Last post Mar 04, 2016 01:40 AM by Jamobor yao - MSFT
Mar 03, 2016 01:49 AM|yquazi|LINK
Hi, I used the built in Visual Studio 2015 template to create a webform application and enabled Azure AD Work/School account authentication. Good news is everything works like a charm in LocalHost (when running locally). When I push it my Azure App (in Azure),
when I try to authenticate, it gives me an error. The error is below -
Additional technical information:
Correlation ID: 58a37062-523c-4538-bb97-db54ad9492bd
Timestamp: 2016-03-03 01:47:05Z
AADSTS50011: The reply address 'http://mydomainnamehere.com' does not match the reply addresses configured for the application: d6709cb1-8687-4560-97c4-1247dd67fe3e.
I could not find any place where to update the reply address. I googled on this error but no one seem to have my issue. Note, my app is not MVC nor have I enabled Autherization/Authentication using Azure portal. Finally, everything works just fine if I use
Mar 03, 2016 03:07 AM|Jamobor yao - MSFT|LINK
If upload the application to Azure Web App, please change the following:
1) Click into Azure Active Directory, find your application, change "SIGN-ON-URL" into the real sign in URL
2) Change "REPLY URL"
3) Check the Web.config of your Web app, ensure the ida:PostLogoutRedirectUri is right.
Hope this help.
Mar 03, 2016 04:01 AM|yquazi|LINK
Thank you! I actually do not have access to the Azure Active Directory setting. I am using the school domain for example ucla.edu I only have one valid account with that domain. I did not setup any Azure Active Directory if any kind. I simply used the wizard
in visual studio to create the application. Like I said, everything works but only in localhost. The settings for ida:PostLogoutRedirectUri is correct.
Mar 03, 2016 04:06 AM|yquazi|LINK
Here is my web.config
<add key="ida:ClientId" value="actualcodeishere"/>
<add key="ida:AADInstance" value="https://login.microsoftonline.com/"/>
<add key="ida:Domain" value="myschool.edu"/>
<add key="ida:TenantId" value="actualcodeishere"/>
<add key="ida:AudienceUri" value="mydomain"/>
<add key="ida:PostLogoutRedirectUri" value="http://mydomain.com"/>
Mar 03, 2016 06:45 AM|Jamobor yao - MSFT|LINK
>> I actually do not have access to the Azure Active Directory setting
We need to change some settings in Azure Active Directory. As I know we can not change this from the wizard in visual studio. So I would suggest you contact with your azure subscription administrator to do these change.
Mar 03, 2016 09:10 PM|yquazi|LINK
Thanks. So what would the reply address needs to be? The root of the domain?
Mar 04, 2016 01:40 AM|Jamobor yao - MSFT|LINK
The Reply URL is a Physical address for your app to which Microsoft Azure AD will send SAML authentication tokens for authenticated users.