Oauth2 works for google but not microsoft in ASP.NET MVC 5 web app

Question

I revisit this problem ever few months but seem to get no where. The authentication setup started as template Identity server asp.net mvc, sql db, all that works fine. Set up Google as an external authenticater using this tutorial. Tried to follow a similar process for Microsoft though there doesnt seem to be a tutorial for Microsoft as an external provider for MVC5, only asp.net core 2. So, setup client id and secret for both providers, registered at the dev websites. At the application registration portal i have the redirect as https://myapp.azurewebsites.net/signin-microsoft. In RouteConfig I have the following added routes:

 routes.MapRoute(
            name: "signin-google", 
            url: "signin-google", 
            defaults: new { controller = "Account", action = "ExternalLoginCallback" });

        routes.MapRoute(
          name: "signin-microsoft",
          url: "signin-microsoft",
          defaults: new { controller = "Account", action = "ExternalLoginCallback" });

I don't recall seeing that in the tutorial and at this point, I frankly can't recall why the google one is there. But digging around in my project I saw the route for google so i added one for MS hoping it might solve things.

The Error

When I click the link to log in with MS id, I get a page that says

We're unable to complete your request Microsoft account is experiencing technical problems. Please try again later. More telling is the return url:

https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.&state=VMXVAOBL8eJs8OVRabazU4mJbDZFtJR55mx5BVtLUX-mptCDJYMOqep0Ud4CyX2eJwkJY4SutIcCrxJBILueR-h5vUOSdn1lt-qCDJ5xI3fNuLuJTyE84uUtPTzC1hXHLAURtX7gLcGs-OIF9dYz8eN0nvgTQiVSB9GrPnj5o4KTS6pAwsad8qw5UWpFnrlSXd3eJo83CzrWqeh9YSsxkEVaKN5LKB_rzeM4gQdiD5Q

I'll pull out the important part:

The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.&state

This is mention in the Core2 tutorial but not how to fix it in the application. If there is somewhere in my app itself I am supposed to set it, I can't figure it out. I've traced the steps in the code from the login page, through the controllers and I can't see where the redirecturl is set in the app. Reading this thread I realized I should use fiddler to inspect the headers and it ends up the redirect it is sending is

http%3A%2F%2Fmyapp.azurewebsites.net%2Fsignin-microsoft

...Not the secure version. So if that is the source of my woes, how do I set my production server hosted in azure to make that request over https? Note that MS dev won't let you use http in the url for your redirect.

Answer 1

Unless anyone else can tell me differently, I think I answered my own question. Since I am using a free Azure plan atm, SSL is not supported (Basic or higher), and it's never going to make calls with https. Which makes sense. Meanwhile, the MS dev portal only accepts urls with https. I also found out here about enforcing https on my web app. Basically add a rule in in web.config that looks like:

<rule name="Force HTTPS" enabled="true">
     <match url="(.*)" ignoreCase="false" />
     <conditions>
       <add input="{HTTPS}" pattern="off" />
     </conditions>
     <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
   </rule>