I'm building an MVC application with Azure Active Directory authentication. When I develop locally I would like to be able to sign-in for testing/development purposes. And the app url is like http://localhost:43400
. This is also encoded in the AD application in Sign-On Url
and Reply Url
.
When I deploy the same app to the server, the app url is changed - becomes something like myappname.azurewebsites.net
and I can't login using the same AD application. The best I could manage is to get through login process, but then AD redirects me back to localhost:43400
which is wrong.
There is PostLogoutRedirectUri
property in Startup.Auth.cs
that I give to the app, but it makes no difference at all.
Any way to have local application and deployed application using the same Azure AD?
I can do 2 AD Applicaitons with different urls and keys and rewrite the values in web.config
on deploy. But that does not sound like the best solution. Anything else I can do?
UPD
Here is the bit I'm referring to in Startup.Auth.cs
:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri, // <-- this is coming from web.config, different in dev and prod
Notifications = new OpenIdConnectAuthenticationNotifications()
{
.....
}
});
See full code listing here.
And in Azure AD application I tried both addresses as a Reply URL at the same time:
But the AD used only one of the addresses to redirect, even though the client specified the redirection that matches one of the records.
You can add multiple redirect uri to your app, that's why the property is implemented as a list! You just need to make sure that you specify which URI to use at runtime. You can do that in many ways - you can specify the return URI at middleware init time, or you can add dynamic code that will inject a redirect URI in the sign in message. For an example of the latter approach, please see RedirectToIdentityProvider in https://github.com/AzureADSamples/WebApp-MultiTenant-OpenIdConnect-DotNet/blob/master/TodoListWebApp/App_Start/Startup.Auth.cs
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With