3,295 questions
You need to map the external domain (https://externallink.company.com) to your app service.
signin-oidc Attemps to Call Internal FQDN
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 53%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Josh Monreal
46
Reputation points
We have an ASP.NET Core application that uses the OpenId Connect authentication protocol. In Azure AD B2C we setup the external FQDN (domain alias) (https://externallink.company.com) as the redirect URI. What we noticed is that after redirecting to https://externallink.company.com/signin-oidc it then redirects to the internal FQDN https://internallink.company.com/signin-oidc which is the URL of the App Service in Azure. The internal link is not accessible outside the company's network and should stay that way.
The error that we got is this:
redirect_uri_mismatch&error_description=AADB2C90006: The redirect URI 'https://internallink.company.com/signin-oidc' provided in the request is not registered for the client id 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx'.%0D%0ACorrelation ID
This is how we have setup the authentication in the Startup class.
Should I specifically put the Callback path so that OpenId does not attempt to call the internal FQDN?
Update:
If I try to add the internal FQDN in the list of redirect URIs I will be able to sign in but afterwards I will get this error (URL is https://internallink.company.com/signin-oidc). This is expected because as I've mentioned the internal URL cannot be accessed via the public internet.
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
1 answer
Sort by: Most helpful
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator2020-08-06T07:10:08.827+00:00 -
Josh Monreal 46 Reputation points
2020-08-06T09:12:41.123+00:00 I realized that it does not work because the Callback path considers the application's base URL path so if I set the path to https://externallink.com/signin-oidc, the middleware will construct the redirect URI as https://internallink.com/https://externallink.com/signin-oidc.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
2020-08-10T06:46:18.93+00:00 @Josh Monreal apologies for the confussion. I've updated my answer with the proper solution.
---
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 22%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Darshita Patel 0 Reputation points2023-11-02T20:20:10.69+00:00 I am having the same issue where externallink.com is getting redirected to internallink and not working outside of VPN. How did you guys fix this?
Sign in to comment -