ASP.NET Core MVC web application that I'm trying to publish and deploy to IIS. My application uses Okta as a authorization. It works perfectly when run from VS code but when I publish it and create and application in IIS, then browse it I receive a 404 error:
Your request resulted in an error. The 'redirect_uri' parameter must be a Login redirect URI in the client app settings: https://myapp-admin.oktapreview.com/admin/app/oidc_client/instance/0qp0wpty1plmokgT09i7#tab-general
I've tried following the instruction at https://support.okta.com/help/s/article/The-redirect-uri-parameter-must-be-an-absolute-URI?language=en_US but they don't produce any different result and I'm really confused as to why it works fine when run in VS code but not IIS.
In Okta my Sign-in redirect URI is https://localhost:7128/okta-auth and my sign out redirect URI is http://localhost:8080, Login initiated by App Only and I don't have anything set for Initiate login URI.
In my application appsettings.json I have Okta set up:
"Okta": {
"Issuer": "https://myapp.oktapreview.com/oauth2/default",
"ClientId": "hidden",
"ClientSecret": "hidden",
"CallbackPath": "/okta-auth",
"Authority": "https://myapp.oktapreview.com/oauth2/default"
}
//Startup.cs
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
namespace okta_aspnetcore_mvc_example
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "okta";
})
.AddCookie(options =>
{
})
//let users sign in with okta account
.AddOpenIdConnect("okta", options =>
{
options.Authority = Configuration["Okta:Authority"];
options.ClientId = Configuration["Okta:ClientId"];
options.ClientSecret = Configuration["Okta:ClientSecret"];
options.CallbackPath = Configuration["Okta:CallbackPath"];
options.ResponseType = OpenIdConnectResponseType.Code;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}
Program.cs:
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
var startup = new Startup(builder.Configuration); //startup class
startup.ConfigureServices(builder.Services); // Add services to the container.
builder.Services.AddControllersWithViews();
builder.Services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(
builder.Configuration.GetConnectionString("DefaultConnection")
));
builder.Services.AddRazorPages();
var app = builder.Build();
startup.Configure(app, app.Environment); // Configure the HTTP request pipeline.
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();
}
}
launchSettings.json:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:54230",
"sslPort": 44378
}
},
"profiles": {
"MyApp": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": true,
"applicationUrl": "https://localhost:7128;http://localhost:5082",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}
I publish the application to folder and then upload that folder to IIS and turn it into an application, with authorization Anonymous Authentication enabled.
When I right click on the application and click browse I get the above error and I'm really not sure why
Ensure that the application is hosted on port 7128 on iis. You can either change the iis port to match 7128 or change the redirect URI on Okta to match the port on iis