Yanayaya
Yanayaya

Reputation: 2184

Why am I getting the error AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application?

I know this question has been asked before but nothing I have read so far seems to fix the problem. My ASP.NET Core application receives the following error message when I try to run it.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

I have set up my authentication using the guide given to me by the Azure Portal. I'll show you what I have so far.

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options => {
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

    services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
    {
        options.Authority = options.Authority + "/v2.0/";
        options.TokenValidationParameters.ValidateIssuer = false;
    });
    services.AddAuthorization(options =>
    {
        options.AddPolicy("NorwayTeam", policyBuilder => policyBuilder.RequireClaim("groups", "111-222-333-444-555"));
    });            

    //MVC
    services.AddMvc(options => {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
        }).SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
            .AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());

    ...[shortened for brevity]
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseAuthentication();
    app.UseSignalR(routes =>
    {
        routes.MapHub<ChatHub>("/chatHub");
        routes.MapHub<VesselHub>("/vesselHub");
        routes.MapHub<RequirementHub>("/requirementHub");
    });
    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
        });
    }

I've also placed the relative code in my appsettings.json

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "MyCompany.onmicrosoft.com",
    "TenantId": "xxx",
    "ClientId": "xxx",
    "CallbackPath": "/signin-oidc"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

So, from the perspective of the application, the above code is all that's needed to connect to my app registration. Obviously, I have placed [Authorize] in the relative controllers.

The next step is to set up the app registration in my Azure portal. I changed my app registration settings to the following, the blurred out areas use the URL of my web app which is https://MyCompany.azurewebsites.net/. Since this is my production version of my application I don't want to use localhost.

App Registration Settings

Part of me thinks that the problem could be related to a rogue localhost declaration but I can't be sure as I can't see what request is being made by the application to the app registration. Does anyone know what I have done wrong?

Upvotes: 1

Views: 3251

Answers (3)

Felipe Costa Gualberto
Felipe Costa Gualberto

Reputation: 1127

In my case, I was typing in the browser:

mysite.azurewebsites.net

but Chrome was completing the url with http. When I manually typed:

https://mysite.azurewebsites.net

The problem was gone.

Upvotes: 2

Yanayaya
Yanayaya

Reputation: 2184

I managed to fix this problem. What I didn't realise during the setup of all of this is that a single app registration in Azure can have many return URLs for both localhost and for your production environment.

To make this application work and overcome the error, I simply added an additional URL set to the app registration for both production and staging thus giving me the capability to authenticate on all avenues. Please see below.

App Registration Return URLs

Upvotes: 1

Tony Ju
Tony Ju

Reputation: 15629

It is very easy to locate this issue, when you access your application url(https://MyCompany.azurewebsites.net/), you will be redirect to the login page.

enter image description here

Decode the authorize request url, you will find the redirect_uri.

It is something like

https://login.microsoftonline.com/XXX/oauth2/authorize?client_id=XXX&redirect_uri=http://localhost:59775/signin-oidc&response_type=id_token&scope=openid profile

Copy the value of redirect_uri and paste it to azure portal, then try again.

Upvotes: 1

Related Questions