Skip to content

Redirect URL mismatch solution for Azure AD Asp.net 6 Linux Hosted website

Azure AD is an easy solution for adding authentication quickly in Asp.net powered websites. However it requires your site to use HTTPS, although using SSL in asp.net is straight forward thing, but some time things don’t work as you planned.

Here I am posting a solution for one such issue. I find the solution after long trials and errors cycle, as there was not any straight forward answer to this issue.

This application is based on asp.net 6 and it uses Azure AD for authentication. It was working fine when running on development machine inside Visual Studio. But as soon as it was deployed to Linux hosted production environment (actually it was test server) which uses Apache web server, it started to give below issue.

AADSTS50011: The redirect URI ‘http://yoursite.com/signin-oidc’ specified in the request does not match the redirect URIs configured for the application ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx’. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

I had already set the redirect URI in Azure AD portal with HTTPS like https://yoursite.com/signin-oidc, but some reason my application was sending HTTP version as redirect URI.

After lots of searching and investigating, the cause of this issue is that this website is running with Apache as proxy server. And when request is received, HTTPS headers are dropped by proxy server, even though mod_proxy is enabled in Apache.

The fix for this issue is these three steps:

  • Configure Apache Virtual host to forward Headers
  • Configure application code middleware to forward headers
  • Add envionment variable to forward headers

All these three steps should be followed to fix it. To configure Apache virtual host, open your site’s virtual host file (if you are using SSL, then make sure you opened the correct one) and make below changes.

<VirtualHost *:443>
    # Add this line
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    ....

Make sure you have enabled the “headers” module in apache. I not, then you can enable it by this command:

  sudo a2enmod headers

Now in your asp.net 6 application, add below code, just after the start of middleware pipeline.

var app = builder.Build();

// Add this code
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

Now finally add this environment variable in your application setting.

ASPNETCORE_FORWARDEDHEADERS_ENABLED=true

I am using supervisor to run asp.net application on Linux server, so I added it like this:

environment=ASPNETCORE_ENVIRONMENT=Production,ASPNETCORE_FORWARDEDHEADERS_ENABLED=true

Read: If want to know how supervisor is used to run asp.net on Linux , see this post on How to deploy asp.net application on Linux with Supervisor.

Now restart you application, and it should work properly.

If you have any questions, do let me know in comments.

Be First to Comment

Leave a Reply

Your email address will not be published.