Last post Mar 12, 2018 04:52 PM by PatriceSc
Mar 07, 2018 04:22 PM|tomkmvp|LINK
I can create a new web forms or MVC application in Visual Studio, and change the authentication to use "Work or School Accounts" and specify the O365 domain my company uses. This works very well when running the app from Visual Studio, however when I deploy
the app to a PROD server the Microsoft auth server still wants to redirect to the VS localhost:xxxxx address.
How do I change this config for the PROD app so it redirects to the correct PROD FQDN URL for my app?
Mar 07, 2018 06:57 PM|PatriceSc|LINK
You should be able to provide a "reply url" which needs to be registered as a "reply urls" in your app registration. If you don't provide this value, the first reply urls from the list is used instead (which is likely your current situation).
Mar 07, 2018 07:03 PM|tomkmvp|LINK
Thanks. When I create the app I am not given this an an option, nor do see a place to set a reply url later (in web.config or otherwise).
Mar 07, 2018 07:25 PM|tomkmvp|LINK
OK, I found RedirectUri which can be set for OpenIdConnectAuthenticationOptions when the app runs, but I get an error:
Mar 07, 2018 07:41 PM|PatriceSc|LINK
The RedirectUri should match EXACTLY (including for example a trailing / if you have one) one of the reply urls configured in your app registration.
On the portal you have a "Reply Urls" property that allows to add multiple urls for the same registered application.
Mar 07, 2018 08:19 PM|tomkmvp|LINK
So they only way to do this is through the portal? I'm not sure how to access that (I am not the portal admin and I work in a big convoluted company).
Mar 12, 2018 03:40 PM|tomkmvp|LINK
Disappointing that you can't get an answer for a simple question.
Mar 12, 2018 04:52 PM|PatriceSc|LINK
AFAIK yes. It's likely an additional safety check you can't bypass.
Ah according to
http://paulryan.com.au/2016/azure-ad-app-wildcard-reply-url/ it seems though you can use wildcards so you can perhaps mitigate the issue (but portal admin have to be involved first).
Edit: reading a comment it might have been removed lately ?