Problem with AAD authentication #10171

13 Answer(s)

• 

  0

  AI-Bot created 2 days ago

  Support Team ABP Agent

  1. Solution Based on your code and the upgrade to ABP 9.3.6 (OpenIddict-based auth server), the 502 after Azure AD sign-in is typically caused by one or more of the following when running behind Azure/App Gateway/Reverse proxy or when defaults changed across versions:

  • Sign-in cookie not flowing back to ABP due to wrong scheme or SameSite
  • Missing email claim (v2.0 endpoints don’t return email by default)
  • Wrong redirect/callback URL or authority mismatch
  • OpenIdConnect cookie not being written to the correct scheme for ABP’s Account module

  Apply the checklist below. It mirrors the verified ABP guidance and fixes most AAD external login issues.

  A. Ensure the correct external SignIn scheme and claim mapping

  • ABP’s Account module expects external logins to sign-in using IdentityConstants.ExternalScheme and have a mapped NameIdentifier.
  • Update your OpenIdConnect registration as follows:

  private void ConfigureExternalProviders(ServiceConfigurationContext context)
  {
      var configuration = context.Services.GetConfiguration();
      context.Services.AddAuthentication()
          .AddOpenIdConnect("AzureOpenId", "Azure Active Directory OpenId", options =>
          {
              options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
              options.ClientId = configuration["AzureAd:ClientId"];
              options.ClientSecret = configuration["AzureAd:ClientSecret"];
              options.ResponseType = OpenIdConnectResponseType.CodeIdToken; // or Code
              options.CallbackPath = configuration["AzureAd:CallbackPath"]; // e.g. /signin-azuread-oidc
              options.RequireHttpsMetadata = true; // keep true in Azure
              options.SaveTokens = true;
              options.GetClaimsFromUserInfoEndpoint = true;
  
              // Important for ABP external logins:
              options.SignInScheme = IdentityConstants.ExternalScheme;
              options.Scope.Add("email");
              options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
  
              // If you need to override RedirectUri in prod (behind reverse proxy):
              if (context.Services.GetHostingEnvironment().IsProduction())
              {
                  options.Events = new OpenIdConnectEvents
                  {
                      OnRedirectToIdentityProvider = ctx =>
                      {
                          // Use your public https URL + CallbackPath, if Azure is terminating TLS/proxying.
                          // Example: https://your-public-domain/signin-azuread-oidc
                          ctx.ProtocolMessage.RedirectUri = configuration["AzureAd:RedirectToIdentityProviderUri"];
                          return Task.CompletedTask;
                      }
                  };
              }
          });
  }
  

  B. Validate Redirect URI and CallbackPath consistency

  • The actual redirect URI used by the app must exactly match an entry in Azure AD App registrations > Authentication > Redirect URIs.
  • Effective redirect = App.SelfUrl (public base URL) + AzureAd:CallbackPath.
  • If you set RedirectToIdentityProviderUri in production, ensure that exact URL is one of the Redirect URIs in Azure AD.

  C. Ensure email scope is requested

  • With AAD v2.0 endpoints, email is not guaranteed unless you request it.
  • Keep options.Scope.Add("email"); to allow ABP to auto-register external users on first login. Without email, you may get failures on user registration or be redirected unexpectedly.

  D. Behind reverse proxy/Azure App Service specifics

  • RequireHttpsMetadata should be true in production.
  • Make sure your public HTTPS URL is configured in App.SelfUrl and used for redirect (or set ctx.ProtocolMessage.RedirectUri as shown).
  • If you terminate TLS at a proxy, ensure forwarded headers are correctly configured in your host so the app can build correct absolute URLs. In Program/Startup, use ForwardedHeadersOptions to enable X-Forwarded-Proto and X-Forwarded-For if applicable.

  E. Cookie/SameSite considerations

  • In Azure front-ends, SameSite and secure flags matter. If you customized cookies, ensure the external auth cookie uses SameSite=None and Secure, or rely on the defaults. Avoid changing ABP cookie defaults unless necessary.

  F. Quick diagnostics

  • Enable logging around the OIDC events to verify callback handling:
    • OnTokenValidated: check claims, ensure sub and email exist.
    • OnAuthenticationFailed: print exception details to logs.
  • After the POST to /signin-azuread-oidc, you should see “AuthenticationScheme: Identity.External signed in” in logs. If not, scheme is wrong or cookie not written.

