6

I am pulling my hair out with this one.

I have a .Net Core 2.1 application on the back-end with Angular 7 in the front.

I've already done all the difficult work of getting integration with Azure Active Directory up and working, and it is properly connecting me to AAD, asking for credentials, then at the last stage I get:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application

I am testing this locally for rapid development and I have my callback set to:

https://localhost:5001/azureauth/auth

This is directly in the Azure Portal:

enter image description here

This controller method currently does nothing but hit a break point, which if I hit it manually in the browser properly breaks in the controller method.

Azure won't call me back on it after a successful AD login.

What am I missing?

Edit I noticed that the query string when connecting to AAD has the following in the "redirect" portion, which does not match what I have in Azure as it does not have the path it's just localhost:5001 ... does this matter?

Redirect Path

OpenID Settings

OpenID Settings

/azureauth/auth is my controller and my method.

Error

Patrick
  • 5,526
  • 14
  • 64
  • 101
  • check the localstorage / sessionstorage of your browser. It contains useful information about what is the problem. In case you still face problems, please update the question with details from it. – Thiago Custodio Oct 22 '19 at 15:50
  • @ThiagoCustodio The localstorage/sessionstorage for login.microsoftonline.com are both blank. I've updated my question to include a redirectURL that seems wrong? – Patrick Oct 22 '19 at 17:05
  • Is there something wrong with my *outbound* request here? – Patrick Oct 22 '19 at 17:10
  • since they are controlled by azure ad, I can't tell you what is wrong. To me, looks the application inside Azure AD is configured to use a different url than https://localhost:5001/azureauth/auth – Thiago Custodio Oct 22 '19 at 17:38
  • Can you post the application settings in here? – Thiago Custodio Oct 22 '19 at 17:38
  • @ThiagoCustodio Done. – Patrick Oct 22 '19 at 17:53
  • no, this part https://msdnshared.blob.core.windows.net/media/2017/09/SecureLogicApps30.png then go to https://learn.microsoft.com/en-us/skype-sdk/websdk/images/troubleshooting/auth/configuringreplyurlinazure.png – Thiago Custodio Oct 22 '19 at 18:10
  • @ThiagoCustodio I am on the new portal so I don't have those exact settings but that "Reply URL" should be the same as my "Redirect URI" as shown above, no? – Patrick Oct 22 '19 at 20:08
  • yes, they should be the same – Thiago Custodio Oct 22 '19 at 20:12

1 Answers1

6

The Application's list of Redirect URIs must contain the PostLogoutRedirectUri value, exactly as written in OpenIdSettings.

In this case, go to AAD Portal and add a Redirect URI for http://localhost:5001

Ideally, you should update the OpenIdSettings and Application Registration to use https instead of http.

Zacharious
  • 515
  • 4
  • 13
  • I resolved this prior to seeing this, but you are correct, changing it to simply `https://localhost:5001` is properly letting me through via AAD. – Patrick Oct 22 '19 at 20:46