Asp.net app and Azure AD authentication

Question

User1248386638 posted

Hi, I used the built in Visual Studio 2015 template to create a webform application and enabled Azure AD Work/School account authentication. Good news is everything works like a charm in LocalHost (when running locally). When I push it my Azure App (in Azure), when I try to authenticate, it gives me an error. The error is below -

Additional technical information:
Correlation ID: 58a37062-523c-4538-bb97-db54ad9492bd
Timestamp: 2016-03-03 01:47:05Z
AADSTS50011: The reply address 'http://mydomainnamehere.com' does not match the reply addresses configured for the application: d6709cb1-8687-4560-97c4-1247dd67fe3e.

I could not find any place where to update the reply address. I googled on this error but no one seem to have my issue. Note, my app is not MVC nor have I enabled Autherization/Authentication using Azure portal. Finally, everything works just fine if I use localhost.

Answer 1

User-646145796 posted

Hi,

If upload the application to Azure Web App, please change the following:

1) Click into Azure Active Directory, find your application, change "SIGN-ON-URL" into the real sign in URL

2) Change "REPLY URL"

3) Check the Web.config of your Web app, ensure the ida:PostLogoutRedirectUri is right.

Hope this help.

Best Regards,

Jambor

Answer 2

User1248386638 posted

Jamobar,

Thank you! I actually do not have access to the Azure Active Directory setting. I am using the school domain for example ucla.edu I only have one valid account with that domain. I did not setup any Azure Active Directory if any kind. I simply used the wizard in visual studio to create the application. Like I said, everything works but only in localhost. The settings for ida:PostLogoutRedirectUri  is correct.

Thank you.

Answer 3

User1248386638 posted

Here is my web.config

<add key="ida:ClientId" value="actualcodeishere"/>
<add key="ida:AADInstance" value="https://login.microsoftonline.com/"/>
<add key="ida:Domain" value="myschool.edu"/>
<add key="ida:TenantId" value="actualcodeishere"/>
<add key="ida:AudienceUri" value="mydomain"/>
<add key="ida:PostLogoutRedirectUri" value="http://mydomain.com"/>

Answer 4

User-646145796 posted

Hi,

>> I actually do not have access to the Azure Active Directory setting

We need to change some settings in Azure Active Directory. As I know we can not change this from the wizard in visual studio. So I would suggest you contact with your azure subscription administrator to do these change.

Best Regards,

Jambor

Answer 5

User1248386638 posted

Thanks. So what would the reply address needs to be? The root of the domain?

Answer 6

User-646145796 posted

The Reply URL is a Physical address for your app to which Microsoft Azure AD will send SAML authentication tokens for authenticated users.