AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a

Anand Ganjikunta 1

I have been trying to get my sample web project working last 3 days and no luck. could you please help?
I used quicksample using Azure web app and created app service, app registered and also followed some suggestions to use below url as ReplyURL
https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a'.

Troubleshooting details
If you contact your administrator, send this info to them.
Copy info to clipboard
Request Id: bb0706ce-e3d5-4f38-9c44-55896fdc4b01
Correlation Id: 0ea4789c-c298-4a8b-ae58-2230ecaebc24
Timestamp: 2020-11-29T02:11:09Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a'.
Advanced diagnostics: Enable
If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.

18 answers

AmanpreetSingh-MSFT 56,646 Reputation points

2020-12-01T14:30:42.33+00:00
@Anand Ganjikunta · Please try registering both of the following URLs as reply urls in your application and test again.

https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signin-oidc

https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/.auth/login/aad/callback

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

1 person found this answer helpful.
Anand Ganjikunta 1 Reputation point

2020-12-01T14:44:03.66+00:00

Aman,
I just tried and getting below error
You do not have permission to view this directory or page with url showing https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signin-oidc

When i tried using new IE Edge window get different error
Error.
An error occurred while processing your request.
Request ID: 00-c628199213cd7c43a866e891ece99542-d34e9c7085cbda4f-00
Development Mode
Swapping to Development environment will display more detailed information about the error that occurred.
The Development environment shouldn't be enabled for deployed applications. It can result in displaying sensitive information from exceptions to end users. For local debugging, enable the Development environment by setting the ASPNETCORE_ENVIRONMENT environment variable to Development and restarting the app.

Anand Ganjikunta 1 Reputation point

2020-12-01T14:47:29.207+00:00

2020-12-01T14:44:43 PID[7028] Information Sending response: 403.60 Forbidden
2020-12-01T14:44:43 PID[7028] Warning Cross-site request forgery detected for user 'agPII' from referer 'login.microsoftonline.com'!
More Information:</h4>This generic 403 error means that the authenticated user is not authorized to use the requested resource. A substatus code in the IIS log files should indicate the reason for the 403 error. If a substatus code does not exist, use the steps above to gather more information about the source of the error.
2020-12-01 14:45:35.296 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 GET https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/
2020-12-01 14:45:35.296 +00:00 [Information] Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler: OpenIdConnect was not authenticated. Failure message: Not authenticated

Anand Ganjikunta 1 Reputation point

2020-12-01T23:59:27.067+00:00

Finally works after recreating fresh app service with all 4 reply URL's in config as wekk as in app registry

"x-ms-version": "2.0",
"replyUrlsWithType": [
{
"url": "https://localhost:44321/",
"type": "Web"
},
{
"url": "https://localhost:44321/signin-oidc",
"type": "Web"
},
{
"url": "https://referencedata.azurewebsites.net/signin-oidc",
"type": "Web"
},
{
"url": "https://referencedata.azurewebsites.net/.auth/login/aad/callback",
"type": "Web"
}

AmanpreetSingh-MSFT 56,646 Reputation points

2020-12-02T06:01:19.867+00:00

@Anand Ganjikunta · Great! Thank you for the update.

Please "Accept the answer" so that it help others in the community as well.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
AmanpreetSingh-MSFT 56,646 Reputation points

2020-11-30T05:46:33.377+00:00

Hi @Anand Ganjikunta · Thank you for reaching out.

I tracked the correlation Id that you have shared and found the reply url in the request is https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signin-oidc but the reply urls (redirect uris) registered in the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a' are https://localhost:44321/ and https://localhost:44321/signin-oidc.

To resolve the issue, make sure the reply url registered in the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a' is https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signin-oidc

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anand Ganjikunta 1 Reputation point

2020-11-30T14:26:37.573+00:00

Thanks for the response!
I already tried updating reply url for app registration to https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signon-oidc but still getting below error. i even republished sample app after updating apps.json file with below. No clue why it fails
"AppRegistrations": [
{
"x-ms-id": "active-directory-aspnetcore-webapp-openidconnect-v2",
"x-ms-name": "aspnetcore-webapp-openidconnect-v2",
"x-ms-version": "2.0",
"replyUrlsWithType": [
{
"url": "https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signin-oidc",
"type": "Web"
}
],
"oauth2AllowIdTokenImplicitFlow": true,
"logoutUrl": "https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/signout-callback-oidc",
"requiredResourceAccess": [
{
"x-ms-resourceAppName": "Microsoft Graph",
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope",
"x-ms-name": "user.read"
}
]
}
],

ERROR:
Sign in
Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a'.

Troubleshooting details
If you contact your administrator, send this info to them.
Copy info to clipboard
Request Id: fd110936-f305-4b07-bd52-ea2782847701
Correlation Id: b666a62e-f6ef-43ab-aae4-04e2c42d90fa
Timestamp: 2020-11-30T14:24:17Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a'.
Advanced diagnostics: Enable
If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anand Ganjikunta 1 Reputation point

2020-11-30T14:42:41.723+00:00

I tried to change anonymous auth for WebApp-OpenIDConnect-DotNet20201126153555 to use app registered now getting below error

The page cannot be displayed because an internal server error has occurred.

Happy to hop on a zoom call, i'm trying to bring in internal apps to azure space and this will be breakthorugh to solve.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anand Ganjikunta 1 Reputation point

2020-11-30T14:56:39.857+00:00

After turning on app logs see below error, Please advise
2020-11-30T14:53:29 PID[6292] Verbose Received request: GET https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/
2020-11-30T14:53:29 PID[6292] Information Downloading OpenID configuration from https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration
2020-11-30T14:53:29 PID[6292] Verbose Calling into external HTTP endpoint GET https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration.
2020-11-30T14:53:29 PID[6292] Warning Call to HTTP endpoint https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration failed: 400 (Bad Request). Partial response: {"error":"invalid_tenant","error_description":"AADSTS90002: Tenant '84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator.\r\nTrace ID: efcb63da-fdc2-4aa5-9739-01a8ac7c1001\r\nCorrelation ID: c6c33330-da75-468b-93fe-9ec7b1a022f2\r\nTimestamp: 2020-11-30 14:53:29Z","error_codes":[90002],"timestamp":"2020-11-30 14:53:29Z","trace_id":"efcb63da-fdc2-4aa5-9739-01a8ac7c1001","correlation_id":"c6c33330-da75-468b-93fe-9ec7b1a022f2","error_uri":"https://sts.windows.net/error?code=90002"}
2020-11-30T14:53:29 PID[6292] Error Failed to download OpenID configuration from 'https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration': Value cannot be null.Parameter name: value
2020-11-30T14:53:29 PID[6292] Critical System.ArgumentNullException: Value cannot be null.Parameter name: valueat Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)at Newtonsoft.Json.JsonConvert.DeserializeObjectTat Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.Download(String url)at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.RefreshConfiguration(OpenIdConnectConfiguration testConfiguration)at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.GetCurrentConfiguration(Boolean forceRefresh, OpenIdConnectConfiguration testConfiguration)at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetOpenIdConnectConfiguration(Boolean forceRefresh)at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetLoginRedirectUrlAsync(HttpContextBase context, String callbackUrl, String postLoginRedirectUrl, NameValueCollection oauthState, String nonce)at Microsoft.Azure.AppService.Middleware.IdentityProviderBase.<RedirectToLoginPageAsync>d__40.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)at Microsoft.Azure.AppService.Middleware.EasyAuthModule.<AuthenticateAsync>d__51.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)at Microsoft.Azure.AppService.Middleware.EasyAuthModule.<OnAuthenticateRequestAsync>d__33.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at Microsoft.Azure.AppService.Middleware.HttpModuleDispatcher.<DispatchAsync>d__11.MoveNext()
2020-11-30T14:53:29 PID[6292] Information Sending response: 500.79 Internal Server Error
2020-11-30T14:53:30 PID[6292] Verbose Received request: GET https://webapp-openidconnect-dotnet20201126153555.azurewebsites.net/favicon.ico
2020-11-30T14:53:30 PID[6292] Information Downloading OpenID configuration from https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration
2020-11-30T14:53:30 PID[6292] Verbose Calling into external HTTP endpoint GET https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration.
2020-11-30T14:53:30 PID[6292] Warning Call to HTTP endpoint https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration failed: 400 (Bad Request). Partial response: {"error":"invalid_tenant","error_description":"AADSTS90002: Tenant '84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80' not found. This may happen if there are no active subscriptions for the tenant. Check to make sure you have the correct tenant ID. Check with your subscription administrator.\r\nTrace ID: 36ea8ea1-2543-45e6-b870-19b6b7484601\r\nCorrelation ID: db5a90c3-0c99-40df-885a-80357dea8047\r\nTimestamp: 2020-11-30 14:53:30Z","error_codes":[90002],"timestamp":"2020-11-30 14:53:30Z","trace_id":"36ea8ea1-2543-45e6-b870-19b6b7484601","correlation_id":"db5a90c3-0c99-40df-885a-80357dea8047","error_uri":"https://sts.windows.net/error?code=90002"}
2020-11-30T14:53:30 PID[6292] Error Failed to download OpenID configuration from 'https://sts.windows.net/84d7429e-d6a2-4f9c-a2e7-aa4e078d5e80/.well-known/openid-configuration': Value cannot be null.Parameter name: value
2020-11-30T14:53:30 PID[6292] Critical System.ArgumentNullException: Value cannot be null.Parameter name: valueat Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)at Newtonsoft.Json.JsonConvert.DeserializeObjectTat Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.Download(String url)at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.RefreshConfiguration(OpenIdConnectConfiguration testConfiguration)at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.GetCurrentConfiguration(Boolean forceRefresh, OpenIdConnectConfiguration testConfiguration)at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetOpenIdConnectConfiguration(Boolean forceRefresh)at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetLoginRedirectUrlAsync(HttpContextBase context, String callbackUrl, String postLoginRedirectUrl, NameValueCollection oauthState, String nonce)at Microsoft.Azure.AppService.Middleware.IdentityProviderBase.<RedirectToLoginPageAsync>d__40.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)at Microsoft.Azure.AppService.Middleware.EasyAuthModule.<AuthenticateAsync>d__51.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)at Microsoft.Azure.AppService.Middleware.EasyAuthModule.<OnAuthenticateRequestAsync>d__33.MoveNext()--- End of stack trace from previous location where exception was thrown ---at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)at Microsoft.Azure.AppService.Middleware.HttpModuleDispatcher.<DispatchAsync>d__11.MoveNext()
2020-11-30T14:53:30 PID[6292] Information Sending response: 500.79 Internal Server Error
2020-11-30T14:54:34 No new trace in the past 1 min(s).
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6070898a-ddc3-42e2-a478-e3f48f59f65a

18 answers

Your answer