I've created a template Blazor Server Side project in VS with single tenant Azure AD authentication. Running the app on localhost i'm able to log in fine, but unable to log in when the app is published as Azure Web app. Error: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'app client id here'.
AzureAd config in appsettings.json:
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "tenant domain here",
"TenantId": "tenant id here",
"ClientId": "app client id here",
"CallbackPath": "/signin-oidc" },
The same app client id is also registered in Azure AD. Id token and access token grants enabled. With the following redirect urls configured:
"replyUrlsWithType": [
{
"url": "https://myapphere.azurewebsites.net/signin-oidc",
"type": "Web"
},
{
"url": "https://localhost:44350/signin-oidc",
"type": "Web"
}
],
When going to "https://myapphere.azurewebsites.net/signin-oidc" i'm redirected to something like: https://login.microsoftonline.com/Tenant-id-here/oauth2/authorize?client_id=client-id-here&redirect_uri=http%3A%2F%2Fmyapphere.azurewebsites.net%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=....
According to the docs and guides my setup seems to be correct so what is going wrong?
EDIT: I started getting a redirect loop at my web app url instead (Eventually getting a "We couldn't sign you in"). All of the http requests resulting in 301. I was able to solve it by adding:
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
to Configure in Startup.cs. And using Microsoft.AspNetCore.HttpOverrides. I followed the suggestion here: https://stackoverflow.com/a/54127683/14694699.
The app now launches and authenticates successfully.
