App services with Active Directory Authentication enabled is not working

Question

I have an App Service created following active-directory-aspnetcore-webapp-openidconnect-v2-master/1-WebApp-OIDC example. App registration it's ok. Code it's ok. Web App is working as expected, if I'm not signed in, I'm redirected to my Authentication Provider (in this case Microsoft). After login successfully with my provider, provider sends a valid token to my web site and my web site let me access it. Additionally, in the same browser, single sign-on its working properly.

But my organization policies requires that I change the value "allow anonymous requests (no action" to "Log in with Azure Active Directory" on "Authentication / Authorization" under App Service section. I setup Azure Active Directory as "Configured (Express: Existing App)". After this change, always I get the same Error when accessing my Web Site:

"AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'a29a8677-6c93-4b9e-9c9f-b7d86b17be1d'."

¿Enabling authentication using the portal may not be supported with .Net Core 3.1 and MSAL?

From now, that I added the correct URI, I have a new error: You do not have permission to view this directory or page.

Answer 1

The error means your redirect url is not correct, navigate to the App Registration you configured for your web app in the portal -> Authentication, add a redirect url with the format as https://webappname.azurewebsites.net/.auth/login/aad/callback.

If it still not work, just select the Create New AD App instead of Select Existing AD app in this step, it will do all the configurations automatically for you, then it will work fine.