ASP.NET Core Web App with Azure AD reply url specified in the request does not match the reply urls configured

Question

I am trying to work with ASP.NET Core 2.1 and securing a Web App with Azure AD. I have my appsettings as follows:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "xxxx.onmicrosoft.com",
    "ClientId": "xxxxx",
    "TenantId": "xxxxx",
    "ClientSecret": "xxxxx",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

(Note the callbackPath). This is as per the documentation I could locate. When I last worked with Azure AD auth, I used a reply url in the app settings, and this had to match the reply URL in Azure AD. However the documentation for this newer method says you must have the call back path as /signin-oidc ?

I don't really understand, but I've set it that way, however I can't set the reply url in Azure AD Application Registration to this, as it doesn't accept this 'partial' path. It has to be a full URL. I've tried:

• mysite.net (with callbackPath as mysite.net)
• mysite.net/index (with CallbackPath as /index)
• mysite.net/signin-oidc (with CallbackPath as /signin-oidc"

But I continually get the error url specified in the request does not match the reply urls configured for sign in after putting in my credentials when the challenge occurs and I get the microsoft login page.

When I last did Azure AD Auth with ASP.NET webforms, it was just the app.config having mysite.net as the reply url, and application registration in Azure as mysite.net

Answer 1

Solution in 2 parts:

Part 1: Ensure CallBackUrl in the appsettings.json is /signin-oidc and in azure app registration is yoursite/signin-oidc

Part 2: Ensure you add app.UseAuthentication() to your HTTP pipeline in startup.cs