  G. Multi-tenant or dynamic provider settings (if applicable)

  • If you need tenant-specific AAD settings in runtime, prefer ABP’s External Login provider settings (Account Pro) instead of changing OIDC options per request. It supports per-tenant Authority/ClientId/Secret and avoids scheme reconfiguration at runtime.

  2. Sources

  • Verified ABP guidance on Azure AD integration (OpenIdConnect), including required SignInScheme and claim mapping:
    • How to Use Azure AD Auth for MVC/Razor Page applications (community articles mirrored in ABP context)
      https://abp.io/community/articles/4603b9cf
  • Another ABP article showing the same OpenIdConnect setup and notes (Authority, CallbackPath, email scope, sub mapping)
    https://abp.io/community/articles/lyk87w5l
  • ABP Support thread (ABP 9) confirming SignInScheme, redirects, and per-tenant external provider configuration patterns
    https://abp.io/support/questions/8731

  ---

  This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  Save Cancel
• 

  0

  maliming created 2 days ago

  Support Team Fullstack Developer

  hi

  What is the logs of http 502?

  Thanks.

  Save Cancel
• 

  0

  Stefanaus created 2 days ago

  [maliming] said: hi

  What is the logs of http 502?

  Thanks.

  Hi, this is the login related log. No errors was logged:

  ...
  ...
  2025-12-02 13:04:51.286 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 682.55ms
  2025-12-02 13:04:51.286 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:51.292 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - 200 125427 application/javascript 707.7168ms
  2025-12-02 13:04:52.621 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login - null null
  2025-12-02 13:04:52.624 +00:00 [INF] Executing endpoint '/Account/Login'
  2025-12-02 13:04:52.636 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
  2025-12-02 13:04:52.636 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
  2025-12-02 13:04:52.671 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetAsync - ModelState is "Valid"
  2025-12-02 13:04:52.753 +00:00 [INF] Executed handler method OnGetAsync, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
  2025-12-02 13:04:53.098 +00:00 [INF] Bundling __bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js (1 files)
  2025-12-02 13:04:53.102 +00:00 [INF]   > Minified /Pages/Account/Login.js (1968 bytes -> 1045 bytes)
  2025-12-02 13:04:53.102 +00:00 [INF] Bundled __bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js (1048 bytes)
  2025-12-02 13:04:53.103 +00:00 [INF] Executed page /Account/Login in 467.0683ms
  2025-12-02 13:04:53.103 +00:00 [INF] Executed endpoint '/Account/Login'
  2025-12-02 13:04:53.105 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login - 200 null text/html; charset=utf-8 483.4814ms
  2025-12-02 13:04:53.248 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationConfigurationScript - null null
  2025-12-02 13:04:53.252 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.252 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc).
  2025-12-02 13:04:53.254 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
  2025-12-02 13:04:53.315 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 61.1525ms.
  2025-12-02 13:04:53.315 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
  2025-12-02 13:04:53.315 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 63.4173ms
  2025-12-02 13:04:53.315 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.316 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationConfigurationScript - 200 4667 application/javascript 68.1835ms
  2025-12-02 13:04:53.323 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - null null
  2025-12-02 13:04:53.324 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.325 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc).
  2025-12-02 13:04:53.327 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
  2025-12-02 13:04:53.363 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 36.1308ms.
  2025-12-02 13:04:53.363 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
  2025-12-02 13:04:53.364 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 39.2244ms
  2025-12-02 13:04:53.364 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.367 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ServiceProxyScript - null null
  2025-12-02 13:04:53.369 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.369 +00:00 [INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc).
  2025-12-02 13:04:53.371 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
  2025-12-02 13:04:53.409 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 38.6275ms.
  2025-12-02 13:04:53.410 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
  2025-12-02 13:04:53.410 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 40.5489ms
  2025-12-02 13:04:53.410 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
  2025-12-02 13:04:53.413 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js?_v=639002774931021936 - null null
  2025-12-02 13:04:53.414 +00:00 [INF] Sending file. Request path: '/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js'. Physical path: 'N/A'
  2025-12-02 13:04:53.414 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js?_v=639002774931021936 - 200 1048 application/javascript 1.0533ms
  2025-12-02 13:04:53.415 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - 200 125427 application/javascript 92.3354ms
  2025-12-02 13:04:53.415 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ServiceProxyScript - 200 48073 application/javascript 48.0272ms
  2025-12-02 13:04:55.748 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
  2025-12-02 13:04:55.764 +00:00 [INF] Executing endpoint '/Account/Login'
  2025-12-02 13:04:55.764 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
  2025-12-02 13:04:55.764 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
  2025-12-02 13:04:55.773 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
  2025-12-02 13:04:56.339 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
  2025-12-02 13:04:56.340 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
  2025-12-02 13:04:56.496 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
  2025-12-02 13:04:56.497 +00:00 [INF] Executed page /Account/Login in 733.2503ms
  2025-12-02 13:04:56.497 +00:00 [INF] Executed endpoint '/Account/Login'
  2025-12-02 13:04:56.866 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 1118.6383ms
  2025-12-02 13:05:27.354 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3396
  2025-12-02 13:05:27.650 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
  2025-12-02 13:05:27.651 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 297.0264ms
  

  Save Cancel
• 

  0

  Stefanaus created 2 days ago

  I have looked at AI-Bot's response but I think all the suggestions were followed and did not solve the problem.

  Save Cancel
• 

  0

  maliming created 2 days ago

  Support Team Fullstack Developer

  hi

  Your logs don't contain the 502 error.

  Has this 502 error also happened on your local development environment?

  Can you share a test username and password so I can see it online?

  liming.ma@volosoft.com

  Thanks.

  Save Cancel
• 

  0

  Stefanaus created 15 hours ago

  Hi,

  The problem doesn't occur in the development environment. Furthermore, if I authenticate locally with my username and password, there are no problems. The problem only occurs with AAD authentication. Providing you with AAD login credentials is problematic because the Azure environment is that of a large customer with stringent security policies. What we can do is arrange a call where I can walk you through the necessary checks. If necessary, I'm available this afternoon.

  Also, please note this: the Azue application is associated with the URL https://webap-fbteammanagement-we1-int.azurewebsites.net/, but access is via the URL https://int-fbteammgmt.lpl-cloud.com/, and there's a redirect code to the latter URL. I extracted the log with this configuration:

  2025-12-03 08:17:02.774 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
  
  2025-12-03 08:17:02.776 +00:00 [INF] Executing endpoint '/Account/Login'
  
  2025-12-03 08:17:02.777 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
  
  2025-12-03 08:17:02.777 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
  
  2025-12-03 08:17:02.779 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
  
  2025-12-03 08:17:02.793 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
  
  2025-12-03 08:17:02.794 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
  
  2025-12-03 08:17:02.794 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
  
  2025-12-03 08:17:02.794 +00:00 [INF] Executed page /Account/Login in 17.8239ms
  
  2025-12-03 08:17:02.794 +00:00 [INF] Executed endpoint '/Account/Login'
  
  2025-12-03 08:17:02.846 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 71.8851ms
  
   
  
  2025-12-03 08:17:29.371 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3574
  
  2025-12-03 08:17:29.613 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
  
  2025-12-03 08:17:29.614 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 243.428
  

  As you can see the authentication is successful but then the application stop without errors when redirected, even if and the page shows error 502.

  However, if I change the redirect values ​​to point to https://webap-fbteammanagement-we1-int.azurewebsites.net/ it seems to work:

  2025-12-03 07:21:26.849 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
  
  2025-12-03 07:21:26.852 +00:00 [INF] Executing endpoint '/Account/Login'
  
  2025-12-03 07:21:26.852 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
  
  2025-12-03 07:21:26.852 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
  
  2025-12-03 07:21:26.854 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
  
  2025-12-03 07:21:26.857 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
  
  2025-12-03 07:21:26.857 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
  
  2025-12-03 07:21:26.857 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
  
  2025-12-03 07:21:26.857 +00:00 [INF] Executed page /Account/Login in 5.4688ms
  
  2025-12-03 07:21:26.857 +00:00 [INF] Executed endpoint '/Account/Login'
  
  2025-12-03 07:21:26.873 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 23.8727ms
  
  2025-12-03 07:21:48.341 +00:00 [INF] Executed endpoint '/signalr-hubs/chat'
  
  2025-12-03 07:21:48.341 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/signalr-hubs/chat?id=WJ0DIvtwrq6BStrHknnenA - 200 null text/event-stream 30379.334ms
  
