Menu
I have a .NET Core 2 app template that is configured to use Azure AD out of the box.
The configuration is:
{ "AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "lautaroarinolive.onmicrosoft.com", "TenantId": "67cb2dfd-ebd5-40d8-829b-378340981a17", "ClientId": "50819a7a-e018-4c1d-bf0a-18c8fce5c600", "CallbackPath": "/signin-oidc" }, "Logging": { "IncludeScopes": false, "LogLevel": { "Default": "Warning" } } } In my portal, I have an Azure app registration with the same id as ClientId. It has the reply URL [APP-URL]/signin-oidc.
The localhost app works only if I set the reply URL to [LocalhostURL]/signin-oidc, even though I've learned that the configuration should not affect log in on localhost.
The Azure app does not work in any case.
In both apps when it doesn't work I get this error:
AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '50819a7a-e018-4c1d-bf0a-18c8fce5c600'
Is it correct that a localhost app should not need a configured reply URL?
Why do I get the "reply url not configured" error?
247
Resolution. To fix the issue, follow these steps: Ensure that the AssertionConsumerServiceURL value in the SAML request matches the Reply URL value configured in Azure AD. Verify or update the value in the Reply URL textbox to match the AssertionConsumerServiceURL value in the SAML request.
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
Solution: Sign out, then sign in again from a different browser or a private browser session. Instruct the user to open a new in-private browser session or have the user try to access from a different browser. In this case, users must sign out from their active session, and then try to sign in again.
The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom domain name, you might have a different URL than the one provided here.
You can refer to this Sample to rebuild your .NET core App and publish to the Azure.
There are some NOTES you need to pay attention to :
you need to change the port from 5000 to the effective one. Currently, it should be 61659. So, when you do a test in your localhost, you can set the reply URL in the AAD App with http://localhost:61659/signin-oidc
Update these URLs if you configure the app for production use or If you publish the App to Azure Web App, you should change the Reply URL in both App config file and AAD Application to be <AppURL>/signin-oidc
For example, https://www.contoso.com/signin-oidc or https://Myapp.azurewebsites.net/signout-oidc.
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
