Microsoft Enhanced redirection security with OWIN/MVC5 auth

Question

I am setting up Microsoft authentication for a site built off the MVC5 default template.

I've enabled MS authentication in Startup.Auth.cs and gotten tokens from MS, however it only seems to work when I have Enhanced redirection security off (which sounds like a good thing to enable).

I think i must have the redirect URL wrong as I get the following with Enhanced redirection security on. What is the correct redirect URL to use based on the default MVC5 template?

i have tried the following:

• http://mysite.azurewebsites.net/Account/ExternalLogin http://mysite.azurewebsites.net/Account/ExternalLoginCallback

Answer 1

By default, the Katana MW uses your app's base path + "/signin-microsoft" as the callback URL. Try plugging that into the Live admin tool and enabling the enhanced redirection.