl = Url.Page("~/Account/SignedOut", pageHandler: null, values: null, protocol: Request.Scheme); return SignOut( new AuthenticationProperties {