I have an ASP.NET Core MVC app and I want to use Azure B2C authentication.
The redirect_url that's being generated has http
instead of https
like so:
&redirect_uri=**http**%3A%2F%2Fmyapp.com%2Fsignin-oidc
This should be https
, and it's causing this error:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '9dbe40e0-7555-4ddf-9c17-b5218ed6ca89'.
My appsettings.json
looks like this:
"AzureAdB2C": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx",
"ClientId": "xxxx",
"TenantId": "xxxx",
"ClientSecret": "xxxx",
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath ": "/"
}
and my code in Startup.cs
is like so:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration, "AzureAdB2C");
For some reason this works fine on my dev machine with localhost (redirect_url=https) but on the server it's always http
.
Any ideas? This has been driving me crazy all day
EDIT: RESOLVED! Turns out the issue was that I didn't have a HTTPS binding in IIS, only a HTTP binding... strange, since I was accessing the site via https://... - I guess somehow the IIS gave a certificate and allowed HTTPS even though I didn't have a binding for it
Thanks for the help guys!
Turns out that this was caused because I didn't have a HTTPS binding in IIS.
I was accessing the site via HTTPS, so not sure how IIS allowed that, but adding a HTTPS binding fixed the redirect_uri problem