Reputation: 2184
I know this question has been asked before but nothing I have read so far seems to fix the problem. My ASP.NET Core application receives the following error message when I try to run it.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application
I have set up my authentication using the guide given to me by the Azure Portal. I'll show you what I have so far.
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options => {
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.TokenValidationParameters.ValidateIssuer = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy("NorwayTeam", policyBuilder => policyBuilder.RequireClaim("groups", "111-222-333-444-555"));
});
//MVC
services.AddMvc(options => {
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
.AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
...[shortened for brevity]
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseSignalR(routes =>
{
routes.MapHub<ChatHub>("/chatHub");
routes.MapHub<VesselHub>("/vesselHub");
routes.MapHub<RequirementHub>("/requirementHub");
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
I've also placed the relative code in my appsettings.json
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "MyCompany.onmicrosoft.com",
"TenantId": "xxx",
"ClientId": "xxx",
"CallbackPath": "/signin-oidc"
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
So, from the perspective of the application, the above code is all that's needed to connect to my app registration. Obviously, I have placed [Authorize]
in the relative controllers.
The next step is to set up the app registration in my Azure portal. I changed my app registration settings to the following, the blurred out areas use the URL of my web app which is https://MyCompany.azurewebsites.net/
. Since this is my production version of my application I don't want to use localhost
.
Part of me thinks that the problem could be related to a rogue localhost declaration but I can't be sure as I can't see what request is being made by the application to the app registration. Does anyone know what I have done wrong?
Upvotes: 1
Views: 3251
Reputation: 1127
In my case, I was typing in the browser:
mysite.azurewebsites.net
but Chrome was completing the url with http
. When I manually typed:
https://mysite.azurewebsites.net
The problem was gone.
Upvotes: 2
Reputation: 2184
I managed to fix this problem. What I didn't realise during the setup of all of this is that a single app registration in Azure can have many return URLs for both localhost
and for your production
environment.
To make this application work and overcome the error, I simply added an additional URL set to the app registration for both production
and staging
thus giving me the capability to authenticate on all avenues. Please see below.
Upvotes: 1
Reputation: 15629
It is very easy to locate this issue, when you access your application url(https://MyCompany.azurewebsites.net/
), you will be redirect to the login page.
Decode the authorize request url, you will find the redirect_uri.
It is something like
https://login.microsoftonline.com/XXX/oauth2/authorize?client_id=XXX&redirect_uri=http://localhost:59775/signin-oidc&response_type=id_token&scope=openid profile
Copy the value of redirect_uri and paste it to azure portal, then try again.
Upvotes: 1