AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application

Question

Hello,

Sorry that my question might be repetitive but none of the solutions provided in other links have resolved my issue. Below is my situation

We have ASP.NET Core 3.1 Web application to which we are trying to use Azure AD so that users can login with our Enterprise Credentials. We started with ASP.CRORE MVC default template and enabled to Use Organization credentials and Authentication is working in our Local environment. We are now trying to deploy this app to other internal environments. So we have deployed this to two of our internal servers and configured IIS to refer this website with http IP's assigned. I was able to create Azure App registry for this application and was able to add the http IP's through Manifest, added the clientId to the appsettings.json file and the authentication is working if we refer the website using the http IP's. I have also tried by assigning https IP's assigned to the same websites and added them to Azure App Registry and again the authentication is still working if we refer the website with either of the 2 https IP's.
Now we have decided to create URL something like https://ourwebsitename.companyname.com which resolves to either of the http IP's using F5 Load balancer. I was able to add the URL to the azure app registry and using the same clientId in appsettings.json in the same way how the app is working with http or https IPs. But somehow when we refer the website URL
https://ourwebsitename.companyname.com we are getting the error as mentioned in the title of the question and I did observed after I hit the URL, its getting redirected as redirect_uri=httpXXXX instead of https which I thought may be the reason of the issue but unable to resolve. I have googled it and tried with various solutions but none resolved and so I am posing it again hoping for a luck if someone can provide me a solution.

Following are the links which appeared close to my situation but didn't work for me

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-5.0
https://github.com/AzureAD/microsoft-identity-web/issues/115

Thanks in advance.

Answer 1

The redirect URI in your appsettings.json (or wherever it's referenced in your code) needs to match exactly what you have in the app registration. If it's being redirected to http then that means there's a reference in your code that has the http URL rather than the https URL. There also cannot be any extra slashes, spaces, or anything else that would cause these to have a mismatch, and the app ID/client ID and tenant ID need to match in both places. I would search through your code and make sure that everything matches what you have in your app registration.

If you provide your correlation ID, timestamps, and request ID I can check too and see if I can find the mismatch, but from what you described it seems like the URLs are not the same and need to be standardized.

Answer 2

Hello,

Thanks for your response, I have attached the screenshots of startup.cs, appsettings.json, Azure App Registration Page, correrelation timestamp details of my project.
I have replaced redirect URI as https://websitename.companyname.com/signon-oidc for this question purpose. I was not using redirectURI in appsettings.json while deploying and it's working fine when I hit the website using the IP. But I just kept in the screenshot only as a reference.
I tried startup.cs code with different solutions specified in other forums for the same question.