Can we apply ASP.NET Core 3.1 MVC Azure AD authentication using HTTP

Question

I am trying to run my ASP.NET Core 3.1 MVC web application with Azure AD authentication using HTTP (not HTTPS).

But I am getting this error:

An unhandled exception occurred while processing the request.
Exception: Correlation failed.
Unknown location

Exception: An error was encountered while handling the remote login. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()

I have the http URL specified in Azure application authentication setting as well. In Startup.cs below code is setting the authentication

services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, (OpenIdConnectOptions options) =>
{
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    options.Events.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived;
});

Please suggest.

score 0 · Answer 1 · answered Dec 12 '22 at 06:45

0

Redirect URIs must begin with the scheme https. There are some exceptions for localhost redirect URIs

Then when we test in our local machine, we can use http://localhost and https is not necessary. That's because https will encrypt the request content to protect the redirect request which containing authorize code/token.

Please kindly review this document for more details.

answered Dec 12 '22 at 06:45

Tiny Wang

10,423
1
11
29

if you wanna use `https:localhost` when test locally via visual studio, I think vs will auto-create certificate for you to test. by the way, I have a [question](https://stackoverflow.com/questions/74446001/how-to-enable-https-for-owin-self-host-webapi) related which may help as well. – Tiny Wang Dec 12 '22 at 08:35

Can we apply ASP.NET Core 3.1 MVC Azure AD authentication using HTTP

1 Answers1