Troubleshooting Asp.Net OWIN and Asp.Net Core Authentication sign-in failures with Azure Active Directory

Let get started! This article assumes you are using your own code to perform the authentication to Azure Active Directory. IMPORTANT: So if your using Azure App Services or Azure Function Apps Authentication/Authorization feature, this article is not for you. You are developing a Asp.Net OWIN or Asp.Net Core Authentication web application and integrating it with Azure Active Directory. You run into some issues during the sign-in process with no…

Read More

Receiving error AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’

Problem: An application receives the following error when authenticating to Azure Active Directory: {     “error”: “invalid_client”,      “error_description”: “AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’.\r\nTrace ID: xxx\r\nCorrelation ID: xxx\r\nTimestamp: 2019-08-18 20:38:28Z”,     “error_codes”: [7000218],     …} What does this error mean? The error is what it said.  When authenticating to Azure AD to get an access token, the client application is not providing…

Read More

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application

Last Updated: August 23 2019 Let’s get started… When your developing or integrating an application with Azure AD, you might see the following similar error… AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘XXX’. This is because the redirect_uri (when using OpenID Connect) or AssertionConsumerServiceUrl (when using SAML2) being passed to Azure Active Directory to sign-in, does not exist in…

Read More

Using “groups” claim in Azure Active Directory

Lets get Started! To enable the return of groups in a claim, there are two ways… Use the application registration manifest by enabling the groupMembershipClaims property… https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest or if it’s a SAML application, you can enable it though the SSO configuration. The steps on enabling groups claim is outlined in the following article… https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims Once enabled, groups will now be returned in the “groups” claim within a access token or…

Read More