I have created a MS Azure App Registration for an application that uses the MS Identity Platform. It works. I can login with my MS identities. Access tokens are created, and I can use them to access my API.
However, this is the case only when I run in a localhost environment. When I run it using a real domain on a live server, the access token is created, but two callbacks are received from login.live.com. An example from my logfile follows. Text was removed from each line to keep the clutter down.
2021-08-20 17:57:16 POST /OAuth/ - 443 - XXX.XXX.XXX.XXX https://login.live.com/ 302 0 0 1223
2021-08-20 17:57:16 GET / - 443 - XXX.XXX.XXX.XXX https://login.live.com/ 304 0 0 198
The first is correct, but it never executes, because the second overrides it and my browser is redirected to another page at the root of the application. How can i fix it?
I don't want that second response from Microsoft. My browser is actually displaying the page at / instead of the page at /OAuth/.
My application is an ASP.Net MVC 5 application running .Net Framework 4.7.2. I'm using Microsoft.Identity and OWIN. As I said, everything works, but I'm getting two responses from Microsoft.
One thing I tried was removing the localhost redirectUri from the App Registration. That wasn't the problem. I put it back in.
The MS Identity platform is sending two replies. But it is doing so because of the way I defined the redirect Uri in my Azure App Registration. In the Azure App Registration Authentication page, you define one or more redirect Uris. I defined mine as follows.
https://example.com/OAuth/
Notice the trailing slash. I had to remove that. I read the following document several times but I missed this requirement.
Redirect URI (reply URL) restrictions - Microsoft Identity Platform
Redirect Uris containing a path segment do not append a trailing slash.
Related
Doing some practice with AZ 204, I was attempting to set up a simple web app with .Net Core and a simple Authentication system using the login.microsoftonline.com service. My problem is that I keep getting a 404 on my redirect from the authentication sequence.
I use a redirect provided from Azure under "Get Started" using the Web platform for ASP.NET Core. The only modification I used is that I have replaced the localhost port as mine is running on a different one.
The app works fine without Authorization, With Authorization in place, it loads in the Microsoft login page, and it goes through, the process and validates the user. It goes through and manages the user consent screen, but once it's supposed to redirect back to the page (using the /signin-oidc endpoint, it seems to interpret it as a webpage and goes to the URL htttps://localhost:7032/signin-oidc.
I made the same setup progress a week ago without any 404 problems.
Service: Azure AD Registered App
Platform configuration: Web (ASP.NET Core)
Redirect URIs: https://localhost:7032/signin-oidc, https://localhost:7032/
Front-channel logout URL: https://localhost:7032/signout-oidc
ID tokens (used for implicit and hybrid flows): checked
Double checked ClientID: check
Double checked TenantID: check
UseAuthentication() is enabled: checked
You may need add UseAuthentication() in your Startup.Configure method.
app.UseRouting();
app.UseAuthentication(); // <-- Add it here.
app.UseAuthorization();
Unsure how, but as I started the project today the code runs smoothly, and the page loads properly. My guess is it might have been some problem with my internet settings on my local machine. Thanks for the suggestions and bonus help.
I created web app in my Azure account. I have all details like tenat id, client id, client secret etc. While creating I have added uri as https://localhost and I also added scope Data.Read and added Application ID URI. But I can't open above mentioned url. Most possible that I am missing something in my mind and dont fully understand the rule how it should work, that is why I am asking for help. I need this localhost in order to test auth with Azure tokens. What exactly I am doing wrong?
Azure allows http protocol value for only localhost. Remaining all redirect URIs must begin with the scheme https. To use https, you should install SSL certificate.
HTTP: The HTTP scheme (http://) is supported only for localhost URIs and should be used only during active local application development and testing.
I am not sure what error you are getting Azure active directory basically Redirect back to the Redirect URL specified in the request provided to AAD after login using either the /authorize or /token endpoint is what AAD does. If the match is successful, AAD publishes the success response back to the same Redirect URI after successfully authenticating the user. Once the request reaches AAD, it verifies the Redirect URI and compares it with the reply URLs listed in the app registration.
For more information in detail, please refer below links:
How to create Azure Web App | Ciemasen
Localhost exceptions
Redirect URL with http but NOT localhost
I've created a web application using Node.js that relies on a google API (specifically the DCM/DFA reporting API). It redirects the user to login to their gmail account, and after a successful login redirects back to the web application.
Suddenly my company has told me that this web application needs to be restricted to internal use only, and that they won't host it on a public domain for security reasons.
Is there any way to get Oauth to redirect to the internal domain? When I try to set the redirect domain in the google developers console I get an error message that it is not valid. Is there anyway around this?
The sample redirect url you can add at Console and Code is:
http://localhost:8080/authcallback
(Remember to not add trailing / in url)
I've set up my SharePoint 2013 on prem site to accept authentication from Google and Windows Live. Windows Live login works for the most part. I've set up an ACS in Azure where I've specified the return URL after the user signs in. I have entered the same return URL in the Google Developers console.
However, after the user logs in to their Google account, they get the following error:
Error: redirect_uri_mismatch
Application: Test
You can email the developer of this application at: myemailaddress#copmany.com
The redirect URI in the request: https://mysite.accesscontrol.windows.net:443/v2/openid did not match a registered redirect URI.
Can anyone tell me what I am doing wrong here, especially since the return URLs are the same in Google Developer Console > Credentials, as well as Azure ACS > Relying party applications.
Edit: The redirect URL is https://subdomain.mydomain.com/_trust in both Google Developers Console and Azure ACS.
Thanks!
You'll note the page is being served by Google (with it's little broken robot thingy). So the problem is at their end.
Though it's not actually a problem but rather a security measure in that you have to explicitly enable the redirect url. Otherwise some level of hijinks may ensue, at your expense.
So you need to log into your Google developer console and add the redirect url of your Azure ACS account (not your web app / relying party) to the permitted redirect URLs.
So the image above is obviously after I had already entered the redirect Url.
Click the edit button and add it on a separate line.
And you're done.
Otherwise judging by your edit, it looks as though you have simply used the wrong url. You use the ACS callback URL not your website URL as the flow goes back through ACS which reissues the token in it's own format.
I have a WCF Data service hosted in Azure as a Azure Web Role. Have added a Http Module for authentication. The custom Http Module looks at the Authorization header in the request headers and authenticates the user.
When I make a Http request to the WCF Data Service, I run into two issues. There is a Http redirect happening.
I make the request to http:\northwindsample.cloudapp.net\SampleService.svc. The message I get is that "There is no operation listening for http://rd00155d341b52/SampleService.svc, but there is an operation listening for http://northwindsample.cloudapp.net/SampleService.svc/, so you are being redirected there.
Though I am making the request to http:\northwindsample.cloudapp.net\SampleService.svc, it is somehow going to http://rd00155d341b52/SampleService.svc and then gets redirected to the actual service. I get an Http 307 and in the redirect the authorization header is missing.
Later I found that when I add the trailing slash, then there is no redirect happening.
How can I prevent this redirection because of missing trailing slash ? Also the issue is that the authorization header is not sent to the redirected Uri.
Thanks
Take a look at this:
http://gavinmckay.wordpress.com/2009/03/24/howto-fix-wcf-host-name-on-iis/
For updating this in Azure, you will want to either create a startup task or use the IIS management APIs like is used here:
http://blogs.msdn.com/b/tom/archive/2011/02/18/installing-and-using-an-httpmodule-in-windows-azure.aspx