Reputation: 4560
Azure AD reply url failing on html handler
Via ASP.NET I have created a startup file that will use Azure AD to log in a user e.g.
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
ClientId = "42067b8d-b972-44e9-af86-ef60bc6d6fdb",
Authority = "https://login.windows.net/...com",
RedirectUri = "http://localhost:50560/content/story_html5.html",
PostLogoutRedirectUri = "http://localhost:50560/content/story_html5.html",
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.IdToken
});
}
And as you can see my RedirectUri in hitting a static file html file.
On my app registration in Azure portal my manifest for the replyUrls states
"replyUrls": [
"http://localhost:50560/content/story_html5.html"
],
So everything is working and connecting correctly.
(if I use a aspx for example the redirection would work)
However using the .html file I'm getting the error
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
All I believe I need to do is add the html handler to Azure AD, does anyone know how to do this?
Thanks
Upvotes: 0
Views: 250
Answers (1)
Reputation: 30903
This has nothing to do with Azure AD, but your configuration. Your end. Your Project. Your IIS config. Because sign-in response is a HTTP POST for security reasons. And static files handler in IIS does not accept anything beside GET for obvious reasons.
More information you will find here and there.
First, why would you want to redirect to a static page?! With the redirection after OIDC login, the IdP (Identity Provider, understand Azure AD in that case) sends valuable information which is needed by the OIDC middleware (understand the .UseOpenIdConnectAuthentication method) to be able to verify the token and initialize user session. By sending the sign-in response back to a static page you accomplish couple of things:
- You cut out the OIDC middleware from the authentication - it is no longer able to process the response. Because it will not listen on static file requests. Static files are processed outside your OWIN authentication middleware.
- Thus not able to verify authenticity of the user.
- Thus not able to create secure cookie.
- Thus not able to sign-in the user into your application.
Conclusion
Do not change the reply URL for your ASP.NET middleware, unless you explicitly and knowingly want to override the complete handling of sign-in responses.
Upvotes: 1
Related Questions
- Azure Active Directory Reply URL redirecting to root
- The reply URL returns error using https://xxxxx.azurewebsites.net/xxxxxxx/ and works well using https://xxxxx.azurewebsites.net/
- ASP.NET Core Web App with Azure AD reply url specified in the request does not match the reply urls configured
- Azure AD prevents adding HTTP reply URLs
- Error: The reply URL specified in the request does not match the reply URLs configured for the application
- AADSTS50011 - The reply url specified in the request does not match the reply urls configured for the application
- AAD Reply Url Issue with https
- Reply address '' specified by the request is not a valid URL
- Azure AD App Requires Full Path for Reply Url?
- Azure Active Directory Reply URL not working as expected