I recently worked with a customer who was receiving an AADSTS5011: The reply url specified in the request does not match the reply urls configured for the application on his .Net Core Kubernetes container application with an Ingress Controller. When running from the Docker environment, there was no issue however, the redirect URI was configured for http://localhost:someport . Once deployed, the redirect URI ( as seen in the address bar…
Read MoreHow to inject custom data into the ‘state’ parameter in an OpenID Connect MVC Application
It’s often desirable for an Azure Active Directory (Azure AD)- integrated application to maintain application state when sending request to Azure AD for login. The recommended way to achieve this is to use the ‘state’ parameter as defined in the OpenID Connect standards. Also mentioned in our documentation, the ‘state’ parameter is used for both preventing cross-site request forgery attacks and to maintain user’s state before authentication request occurs: For…
Read MoreWhy am I getting a Login Request after initial login using iOS MSAL?
Does your app keep asking you to login after initial login when implementing iOS MSAL? Did you implement this in your Android without any issues? Did you look over all your code a million times and your configurations look correct but still cannot figure out why this is happening? Well, you are in luck because we go over why this happens and how to fix it! SCENARIO Using MSAL SDK…
Read MoreUsing the GraphClient SDK in a VB.Net Console Application
In this blog post, I will show you how to use the GraphClient in a VB.Net application. You will need to create an app registration for this project. I used the exact same app registration that I used in my previous VB.Net blog post here. SDK Reference: https://docs.microsoft.com/en-us/graph/sdks/sdks-overview?view=graph-rest-1.0 I am using Visual Studio 2019 in this example. To begin, please start a VB.Net Console application and then install the following…
Read MoreTroubleshooting consent in Azure AD
This is a general guide for troubleshooting consent in Azure AD. It will help resolve majority of the consent related scenarios (Not all of them). In general, the application is trying to sign-in or get an access token for a resource which has not been consented by the user or admin. In general, you want to make sure all of the permissions needed by the application have been consented to.…
Read MoreHow to get and display the user photo with Graph SDK for .Net in a WPF application
Occasionally, we get requests asking how to get the user photo using the Graph SDK. This blog post will show you how to do that in a WPF application but I will also show you a method for getting the photo and saving it to disk with a .Net console application. You can download the sample project here: https://github.com/RayGHeld/GraphClient_GetUserPhoto This project also utilizes the Authentication Provider code in this blog…
Read MoreRetry Invoke-RestMethod requests in PowerShell when an error occurs
In this blog post, I will show you how you can trap a specific type of error when making a graph request using the Invoke-RestMethod commandlet and pause and retry the request x number of times before quitting. This is very helpful and is actually recommended to do error handling when making requests to Microsoft Graph. The key here is to set the Url that you’re going to be calling…
Read MoreUsing MSAL.js v2 in a SPA App to call a web API protected by Azure App Service’s Easy Auth with Azure AD
There are a couple of ways to call an Easy Auth enabled web API. You can either call the web API with: an Easy Auth session cookie (via a previously authenticated browser session to the web API) or An Azure AD Bearer JWT token In this post I will show you how to use MSAL.JS v2 in a Single Page Application (SPA) to get an access token for the web…
Read MoreHow to perform logging for both MSAL.Net and Microsoft Graph SDK
Microsoft Graph SDK has the ability to log out complete HTTP Requests and Reponses as documented here. The way this logging mechanism works is by implementing a custom HttpClient Message handler to intercept every HTTP Request and Response between the client application and the Microsoft Graph Service. Besides hooking into GraphServiceClient’s processing pipeline to do request and response tracing, one can also configure proxy info. See Customize the Microsoft Graph…
Read MoreWhy do I sometimes get a 404 when trying to update an Azure Directory object after I just created it?
Azure AD is a distributed computing system which means, all of the data must be duplicated to the various data centers. You can read about the architecture of Azure here. We occasionally see a case where a customer is using Microsoft Graph to programmatically create a user, group, application, etc. and getting the object id back from that request and then using that id to do some kind of management…
Read More