locked
Active Directory redirect_uri shows IP instead of DNS name. How to provide absolute CallbackPath in code while authenticating with Azure AD? RRS feed

  • Question

  • User-1095454647 posted
    appSettings.json:
     
         "CallbackPath": "/platform/signin-oidc",
     
    This is what I get after deployment:
     
    I think it is showing the Kubernetes IP where code is deployed. The application uses Azure front door to route requests (in case that helps). How do I fix this? Can I pass DNS name? Full callback path instead of relative path?
     
    I found a similar post here
     
    But unfortunately there aren't enough details in the answer posted by the OP.
     
    **startup.cs**
     
         public void ConfigureServices(IServiceCollection services)
                {
                    services.AddCors(options =>
                    {
                        options.AddPolicy("CorsPolicy",
                            builder => builder.AllowAnyOrigin()
                            .AllowAnyMethod()
                            .AllowAnyHeader());
                    });
        
                    services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
                    {
                        options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
                        {
                            Console.WriteLine("intercepted");
                        };
                    });
        
                    var azureAd = new AzureAd();
                    Configuration.GetSection("AzureAd").Bind(azureAd);
                    services.AddControllersWithViews();
                    services.AddAuthentication(options =>
                    {
                        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                    })
                        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
                        {
                            o.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
                        })
                        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
                        {
                            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                            options.Authority = $"https://login.microsoftonline.com/{azureAd.TenantId}";
                            options.ClientId = azureAd.ClientId;
                            options.ResponseType = OpenIdConnectResponseType.Code;
                            options.ResponseType = OpenIdConnectResponseType.IdToken;
                            options.SaveTokens = true;
                            options.Scope.Add("profile");
                            options.Scope.Add("openid");
                            options.Scope.Add("offline_access");
                            options.ClientSecret = azureAd.ClientSecret;
                            options.CallbackPath = azureAd.CallbackPath;  // tried passing full url with domain name but doenst work.               
        
                        });
                     
                }
     
     
    Monday, May 17, 2021 6:01 PM

All replies