  2025-12-03 07:21:48.712 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3612
  
  2025-12-03 07:21:49.088 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
  
  2025-12-03 07:21:49.089 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 376.596ms
  
   
  
  2025-12-03 07:21:49.154 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLoginCallback - null null
  
  2025-12-03 07:21:49.156 +00:00 [INF] Executing endpoint '/Account/Login'
  
  2025-12-03 07:21:49.156 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
  
  2025-12-03 07:21:49.156 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
  
  2025-12-03 07:21:49.158 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetExternalLoginCallbackAsync - ModelState is "Valid"
  
  2025-12-03 07:21:49.423 +00:00 [INF] AuthenticationScheme: Identity.External signed out.
  
  2025-12-03 07:21:49.506 +00:00 [INF] AuthenticationScheme: Identity.Application signed in.
  
  2025-12-03 07:21:49.636 +00:00 [INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectResult.
  
  2025-12-03 07:21:49.645 +00:00 [INF] Executing RedirectResult, redirecting to /.
  
  2025-12-03 07:21:49.645 +00:00 [INF] Executed page /Account/Login in 488.865ms
  
  2025-12-03 07:21:49.645 +00:00 [INF] Executed endpoint '/Account/Login'
  
  2025-12-03 07:21:49.647 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLoginCallback - 302 null null 492.9503ms
  
  2025-12-03 07:21:49.688 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/ - null null
  
  2025-12-03 07:21:49.721 +00:00 [INF] Executing endpoint '/Index'
  

  Save Cancel
• 

  0

  maliming created 15 hours ago

  Support Team Fullstack Developer

  hi

  However, if I change the redirect values ​​to point to https://webap-fbteammanagement-we1-int.azurewebsites.net/ it seems to work:

  This can prove that it is not a code problem, but a configuration problem. It may be a limitation of Auzre AAD.

  Thanks

  Save Cancel
• 

  0

  Stefanaus created 14 hours ago

  Ok, but how do I fix it?

  Save Cancel
• 

  0

  maliming created 14 hours ago

  Support Team Fullstack Developer

  hi

  Can you change the log level to debug and share the logs again?

  var loggerConfiguration = new LoggerConfiguration()
      .MinimumLevel.Debug()
      .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
      .Enrich.FromLogContext()
      .WriteTo.Async(c => c.File("Logs/logs.txt"))
  

  https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

  Thanks.

  Save Cancel
• 

  0

  Stefanaus created 14 hours ago

  I have the debug log file, but it's too big to put here. Can I email it to you? Can you give me an address?

  Save Cancel
• 

  0

  maliming created 14 hours ago

  Support Team Fullstack Developer

  hi

  liming.ma@volosoft.com

  https://wetransfer.com/

  Thanks.

  Save Cancel
• 

  0

  maliming created 13 hours ago

  Support Team Fullstack Developer

  hi

  There are two URLs

  https://webap-fbteammanagement-we1-int.azurewebsites.net/ https://int-fbteammgmt.lpl-cloud.com/

  The logs show you are accessing the https://webap-fbteammanagement-we1-int.azurewebsites.net/

  But the Auzre login redirect URL is https://int-fbteammgmt.lpl-cloud.com/

  Why are you not using https://webap-fbteammanagement-we1-int.azurewebsites.net/ as the redirect URL?

  Thanks.

  Save Cancel
• 

  0

  Stefanaus created 8 hours ago

  Because https://int-fbteammgmt.lpl-cloud.com/ is the public endpoint.

  There are also errors like this in the log:

  PermissionRequirement: Calendar_Parameters
  2025-12-04 08:26:08.481 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Calendar_Parameters
  2025-12-04 08:26:08.484 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Planning_Parameters
  2025-12-04 08:26:08.486 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Trade_Parameters
  2025-12-04 08:26:08.618 +00:00 [DBG] Executing view component Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX.Themes.LeptonX.Components.SideMenu.MainMenu.MainMenuViewComponent with arguments ([]).
  2025-12-04 08:26:08.631 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Calendar_Parameters
  2025-12-04 08:26:08.632 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Calendar_Parameters
  2025-12-04 08:26:08.634 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Planning_Parameters
  2025-12-04 08:26:08.635 +00:00 [INF] Authorization failed. These requirements were not met:
  PermissionRequirement: Trade_Parameters
  

  Can you tell me what this is?

  Save Cancel