Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage.
I am attempting to implement two Microsoft Entra accounts for single-sign in. I am using two calls to AddMicrosoftAccount
var authBuilder = context.Services.AddAuthentication();
var tenantUrl = configuration["AzureEntraMembers:MicrosoftLoginUrl"];
tenantUrl = tenantUrl.TrimEnd('/');
authBuilder.AddMicrosoftAccount(PSACAuthenticationSchemes.MembersEntra, options =>
{
options.ClientId = configuration["AzureEntraMembers:ClientId"]!;
options.ClientSecret = configuration["AzureEntraMembers:ClientSecret"]!;
options.CallbackPath = "/signin-microsoft";
options.AuthorizationEndpoint = $"{tenantUrl}/oauth2/v2.0/authorize";
options.TokenEndpoint = $"{tenantUrl}/oauth2/v2.0/token";
options.ClaimActions.MapCustomJson("picture", _ => "[https://graph.microsoft.com/v1.0/me/photo/$value");](https://graph.microsoft.com/v1.0/me/photo/$value");)
options.SaveTokens = true;
});
var staffTenantUrl = configuration["AzureEntraWorkforce:MicrosoftLoginUrl"];
staffTenantUrl = staffTenantUrl.TrimEnd('/');
authBuilder.AddMicrosoftAccount(PSACAuthenticationSchemes.WorkforceEntra, options =>
{
options.ClientId = configuration["AzureEntraWorkforce:ClientId"]!;
options.ClientSecret = configuration["AzureEntraWorkforce:ClientSecret"]!;
options.CallbackPath = "/signin-microsoft-workforce";
<br>
if (!string.IsNullOrEmpty(staffTenantUrl))
{
options.AuthorizationEndpoint = $"{staffTenantUrl}/oauth2/v2.0/authorize";
options.TokenEndpoint = $"{staffTenantUrl}/oauth2/v2.0/token";
}
options.SaveTokens = true;
});
What happens: it works when I test on localhost, but as soon as I deploy on Azure I get a 404 error when calling /signin-microsoft-workflow. The page displays the error: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. The weird thing is that my other SSO (callback url: /signin-microsoft) works.
I have verified that my App Registration callbacks are properly configured.
Can you provide me possible causes why I get an error only on /signin-microsoft-workforce callback?
6 Answer(s)
-
0
In ABP Blazor WASM applications, external authentication callback endpoints (like
/signin-microsoft-workforce) must be handled by the backend (API host or AuthServer). A 404 error on Azure for/signin-microsoft-workforceusually means the backend is not configured to recognize or route this path.Common causes and solutions:
- Missing Endpoint Mapping: Ensure your backend (not just the WASM app) is running and is configured to handle
/signin-microsoft-workforce. The endpoint must be registered in the backend's authentication middleware. - Azure App Registration: Double-check that the redirect URI for
/signin-microsoft-workforceis registered in the correct Azure App Registration (for the correct tenant/client). - Reverse Proxy/IIS Configuration: If you are using IIS, Azure App Service, or a reverse proxy, make sure requests to
/signin-microsoft-workforceare forwarded to the backend and not intercepted by the frontend (Blazor WASM) static file handler. - Web.config/Rewrite Rules: If hosting both frontend and backend on the same site, ensure your rewrite rules do not route
/signin-microsoft-workforcetoindex.html(the Blazor app), but instead allow it to reach the backend. - CallbackPath Consistency: The
CallbackPathin your backend authentication configuration must exactly match the path registered in Azure and the one being called by the authentication flow.
- Missing Endpoint Mapping: Ensure your backend (not just the WASM app) is running and is configured to handle
How to check/fix:
- In your backend (API host or AuthServer), confirm you have:
.AddMicrosoftAccount("WorkforceEntra", options => { // ... options.CallbackPath = "/signin-microsoft-workforce"; // ... })- If using IIS or Azure App Service, update your
web.configto exclude/signin-microsoft-workforcefrom being routed to the Blazor app. Example:
<rule name="Exclude Auth Callbacks" stopProcessing="true"> <match url="^signin-microsoft-workforce$" /> <action type="None" /> </rule>Make sure the backend is accessible at the deployed URL and not just locally.
Summary: The 404 is almost always due to routing or middleware configuration on the backend or web server, not the ABP or Microsoft Account provider itself. Ensure the backend is set up to handle the callback and that your server/proxy does not intercept or misroute the request.
No verified source available for this specific query.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
/signin-microsoft-workforce/signin-microsoft-workflowIs there a spelling mistake?
Thanks.
-
0
[maliming] said: hi
/signin-microsoft-workforce/signin-microsoft-workflowIs there a spelling mistake?
Thanks.
Yes, I apologize, /signin-microsoft-workforce is the callback url that's actually used
-
0
I was also able to get the following error through the Azure event log
EventId: 1 SpanId: c2c679515a9491fd TraceId: 6f1fd8a38b0d964b37ec6b4a8be97680 ParentId: 0000000000000000 RequestId: 400000d8-0000-9800-b63f-84710c7967bb RequestPath: /signin-microsoft-workforce An unhandled exception has occurred while executing the request. Exception: Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: The oauth state was missing or invalid. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
-
0
hi
Could you please share an online URL that reproduces the error?
liming.ma@volosoft.com
Thanks
-
0
hi
Can you set the ALL log level to Debug and share the
logst.xtfile after reproducing the error?https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
liming.ma@volosoft.com
Thanks
