AADSTS70001: Application with identifier 'guid' was not found in the directory

Question

Azure AD authentication works fine locally through Visual Studio. But after publishing; I go to URL (https://mydomain.azurewebsites.net/) and it gets redirected to the login page. At this time the address bar has below data(note:some sensitive data has been removed).

https://login.microsoftonline.com/guid/oauth2/authorize?response_type=code id_token&redirect_uri=https://mydomain.azurewebsites.net/.auth/login/aad/callback&client_id=myclientid&scope=openid profile email&response_mode=form_post&nonce=noncevalue&state=redir=%2F

Now two problems with the above data

First issue, client_id=myclientid mentioned here is not there anymore, I have removed it from the directory. I search my code (find-in-file) for this client Id just to make sure I am not referencing it by mistake. I found no references in code.

Then I copied the correct client_id, replaced to above url and retried. At this time it get me logged in and shows a bad request message.

Second issue redirect url https://mydomain.azurewebsites.net/.auth/login/aad/callback is not what I have configured!!!(I have set it up as https://mydomain.azurewebsites.net) Azure has appended .auth/login/aad/callback part

This definitely seems to be a configuration issue.

Has anyone faced this kind of a problem before?

Answer 1

For your first question

It seems to be you have configured active directory authentication through the azure portal. So that it will overwrite whatever the configuration values in your web.config file. Therefor please take following actions to verify this.

Go to App Services --> Select your app service account name --> Under settings menu click on the Authentication / Authorization --> App Service Authentication In the Authentication / Authorization blade verify App Service Authentication is in on state and if it is in on state then verify whether the Authentication Provider is Azure Active Directory. If so, click on the Azure Active Directory: Configured (Advanced).

In the Azure Active Directory Settings blade click on the Advanced button in Management mode option. Verify whether the Client ID, Issuer Url and Client Secret is correct. If not Change it and click ok. Then click the save button on Authentication / Authorization blade.

Now you can test your site whether it is working as you expected.

For your second question

This can happen due to wrong client id and client secret. Please verify above steps followed as I explained and then test your site. If all settings configured correctly, you should not get errors like this.

Note: Also remember if you rename already created Azure Ad App name from the portal please verify your azure app service active directory settings as I explained above.