Blazor Webassembly Azure AD authentication hosted in Azure storage account

Question

According to instruction described in “Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory” https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory?view=aspnetcore-3.1 I have created the simplest blazor webassembly app. At https://portal.azure.com I registered new app in AAD and based on generated GUIDs generated local app with this command:

dotnet new blazorwasm -au SingleOrg --client-id "{CLIENT ID}" --tenant-id "{TENANT ID}" -o {APP NAME}

Everything worked fine if I launched app locally. If I copied published app to storage account $web and try to log in I have received:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '…'.

During app registration I have defined app as “Web” and put Redirect URL: https://localhost:5001/authentication/login-callback I have tried different combinations of URL changing hostname, deleting port and changing path. I don't know how to successfully configure app in AD.

Answer 1

The AAD error states that the URL which you are getting redirected is not present in the reply url list configured in the app registration.You need to register a reply url in the format - {WebsiteUrl}/authentication/login-callback.
Please give it a try then hopefully should resolve the issue.
Note-WebsiteUrl is the Url hosted in azure

Answer 2

Based on the answers and comments above, I took me 2 steps to solve this:

1. Azure AD must have an entry in App registration | Authentication | Single-page application | Redirect URIs that reads {WebsiteUrl}/authentication/login-callback . {WebsiteUrl} comes from the Storage account | Static website | Primary endpoint .

2. Make sure that Storage account | Static website | Index document name and Error document path both point to index.html .