2

I am using Microsoft.AspNetCore.Authentication.AzureAD.UI package. And simple authentication in Startup.cs:

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options => Configuration.Bind("AzureAd", options));

Everything works fine if I publish application to Azure Web App. But my application is inside Docker container and is located in AKS. External LoadBalancer working fine, but doesn't have SSL option. That's why I have tried to configure Front Door or Application Gateway. With no luck. When I am using Gateway and setting reply URL to https://xxx.xxx.xxx.xxx/signin-oidc I am receiving

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application

When to http://xxx.xxx.xxx.xxx/signin-oidc

AADSTS500117: The reply uri specified in the request isn't using a secure scheme.

Similar story with Front Door and if to remove app.UseHsts() and app.UseHttpsRedirection()

Alexej Sommer
  • 2,677
  • 1
  • 14
  • 25
  • just use ingress with ssl offloading? – 4c74356b41 Apr 15 '19 at 10:45
  • Have you tried https://learn.microsoft.com/en-us/azure/application-gateway/redirect-http-to-https-portal? It may be useful. – ALFA Apr 15 '19 at 10:48
  • @4c74356b41, I have previously tried nginx with same result. And have a long conversation with support with no result. Last thing that I have get from them is that I am using nginx and I should use service from MSFT. ALFA, thank you for link. That's exactly what I am using now – Alexej Sommer Apr 15 '19 at 10:55
  • better use ingress - its much better than application gateway, which is a beta ingress for k8s – 4c74356b41 Apr 15 '19 at 11:37
  • you need to use ingress for ssl offloading. Use let's encrypt for ease of use. you would find certificates.yaml, certissuer.yaml files online. assign public address a custom domain and deploy above yaml files for that custom domain mapped. it should work. – Venkata Dorisala Apr 18 '19 at 15:11

1 Answers1

0

Finally after all my troubles with Microsoft.AspNetCore.Authentication.AzureAD.UI + Kubernetes I have decided to use OpenID Connect

Alexej Sommer
  • 2,677
  • 1
  • 14
  • 25