Web app with Msal Interactive Signing failing with redirect

Ritu Raj 161 Reputation points


I have a .Net core web app where on a button click I an building a publicclientauthorizationbuilder and using interactive login with extra scopes to concent.

This works locally as redirect to local host on the app builder works fine but when deployed to azure app service this fails as the random port selected by the interactive login is not listening . And in the web app I can not enable port listeners as its not available.


User's image

Any ideas how to get this working .

Bacically I am trying to build a we all that gets user concent on multiple scopes in azure.


ErrorCode: http_listener_error

Microsoft.Identity.Client.MsalClientException: An HttpListenerException occurred while listening on http://localhost:49960/ for the system browser to complete the login. Possible cause and mitigation: the app is unable to listen on the specified URL; run 'netsh http add iplisten' from the Admin command prompt.

---> System.Net.HttpListenerException (5): Access is denied.

A set of technologies in the .NET Framework for building web applications and XML web services.
4,283 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,157 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 59,051 Reputation points

    When you config the reply urls in azure ad, you must include the port in the url. If you use more than one port, you must make a reply url for each port. Only the domain localhost allows wildcard ports.

  2. Marilee Turscak-MSFT 35,616 Reputation points Microsoft Employee

    @Ritu Raj ,

    If the authentication worked locally but is throwing this error now that it is published to Azure, it is likely that you need to update your application code to connect it to Azure. The error message you shared is coming from the your application and not from Azure AD.

    Steps to resolve this issue:

    1. Ensure that the ClientID is added in the Application settings of the deployed App
    2. Ensure that the app registration settings match exactly what you have configured in the application and that the Redirect URI in the app registration matches where your user gets redirected in the application code.
    3. Review the step-by-step configuration here: Http Listener Exception
    4. Please share your app settings so that we can further assist.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.