Azure AD B2C .NET Core redirects directly without showing login screen

Stack Overflow Asked by Bjorn on July 24, 2020

I’m trying to create a simple .NET Core 3.1 MVC app that requires authentication through Azure Active Directory, with B2C.

I’ve read multiple documentations, but still coudn’t get it to work. I’m able to run the user flow succesfully (received info in However, if I’m running my application, this is what happens:

  • User clicks on link to login
  • Browser goes to: https://{myb2cdomain}{myb2cdomain}{long.string}&client_info=1&state={long.string2}&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=
  • Browser goes to The fields are empty

I took an example project (with to see if the problem is inside my code, or it is in Azure settings. When I do that with the example settings, I correctly see a login screen. When I switch to my own settings, the above situation occurs. So I guess it has something to do with the settings in Azure. The correct flow (so with the example settings)

I do see some differences in this URL (around the scope for example), but can’t figure out what causes my issue. Currently tinking of permissions?

Azure settings

  • Azure Subscription 1 – out of scope
  • Azure Subscription 2
  • Azure B2C tenant, linked to azure subscription 2

Inside Azure subscription 2

  • Azure Active Directory with multiple users
  • App Service: LoginPortalAdB2C <– code deployment, currently not in use: trying to get it to work locally
  • App Registration: LoginPortal
    • Client ID: xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxxx
    • ClientSecret: yyyyyyyyyyyyyyyyyyyy-yy-yyyyyyyyyy

Inside B2C subscription (Linked to subscription 2)

  • Azure B2C: {myb2cdomain}
    • App Registration: LoginPortal Identity Experience
      • Client ID: aaaaaaaa-aaaa-aaa-aaaa-aaaaaaaaaaaa
      • ClientSecret: bbbbbbbbbbbbbbbb-bbbbb-bb.bbbbbbb-b
      • Redirect URI:
      • Enabled Access tokens
      • Enabled ID tokens
      • Supported account types: Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C.
      • Permissions: Microsoft Graph: offline_access, openid
      • Owners: me
    • Identity providers
      • Local account
      • OpenID Connect
    • Users
      • Added myself
    • User flows
      • B2C_1_susi
        • Identity providers: Local account, OpenID
        • User Attributes
          • Email Address
          • Given name
          • Surname

I hope anyone can give me some light here…

I tried to get some more light by using Fiddler. I can see:

  • GET https://{myb2cdomain}{myb2cdomain} HTTP/1.1

With a reponse containing:

  "issuer": "https://{myb2cdomain}{b2c-id}/v2.0/",
  "authorization_endpoint": "https://{myb2cdomain}{myb2cdomain}",
  "token_endpoint": "https://{myb2cdomain}{myb2cdomain}",
  "end_session_endpoint": "https://{myb2cdomain}{myb2cdomain}",
  "jwks_uri": "https://{myb2cdomain}{myb2cdomain}",
  "response_modes_supported": [
  "response_types_supported": [
    "code id_token",
    "code token",
    "code id_token token",
    "id_token token",
    "token id_token"
  "scopes_supported": [
  "subject_types_supported": [
  "id_token_signing_alg_values_supported": [
  "token_endpoint_auth_methods_supported": [
  "claims_supported": [

GET https://{myb2cdomain}{myb2cdomain}


  "keys": [


The response in text unreadable… althrough when I set the response to XML, I do see some HTML here:

<html />
<html xmlns="">
<title>Logging in...</title>
<meta name="CACHE-CONTROL" content="NO-CACHE" />
<meta name="PRAGMA" content="NO-CACHE" />
<meta name="EXPIRES" content="-1" />
<form id="auto" method="post" action="">
<input type="hidden" name="error" id="error" value="redirect_uri_mismatch" />
<input type="hidden" name="error_description" id="error_description" value="AADB2C90006: The redirect URI 'https://localhost:44316/signin-oidc' provided in the request is not registered for the client id 

The redirect URI ‘https://localhost:44316/signin-oidc’ provided in the request is not registered for the client id.

Guess I’ll need to check the redirect URI’s…

One Answer

Okay... it seems to be impossible to work locally with the redirect URL as redirect URL (or I simply do not know how. See also

The URL works great for testing the user flow, but not usable in production, as the appsetting value CallbackPath requires a relative path.

So... I added the Redirect URI in my B2C App registration to https://localhost:44316/signin-oidc, and.... tada! It works.

For now I added the CallBackPath to my appsettings.json, just to have it documentated.

"CallbackPath": "/signin-oidc" // Default value: /signin-oidc. If change, please edit or add the link into the B2C App Registration

And Ilet my code pick it up later

options.CallbackPath = AzureAdB2COptions.CallbackPath;

If you let both of these lines away, it does also work. As long as you specify /signin-oidc in the app registration redirect URI.

Sadly the error that occured wasn't showed easily to the end-user...

Answered by Bjorn on July 24, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP