question

SiegfriedHeintze-9929 avatar image
0 Votes"
SiegfriedHeintze-9929 asked ·

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application And Authentication failed because the remote party has closed the transport stream.

I'm having two symptoms -- I assume they are related. I have bing searched and found similar postings and I have tried to follow the suggested resolutions with no luck.


1) AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'b078e920-278a-4b24-8b96-e95c9a6f209d'.

Can you help me understand what I need to specify for the redirect URL?

When I run it via dotnet I see: Now listening on: https://localhost:5001 Now listening on: http://localhost:5000

So should not the redirect URL specified in the AAD App registration be https://localhost:5001? This does not work.

When I run using IISExpress, I see this in the browser URL windows: https://localhost:44367 (as per the launchSettings.json file). I change the redirect URL on the AAD App registration to https://localhost:44367 and it does not work again and I get the same error.

(2) When "dotnet run", I see a stacktrace! Maybe this is the problem! Bing searching suggests ([how-to-fix-the-error-authentication-failed-because-the-remote-party-has-closed-the-transport-stream][1]). I added this to main and it did not help: ServicePointManager.SecurityProtocol = /SecurityProtocolType.Ssl3 | / SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

Here is the stack trace:

dbug: HttpsConnectionAdapter[1] Failed to authenticate HTTPS connection. System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState) at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state) at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state) at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context) info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.1 GET https://localhost:5001/

(3) If I ignore this tack trace I get the same error: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'b078e920-278a-4b24-8b96-e95c9a6f209d'.

Why don't I see this stack trace when I run with IISExpress?

Thank you


Siegfried

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
4 Votes"
amanpreetsingh-msft answered ·

Hi @SiegfriedHeintze-9929, The port number by IISExpress is local to the computer. So you can ignore that port.

Looking at the fiddler that you have shared in your previous post, the redirect URI in the request is https://localhost:5001/signin-oidc but the reply url configured on application (b078e920-278a-4b24-8b96-e95c9a6f209d) is https://localhost:44351/. Which is why you are getting reply url mismatch error.

Please configure application (b078e920-278a-4b24-8b96-e95c9a6f209d) with reply url https://localhost:5001/signin-oidc to resolve the issue.


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.




· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@BrianDerrick-0459 The reply url in your request is https://webdir0b.online.lync.com/Autodiscover/XFrame/XFrame.html please add this URL explicitly or add https://.online.Lync.com/ as reply url to the application with app id e48d4214-364e-4731-b2b6-47dabf529218.


1 Vote 1 ·

OK, I can sign in and it seems to be working. However, I'm still getting that stack trace. Should I be concerned?

0 Votes 0 ·

I get this error when trying to log into Outlook. I have been using this Outlook Account for over 2 years and then all of sudden I get this error.

Request Id: 89ea5d4d-35e1-46c4-9826-f3e1f0ba1d00
Correlation Id: 5190c651-4a5a-4468-bc03-049635a082c5
Timestamp: 2020-05-13T17:55:05Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'e48d4214-364e-4731-b2b6-47dabf529218'.

0 Votes 0 ·