Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Azure Active Directory - one application to login locally and when published

I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400. This is also encoded in the AD application in Sign-On Url and Reply Url.

When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400 which is wrong.

There is PostLogoutRedirectUri property in Startup.Auth.cs that I give to the app, but it makes no difference at all.

Any way to have local application and deployed application using the same Azure AD?

I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config on deploy. But that does not sound like the best solution. Anything else I can do?

UPD

Here is the bit I'm referring to in Startup.Auth.cs:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = Authority,
        PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod

        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            .....

        }
    });

See full code listing here.

And in Azure AD application I tried both addresses as a Reply URL at the same time: Azure AD Application Reply URL

But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.

like image 709
trailmax Avatar asked Sep 09 '15 16:09

trailmax


1 Answers

You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs

like image 86
vibronet Avatar answered Sep 22 '22 05:09

vibronet