如何为Azure AD更改redirect_uri [英] How to change redirect_uri for Azure AD

问题描述

我已经通过反向代理(NGinx)托管了Azure ServiceFabric Web应用程序(AspNetCore 3).该应用程序使用AzureAD(公司内)身份验证.我已经为广告注册了应用，并设置了重定向网址.发布APP并配置DNS和反向代理后，我尝试授权给我的应用，但由于错误而失败

  AADSTS50011:请求中指定的回复URL与为应用程序配置的回复URL不匹配:"...-...-...-...-...". 

我拒绝了该请求，发现该请求重定向到内部IP而不是域名

https://login.microsoftonline.com/aeb55839-c47b-4fea-8d95-912f673fa7ac/oauth2/v2.0/authorize?client_id=.....&redirect_uri= http％3A％2F％2F10.2.0.5％3A44321％2Fsignin-oidc ...

似乎我到处都看过，但找不到可手动指定重定向网址的地方(仅CallbackPath).有人能解决这个问题吗?

更新1.

从Azure门户添加屏幕截图

更新2

手动将

更新:-您在代码中使用的答复URL是 http://10.2.0.5:44321/signin-oidc ，它与Azure AD中定义的答复URL不同，即 https://dev-adm.project-llc.ru/signin-oidc .请使用代码或AAD更新回复网址.

I've got Azure ServiceFabric web-app (AspNetCore 3) hosted over reverse proxy (NGinx). The app use AzureAD (in company) authentication. I've Registered App for the AD and setup Redirect Urls. After publishing the APP and configuring DNS and reverse proxy I tried to authorize to my app but failed with error

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '...-...-...-...-...'.

I snifed the request and found that it redirects to the internal IP but not domain name

https://login.microsoftonline.com/aeb55839-c47b-4fea-8d95-912f673fa7ac/oauth2/v2.0/authorize?client_id=.....&redirect_uri=http%3A%2F%2F10.2.0.5%3A44321%2Fsignin-oidc...

It seems that I've looked everywhere but I cannot stil found where I can specify redirect url manually (only CallbackPath). Does anyone solve the issue?

Update 1.

Add screenshot from Azure Portal

Update 2

Mannually add http://10.2.0.5:44321/signin-oidc to the Redirect Url, get a new exception AADSTS500117: The reply uri specified in the request isn't using a secure scheme. I wonder whether I have to make my ASF cluster secured to allow AD Authorization? It seems to me strange due to I want to secure traffic to reverse proxy only.

解决方案

This error will occur when there is a mismatch of redirect URI being sent in the request to AAD while fetching the token and the one registered with the Application Registration Object in AAD portal.

In App Registration blade of AAD and look for the redirect URI section present under "Authentication" section of the registered application and update the redirection URL. Please refer to the screenshot below:

update:- The Reply url you are using in your code is http://10.2.0.5:44321/signin-oidc which is different from reply url defined in Azure AD i.e., https://dev-adm.project-llc.ru/signin-oidc. Please update the reply url in code or in AAD.

这篇关于如何为Azure AD更改redirect_uri的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！