Azure ACS relying party configuration: weird, but correct behavior.
Every time I do it I do it wrong and it takes me too much time to remember why it is wrong.
Let me explain the situation:
- Setup a relying party on Azure ACS identified in the following manner:
- Realm: https://mydomain.com/FooBar
- Return Url: https://mydomain.com/FooBar
Everything seems fine and correct…fail…it does not work, when you try the application the result is:
- Request to https://mydomain.com;
- The authentication process kicks in and redirects to the Azure ACS hosted login page;
- The use choses the authentication provider and perform the login;
- The authentication provider redirects back to the ACS that redirects back to your application @ https://mydomain.com/FooBar;
- HTTP 405, Method Not Allowed :-\
Can you spot the bug?
The return Url definition misses the trailing “/”, it must be https://mydomain.com/FooBar/, but why?
Because the process is not so simple as we can expect:
- ….bla bla bla…
- The authentication provider redirects back to the ACS that redirects back to your application @ https://mydomain.com/FooBar/ via a POST request;
When you perform a request to the extension less MVC Url handler the Url handler mst append a trailing / to the Url, if missing, otherwise all the runtime evaluated links on the client side will be wrong, in order to do that the handler can only perform a redirect to the same Url with the “/” appended, a redirect is generally dropped and not honored if the HTTP verb is POST, and for a good reason.