Menu
We have developed an MVC5 application with Azure Active Directory authentication. When deployed to Azure as a Web App everything works perfectly. However we have been requested to deploy as a cloud service.
Created a new Cloud service project, added the MVC project as a role, added 2 endpoints HTTP/HTTPS to the Cloud service. Created a self-signed cert and applied to the HTTPS endpoint.
Local debug
Everything runs fine in local debug IIS Express and Azure Compute Emulator.
Initial request directs to http://localhost:7390 (IISe http port).
Redirects to Microsoft AD signin then redirects to https://localhost:4430 (IISe https port) and after the expected certificate warning for a self-signed cert the homepage is correctly displayed.
Azure Cloud service
App as been pushed to Azure as a cloud service deployment.
The self-signed cert has been uploaded to Azure.
Azure Active Directory has had an entry added for the app (using the cloud service publish URL as shown below)
Sign on URL : http://xxxxxxxxtest.cloudapp.net/
APP ID URI : http://xxxxxxxxtest.cloudapp.net/
Reply ULR : http://xxxxxxxxtest.cloudapp.net/
When hitting the site http://xxxxxxxxtest.cloudapp.net/ the redirect to Microsoft AD signin occurs as expected, but following successful sign in we get redirected to https://localhost:4430 as if it was running on local test environment.
Completely stuck on this one !
TIA Martin.
255
To activate the Directory Sync for the created AD, from the left pane select Active Directory, then in the Active Directory page, click the Azure AD and select the DIRECTORY INTEGRATION tab. Then click ACTIVATED and finally click SAVE to confirm the changes.
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
Unfortunately, the short answer to that question is no. Azure AD is not a replacement for Active Directory.
I've fixed this issue.
The APP ID URI in Azure Active Directory / Application did not match the values defined in the web.config in the following keys
In Azure navigate to Active Directory / Applications.
Select the Application and navigate to Configure
Grab the APP ID URI value. For my test app I set this to
http://xxxxxxxxtest.cloudapp.net/WebRole
Edit the web.config
the ida:Realm and ida:AudienceUri values must match the APP ID URI
the realm value must matche the APP ID URI
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="ida:FederationMetadataLocation" value="https://login.windows.net/yyyyyyyy.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml" />
**<add key="ida:Realm" value="http://xxxxxxxxtest.cloudapp.net/WebRole" />**
**<add key="ida:AudienceUri" value="http://xxxxxxxxtest.cloudapp.net/WebRole"/>**
</appSettings>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="https://login.windows.net/yyyyyyyy.onmicrosoft.com/wsfed"
**realm="http://xxxxxxxxtest.cloudapp.net/WebRole"** requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
After ensuring that these matched the web app runs correctly after logging in via Microsoft Active Directory.
It seems that the redirect to https://localhost:44300 is a fallback if the URI doesn't match.
The values for local development defined in the MVC properties for "Development server" SSL URL (which can be accessed by highlighting the MVC project in the solution and pressing F4) are published with the app to the cloud service and used if all is not well following AD authentication. I confirmed this by changing the SSL URL to localhost:44313, breaking the configuration and it did indeed attempt to redirect to 44313.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With