Hi @Logesh Palani , sorry for the delay in response. Please try the following and let me know if they work for you.
When the user clicks on the browser back button, the site redirects to the external IDP again. This happens because the history is still present in the window.
To restrict the redirection to the external IDP or ADB2C bad request, you can try using the sessionStorage
object. You can store a flag in the sessionStorage
object when the user is authenticated successfully and check for the flag when the user clicks on the back button. If the flag is present, you can redirect the user to the home page instead of the external IDP.
Here is an example of how you can use the sessionStorage
object:
// Set the flag in sessionStorage when the user is authenticated successfully
sessionStorage.setItem('authenticated', 'true');
// Check for the flag when the user clicks on the back button
window.addEventListener('popstate', function(event) {
if (sessionStorage.getItem('authenticated') === 'true') {
sessionStorage.removeItem('authenticated');
window.location.href = '/';
}
});
To handle bad request you can catch the OpenIdConnectProtocolException
exception and redirect the user to an error page.:
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
var exception = context.Features.Get<IExceptionHandlerFeature>().Error;
if (exception is OpenIdConnectProtocolException)
{
context.Response.Redirect("/Error");
}
});
});
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James