Microsoft Azure AD Single Tenant Authentication Issues /w .NET Framework

Zack 41 Reputation points
2021-11-16T23:07:02.213+00:00

There is a server that has a public IP to an F5 load balancer. The IIS has a website and the configuration has a domain name and test SSL certificate.

Here is the hierarchy of the IIS 10.

-Server

--Application Pools

--Site

---Website 

   ----test_portal

The address as follows -> https://test.example.org/test_portal

These are the steps I'm using in order to get this issue. 

1. Go to Azure Portal (portal.azure.com).  

2. Click on App Registrations.  

3. New registration (already got an active registration app called WebAppTest).  

4. Go to Authentication tab (toggled ID tokens and click on radio button for single tenant).  

5. Go to Quickstart tab.  

6. Web application.  

7. ASP.NET  

8. After making this change for me, I downloaded code sample.  

9. Extracted, opened, is able to run fine as localhost within Visual Studio 2019. Signed in and out.

Note: In order to run the sample, you need to extract it over to (C:\Users{User}\source\repos). 

10. Configured the app registration Authentication and set the following features.

a. Web - Redirect URIs and set it to https://test.example.org/test_portal/signin-oidc | Changed front channel logout URL to https://test.example.org/test_portal/signout-callback-oidc 

11. Published over to the server. Published straight to the folder of the server, I didn't do a deployment package.  

12. Go to https://test.example.org/test_portal/ in my browser on the same machine I'm typing on, not in the server's browser.  

13. Click on sign in, asks me to sign in, click on the 2FA button on my phone, and I get this error.

Request Id: bbf4a2d1-7a75-44b4-8a08-############

Correlation Id: ea9999c7-d44d-4756-a962-############

Timestamp: 2021-11-16T21:34:14Z

Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '2d7eefab-1fc0-4114-9e42-2ea73b417e1e'.

Here is a picture.

149935-image.png

Not sure why I get this, but I've searched forum after forum to no avail. Can anyone help me out here?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-11-17T05:00:59.373+00:00

    Hi @Zack • Thank you for reaching out.

    The AADSTS50011 error occurs when the reply URL in the authentication request doesn't match with any of the reply URLs (redirect URIs) in the application registered in Azure AD.

    By tracking the correlation & request ID, I found that the reply URL in the authentication request is https://dev.bl*********12.org/admin_portal/ and the reply URL registered in the application with ID 2d7eefab-xxxx-xxxx-xxxx-2ea73b417e1e is https://dev.bl*********12.org/admin_portal/signin-oidc

    To resolve the error, please update the Reply URL registered in the application to https://dev.bl*********12.org/admin_portal/ by navigating to Azure AD > App Registrations > Your App > Authentication > Add the above mentioned Redirect URI.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest