AzureADB2C.UI Custom Domain, Azure App Service | redirect_uri_mismatch

Question

User2008859809 posted

I'm using Azure AD B2C and have published a website using Azure AppServices.  I'm using the latest 'Microsoft.AspNetCore.Authentication.AzureADB2C.UI' package as well.

https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.AzureADB2C.UI

If I use the 'azurewebsites' url to login to the portal it will authenticate everything as expected.

https://mywebsite.azurewebsites.net [This works correctly]

However whenever I try and use my custom domain name [DNS CNAME] reference it indicates a 'Correlation failed' error.

https://www.mywebsite.com [This doesn't work]

'redirect_uri_mismatch', error_description: 'AADB2C90006:

Comments:

If I self-host in IIS debugger on local machine and change 'Reply URL' {https://localhost:44363/signin-oidc} in Azure AD B2C Portal options it works as expected.

If I use the default {https://mywebsite.azurewebsites.net} and change 'Reply URL' {https://mywebsite.azurewebsites.net/signin-oidc} in Azure AD B2C Portal options it works too.

*Unfortunately If I set the 'Reply URL' as https://www.mywebsite.com/signin-oidc and sign in from my custom domain it fails with a 'Correlation' error.

I've noticed that the URL when attempting to sign in uses this "redirect_uri=http%3A%2F%2Fmywebsite.azurewebsites.net%3A80%2Fsignin-oid" instead of my custom domain.  I believe I need the ability to define/customize the redirect_uri but I don't think I can do that with the AzureADB2C.UI package.  Another option might be that the software should know that the source URL is my custom domain and NOT https://mywebsite.azurewebsites.net as I'm not sure how the web server is determining that this is the name of my website as it really isn't.

Background:

Latest version of Microsoft.AspNetCore.Authentication.AzureADB2C.UI

Latest version of .Net Core 3.0

Latest version of Visual Studio 2019

Latest version of all SDK, Nuget packages installed

Using the new b2clogin URL

Published as an Azure App Services to host my website

I have an Azure application gateway in front the Azure App Service website too.

services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options =>
{
options.Instance = @"https://{MYAPP}.b2clogin.com/";
options.ClientId = "123456789-1234-1234-1234-123456789012";
options.ClientSecret = @"{MYSECRETKEY}";
options.CallbackPath = @"/signin-oidc";
options.Domain = "{MYAPP}.onmicrosoft.com";
options.SignUpSignInPolicyId = "B2C_1_SUpIn";
options.ResetPasswordPolicyId = "B2C_1_SUpInResetPassword";
options.EditProfilePolicyId = "B2C_1_SUpInEdit";
Configuration.Bind("AzureAdB2C", options);
});

Answer 1

User1724605321 posted

Hi Jonmcox,

 

that the software should know that the source URL is my custom domain and NOT https://mywebsite.azurewebsites.net as I'm not sure how the web server is determining that this is the name of my website as it really isn't.

Then what happened if you set the reply urls to "https://www.mywebsite.com/signin-oidc" both on client side and Azure portal side . And you can directly config the detailed url in Openid Connect option . 

Best Regards,

Nan Yu