Blazor Webassembly Azure AD authentication hosted in Azure storage account

1
votes

According to instruction described in “Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory” https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory?view=aspnetcore-3.1 I have created the simplest blazor webassembly app. At https://portal.azure.com I registered new app in AAD and based on generated GUIDs generated local app with this command:

dotnet new blazorwasm -au SingleOrg --client-id "{CLIENT ID}" --tenant-id "{TENANT ID}" -o {APP NAME}

Everything worked fine if I launched app locally. If I copied published app to storage account $web and try to log in I have received:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '…'.

During app registration I have defined app as “Web” and put Redirect URL: https://localhost:5001/authentication/login-callback I have tried different combinations of URL changing hostname, deleting port and changing path. I don’t know how to successfully configure app in AD.

2
azureauthenticationazure-storageblazor-webassembly
Navigate to your storage account in the portal -> Static website -> copy the Primary endpoint, then change the redirect url with <Primary endpoint>/authentication/login-callback, something like https://xxxx.z13.web.core.windows.net/authentication/login-callback, will it work?Joy Wang-MSFT
I have changed Redirect URL as you suggested and after clicking login link server answered "The requested content does not exist. HttpStatusCode: 404 ErrorCode: WebContentNotFound RequestId : 59d63c65-a01e-00d7-7827-5c8b94000000 TimeStamp : 2020-07-17T10:43:11.6487124Z"Marek Słowikowski
If so, the original issue was solved, for the new issue, you need to specify an error document when you enabled the website, then a default 404 page is returned to the user, see docs.microsoft.com/en-us/azure/storage/blobs/…Joy Wang-MSFT
Original issue was not solved. Problem is the same: HTTP server cannot find landing place (Redirect URL) after user was logged. I have just read source code of authentication library. Everything looks fine so the problem is in other place.Marek Słowikowski
Could you show your request url when user login?Joy Wang-MSFT

2 Answers

0
votes

The AAD error states that the URL which you are getting redirected is not present in the reply url list configured in the app registration.You need to register a reply url in the format - {WebsiteUrl}/authentication/login-callback.
Please give it a try then hopefully should resolve the issue.
Note-WebsiteUrl is the Url hosted in azure

0
votes

Based on the answers and comments above, I took me 2 steps to solve this:

  1. Azure AD must have an entry in App registration | Authentication | Single-page application | Redirect URIs that reads {WebsiteUrl}/authentication/login-callback. {WebsiteUrl} comes from the Storage account | Static website | Primary endpoint.

  2. Make sure that Storage account | Static website | Index document name and Error document path both point to index.html.