2

So I have created a MVC application .net framework that uses Microsoft graph api.and it uses Azure redirect uri for authentication. I had http://localhost:#### and it was working fine locally. now I published the app in IIS and need to change the redirect URI. Azure only accepts something that says starts with localhost or https. I dont have SSL certificate in IIS to do https so I was wanting to make it work with http. Singon url and redirect url are both http?

I have tried bit.ly to redirect to the http. I even registered new app in azure and gave a new signon url and changed on the webconfig. but now it says the page you are looking for cannot be displayed an invalid method of http verb.

Ashok Subedi
  • 217
  • 2
  • 10
  • The redirect URL for web apps and services **must begin with the scheme https**. Refer to this [article](https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison#restrictions-on-redirect-urls). – Joey Cai Aug 15 '19 at 05:47

2 Answers2

1

Yes. Azure AD has the Restrictions on redirect URLs.

If you don't have an SSL certificate, it's a good idea to create self signed certificates for https domain.

You can refer to an earlier post: Trust a self signed cert from IIS

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • I added self signed certificate to the azure portal but now the error is "IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. – Ashok Subedi Aug 15 '19 at 17:20
  • This should be another issue. This issue and its possible solutions have been discussed in this thread https://stackoverflow.com/questions/39412570/owin-openidconnect-middleware-idx10311-nonce-cannot-be-validated. BTW, have you modified the reply URL in Azure active directory? – Allen Wu Aug 16 '19 at 02:36
  • 1
    Thanks for the promt response but looks like only way I can make redirect uri work is to get legit SSL certificate for the published app. Self assigned certificate didnot work. Azure would know that url is not legit certficate URL. I will come back once I do this process with legist SSL certificate. – Ashok Subedi Aug 17 '19 at 00:00
  • Yes, self assigned certificate is for test purposes. If the app runs in Production Environment, it should be signed by a trusted certificate authority. Learn more details from: https://learn.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site. – Allen Wu Aug 19 '19 at 07:46
  • I am still waiting on my Sys Admin to provide me with a certificate, As of right now I have localhost on azure ad for redirect. @Allen Wu – Ashok Subedi Aug 26 '19 at 20:09
0

You can set your Azure redirect uri for authentication as "https://yourdomain.com" even if it's not. Then in your application start:

if (environment.production) {
      if (location.protocol === 'https:') {
        window.location.href = location.href.replace('https', 'http');
      }
    }

This worked for my Angular SPA Application

nillabobillababolla
  • 44
  • 7