DEV Community

Andrew Elans
Andrew Elans

Posted on • Edited on

Power Pages SPA: login redirect Part 1

Rev 01 note

Some parts of this article are updated 09.08.2024 to conform with the RFC3986 Uniform Resource Identifier (URI) standard.


Login process with Azure AD identity provider

When a user navigates to any secured page, the Power Pages redirects the user to the sign in page:

https://your.powerappsportals.com/SignIn

Image description

5a0c25a6-4739-ef11-8409-6045bd8728a9 is your Azure AD tenant.

Clicking a button Azure AD on this page will trigger the authentication process redirect which can also be initiated by navigating to the following URL:

https://your.powerappsportals.com/Account/Login/ExternalLogin?provider=https://login.windows.net/5a0c25a6-4739-ef11-8409-6045bd8728a9/&ReturnUrl=%2F

After successful authentication, the user will be taken to the page from the ReturnUrl route. In this case it's the Home page as %2F is the URI-encoded /.

Default pages with public access

Even if you set Page Permissions of all your pages to Authenticated Users web role only, there are some inbuilt pages which will by default be available publicly. These include:

https://your.powerappsportals.com/SignIn
https://your.powerappsportals.com/Account/Login
https://your.powerappsportals.com/Account/Login/Logoff
https://your.powerappsportals.com/Account/Login/Register
https://your.powerappsportals.com/Account/Login/ExternalAuthenticationFailed
https://your.powerappsportals.com/_layout/tokenhtml

Navigating to these pages will not trigger the authentication process.

Navigation to a specific hash (fragment) after login

Let's say that I want to go directly to the following route:

https://your.powerappsportals.com/?name=valves&status=active#suppliers

If my user session is active, I may just paste this link to the url bar and see the results I wanted. Since I'm already authenticated, no login redirect is required.

But if I'm not authenticated or my session is expired, the login redirect will be triggered with the following ReturnUrl:

https://your.powerappsportals.com/Account/Login/ExternalLogin?provider=https://login.windows.net/5a0c25a6-4739-ef11-8409-6045bd8728a9/
&ReturnUrl=%2F?name=valves&status=active#suppliers

And... after successful authentication I will be redirected to the Home page instead of the requested route. This happens due to the hash sign and all that comes after it is lost during redirect.

How to fix

In the ReturnUrl the hash sign # shall be replaced with %23 so that this part of the redirect url:

...ReturnUrl=%2F?name=valves&status=active#suppliers

becomes:

...ReturnUrl=%2F?name=valves&status=active%23suppliers

How to automate this is in the next post...

Top comments (0)