Using Azure AD to authenticate users in a .net core application (Blazor)

0
votes

im trying to use azure Ad to authenticate users to my web application. I have configured the app so it works with local host fine, communicated with azure AD and returns the web page once successfully authenticated. However, when i publish to the web it doesn't work and instead i get an error :

AADSTS50011: The reply url specified in the request does not match the reply urls configured

is there an additional step required when using a mydomain.azurewebsites.net?

ps. the redirect URL has been configured to return /signin-oidc as instructed as docs show.

1
c#azureazure-active-directoryblazor-server-side
The Redirect URI in your Azure App Registration should be configured with the full name: mydomain.azurewebsites.net/signin-microsoft - Daniel Björk
Have you added required mydomain.azurewebsites.net domain reply url in registered Azure AD application? - user1672994
@user1672994 yes. added redirecturl with domain.azurewebsites.net/signin-oidc - smeca

1 Answers

0
votes

The Redirect URI in your Azure App Registration should be configured with the full name: https://mydomain.azurewebsites.net/signin-microsoft

This is how I have added my Authentication to my Web App:

        services.AddAuthentication()
            .AddOpenIdConnect("Azure AD / Microsoft", "Azure AD / Microsoft", options =>
            {
                //  https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
                options.ClientId = Configuration["AzureApplication:ClientID"];
                options.ClientSecret = Configuration["AzureApplication:ClientSecret"];
                options.SignInScheme = "Identity.External";
                options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(30);
                options.Authority = "https://login.microsoftonline.com/common/v2.0/";
                //options.ResponseType = "code";
                
                // new in .NET Core 3.1
                options.UsePkce = false; // live does not support this yet

                options.Scope.Add("profile");
                options.Scope.Add("email");
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false,
                    NameClaimType = "email",
                };
                options.CallbackPath = "/signin-microsoft";
                options.Prompt = "login"; // login, consent
            });