How to move an AzureAD authenticated app from dev machine to server?

Question

In ASP.NET 5 / MVC 6 app (eg asp.net vNext), I create a new web app using the built-in template. For authentication, I choose, Work and School Accounts , since everyone in the organization has an Office365 subscription.

The template generates the following code in Startup.Configure:

        app.UseOpenIdConnectAuthentication(options =>
        {
            options.AutomaticChallenge = true;
            options.ClientId = Configuration["Authentication:AzureAd:ClientId"];
            options.Authority = ""https://login.microsoftonline.com/" + Configuration["Authentication:AzureAd:TenantId"];
            options.PostLogoutRedirectUri = "https://localhost:44348/";
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        });

This works great. Without changing any lines of code, I run it, it first authenticates me against AzureAD then back to the app with my authenticated name.

But now I want to deploy the app to a dev server running under IIS. So I create a site, give it a port number (say 5000). I then change options.PostLogoutRedirectUri to http://localhost:5000/ .

I run it, try to login, then get this error: The reply address 'http://localhost:5000/signin-oidc' does not match the reply addresses configured for the application: {client id of the app} .

So, how can I move my application from my pc to dev server, then to test server and so on? I guess I am confused as to what I have to change. Should I go to Azure and create a separate application for each URL I am planning to use? It seems that I can have multiple Reply-To addresses but only a single Sign-In URL per app.

Or am I missing something more basic?

Answer 1

You'll need to add the new reply URL in the Azure management portal. In the Azure Active Directory Application configuration, add a new "reply url" in the "single sign-on" section. You can have multiple reply urls for different environments.