AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application And Authentication failed because the remote party has closed the transport stream.

Siegfried Heintze 1,861 Reputation points
2020-05-05T15:32:20.977+00:00

I'm having two symptoms -- I assume they are related. I have bing searched and found similar postings and I have tried to follow the suggested resolutions with no luck.

1) AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'b078e920-278a-4b24-8b96-e95c9a6f209d'.

Can you help me understand what I need to specify for the redirect URL?

When I run it via dotnet I see: Now listening on: https://localhost:5001 Now listening on: http://localhost:5000

So should not the redirect URL specified in the AAD App registration be https://localhost:5001? This does not work.

When I run using IISExpress, I see this in the browser URL windows: https://localhost:44367 (as per the launchSettings.json file). I change the redirect URL on the AAD App registration to https://localhost:44367 and it does not work again and I get the same error.

(2) When "dotnet run", I see a stacktrace! Maybe this is the problem! Bing searching suggests ([how-to-fix-the-error-authentication-failed-because-the-remote-party-has-closed-the-transport-stream][1]). I added this to main and it did not help: ServicePointManager.SecurityProtocol = /SecurityProtocolType.Ssl3 | / SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

Here is the stack trace:

dbug: HttpsConnectionAdapter[1] Failed to authenticate HTTPS connection. System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.BeginAuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState) at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_0(SslServerAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state) at System.Threading.Tasks.TaskFactory1.FromAsyncImpl[TArg1,TArg2](Func5 beginMethod, Func2 endFunction, Action1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func5 beginMethod, Action1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions) at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func5 beginMethod, Action1 endMethod, TArg1 arg1, TArg2 arg2, Object state) at System.Net.Security.SslStream.AuthenticateAsServerAsync(SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken) at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context) info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.1 GET https://localhost:5001/

(3) If I ignore this tack trace I get the same error: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'b078e920-278a-4b24-8b96-e95c9a6f209d'.

Why don't I see this stack trace when I run with IISExpress?

Thank you

Siegfried

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,786 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,506 Reputation points
    2020-05-05T15:55:07.743+00:00

    Hi @Siegfried Heintze , The port number by IISExpress is local to the computer. So you can ignore that port.

    Looking at the fiddler that you have shared in your previous post, the redirect URI in the request is https://localhost:5001/signin-oidc but the reply url configured on application (b078e920-278a-4b24-8b96-e95c9a6f209d) is https://localhost:44351/. Which is why you are getting reply url mismatch error.

    Please configure application (b078e920-278a-4b24-8b96-e95c9a6f209d) with reply url https://localhost:5001/signin-oidc to resolve the issue.

    -----------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    5 people found this answer helpful.

0 additional answers

Sort by: Most helpful