I have asp.net core project that require azure ad single sign on but I have issue that my application keep getting the redirect uri as http instead of https I tried to add the following in startup
old startup which is causing http instead of https
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
// Add the possibility of acquiring a token to call a protected web API
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
// Enables controllers and pages to get GraphServiceClient by dependency injection
// And use an in memory token cache
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
to solve redirect uri add made the previous code as following
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(msIdentityOption =>
{
msIdentityOption.ClientId = Configuration["AzureAd:ClientId"];
msIdentityOption.Scope.Add("user.read.all");
msIdentityOption.Events.OnRedirectToIdentityProvider = context =>
{
context.ProtocolMessage.RedirectUri = Configuration["RedirectUrl"];
return Task.CompletedTask;
};
msIdentityOption.Instance = Configuration["AzureAd:Instance"];
msIdentityOption.TenantId = Configuration["AzureAd:TenantId"];
msIdentityOption.ClientSecret = Configuration["AzureAd:clientSecret"];
})
// Add the possibility of acquiring a token to call a protected web API
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
// Enables controllers and pages to get GraphServiceClient by dependency injection
// And use an in memory token cache
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
which create a loop of redirect between login.microsoftonline.com and my application and I end up with message on login page from Microsoft we couldn't sign you in I check my log it was the following
A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS500112: The reply address 'http://mysite/signin-oidc' does not match the reply address 'https://mysite/signin-oidc' provided when requesting Authorization code.
so is there is anyway to override the redirect uri to make it as https
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.