Search code examples
azureoauth-2.0asp.net-core-mvcopenidazure-web-app-service

Azure web App .net core OpenID redirect_uri issue

I am having an issue with a .NET core web app utilizing OpenID for AD authentication. Currently in my application settings the CallBackPath is set to /signin-oidc

"Authentication": {
    "AzureAd": {
      "AADInstance": "microsoftonlinecom/",
      "CallbackPath": "/signin-oidc"

and on azure the replyurl is set to azurewebsitescom/signin-oidc

Whenever I change the replyurl to localhost:44320/signin-oidc and I debug locally, it works perfectly but on Azure I get the following error:

azurewebsitesnet/.auth/login/aad/callback' does not match the reply addresses configured for the application: '

as you can tell its using the incorrect replyurl and I am not sure why it will not use the proper one that is clearly set in the replyurl settings.

startup.cs:

 app.UseCookieAuthentication();

            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
            {
                ClientId = Configuration["Authentication:AzureAd:ClientId"],
                Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
                CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],
                PostLogoutRedirectUri = Configuration["Authentication:AzureAd:PostLogoutURL"],
                SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme
            });

Also if I add a wildcard reply URL e.g. exampleazurewebsitesnet/* then I am able to authenticate against my application except it states I do not have access and the replyurl is still the incorrect one from above: azurewebsitesnet/.auth/login/aad/callback

"You do not have permission to view this directory or page."

I was forced to intentionally input incorrect URLs since I do not have enough authority to post more than 2 links on stack overflow

Solution

  • Based on the redirect URL, it seems that you enable the Authentication/Authorization feature provide by Azure App service after you deploy the web app on Azure. There is no need to config it since you have implement the authentication in the web app. You can disable it via the new Azure portal like figure below: enter image description here

    More detail about this feature you can refer here.