回复地址与申请授权时提供的回复地址不符
Reply address does not match the reply address provided when requesting authorization
我正在处理的 .netcore3.1 应用程序上发生错误,这让我很沮丧。
这是我的设置:
在Startup.cs
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftWebApp(options =>
{
Configuration.Bind("AzureAd", options);
options.Events ??= new OpenIdConnectEvents();
options.Events.OnRedirectToIdentityProvider = async ctx =>
{
ctx.ProtocolMessage.RedirectUri = Configuration["AzureAd:RedirectUri"];
await Task.CompletedTask;
};
})
.AddMicrosoftWebAppCallsWebApi(Configuration, new[] { "user.read" })
.AddDistributedTokenCaches();
在我的应用程序设置中
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "ClientId",
"TenantId": "TenantId",
"RedirectUri": "https://mywebsite.com/signin-oidc",
"ClientSecret": "ClientSecret"
},
Azure 应用注册已正确配置 https://mywebsite.com/signin-oidc 作为重定向 url。
我还添加了以下内容以允许 headers 从代理转发:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
// then in the Configure method
app.UseForwardedHeaders();
但我仍然遇到这个令我困惑的错误。我想通过添加
ctx.ProtocolMessage.RedirectUri = Configuration["AzureAd:RedirectUri"];
我会克服这个问题,但它似乎对这个错误没有影响。
An unhandled exception occurred","Properties":{"CorrelationId":"c3393560-6ebe-41ce-99fc-693c1a387474","Path":"/signin-oidc","Method":"POST","exceptionMessage":"An error was encountered while handling the remote login.","exception":"System.Exception: An error was encountered while handling the remote login.\n ---> MSAL.NetCore.4.16.1.0.MsalServiceException: \n\tErrorCode: invalid_client\nMicrosoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS500112: The reply address 'http://mywebsite.com/signin-oidc' does not match the reply address 'https://mywebsite.com/signin-oidc' provided when requesting Authorization
会不会是您的代理也终止了 HTTPS,所以您的应用程序获得的流量是 HTTP?
根据您的错误提示:回复地址与请求授权时提供的回复地址不符。必须确保Azure portal中配置的redirect_uri与代码中配置的redirect_uri完全一致
当您访问应用程序 url 时,您将被重定向到登录页面。解码授权请求URL,你会发现redirect_uri,复制redirect_uri的值并粘贴到Azure门户中,然后重试。
对于重定向URL,应该以https开头,如果需要以http开头,必须配置为http://localhost。
我正在处理的 .netcore3.1 应用程序上发生错误,这让我很沮丧。 这是我的设置:
在Startup.cs
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftWebApp(options =>
{
Configuration.Bind("AzureAd", options);
options.Events ??= new OpenIdConnectEvents();
options.Events.OnRedirectToIdentityProvider = async ctx =>
{
ctx.ProtocolMessage.RedirectUri = Configuration["AzureAd:RedirectUri"];
await Task.CompletedTask;
};
})
.AddMicrosoftWebAppCallsWebApi(Configuration, new[] { "user.read" })
.AddDistributedTokenCaches();
在我的应用程序设置中
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "ClientId",
"TenantId": "TenantId",
"RedirectUri": "https://mywebsite.com/signin-oidc",
"ClientSecret": "ClientSecret"
},
Azure 应用注册已正确配置 https://mywebsite.com/signin-oidc 作为重定向 url。 我还添加了以下内容以允许 headers 从代理转发:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
// then in the Configure method
app.UseForwardedHeaders();
但我仍然遇到这个令我困惑的错误。我想通过添加
ctx.ProtocolMessage.RedirectUri = Configuration["AzureAd:RedirectUri"];
我会克服这个问题,但它似乎对这个错误没有影响。
An unhandled exception occurred","Properties":{"CorrelationId":"c3393560-6ebe-41ce-99fc-693c1a387474","Path":"/signin-oidc","Method":"POST","exceptionMessage":"An error was encountered while handling the remote login.","exception":"System.Exception: An error was encountered while handling the remote login.\n ---> MSAL.NetCore.4.16.1.0.MsalServiceException: \n\tErrorCode: invalid_client\nMicrosoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS500112: The reply address 'http://mywebsite.com/signin-oidc' does not match the reply address 'https://mywebsite.com/signin-oidc' provided when requesting Authorization
会不会是您的代理也终止了 HTTPS,所以您的应用程序获得的流量是 HTTP?
根据您的错误提示:回复地址与请求授权时提供的回复地址不符。必须确保Azure portal中配置的redirect_uri与代码中配置的redirect_uri完全一致
当您访问应用程序 url 时,您将被重定向到登录页面。解码授权请求URL,你会发现redirect_uri,复制redirect_uri的值并粘贴到Azure门户中,然后重试。
对于重定向URL,应该以https开头,如果需要以http开头,必须配置为http://localhost。