ASP.NET Core MVC Azure AD Authentication Loop on Azure App Service

Stack Overflow Asked by Ricardo Márquez on November 27, 2020

I have an ASP.NET Core MVC application and I integrated Azure AD into it using the following code:

        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
                options.Authority = options.Authority + "/v2.0/";
                options.TokenValidationParameters.ValidateIssuer = true;

The Azure AD Configuration contains these properties:

"AzureAd": {
    "Instance": "",
    "Domain": "[Enter the domain of your tenant, e.g.]",
    "TenantId": "<tenant-id>",
    "ClientId": "<client-id>",
    "CallbackPath": "/signin-oidc"
"DownstreamApi": {
    "BaseUrl": "",
    "Scopes": " User.ReadBasic.All"

It all worked locally and when deployed to an Azure App Service we did not have any problems.

I needed to integrate Microsoft Graph for a new module in the Web App (I need to look up the users in specific groups of the Azure AD).

I followed the Microsoft Graph Tutorial to implement Microsoft Graph.

services.Configure<CookiePolicyOptions>(options =>
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            // Handling SameSite cookie according to

// Sign-in users with the Microsoft identity platform
string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');


It all works locally but as soon as the app is deployed into an Azure App Service then app goes into a redirect loop when the user is authenticated.

I reversed the changes to the original code and it gets fixed but then I can’t use Microsoft Graph because I do not have the access token.

I checked all the redirect urls in the App Registration and they seem to be fine. I even included


in addition to


just to be sure it wasn’t a redirect url issue.

I thought it was the Katana bug but that seems to have been fixed in .NET Core.

I enabled HTTPS Only on the Azure App Service but the issue still persists.

Has anyone experienced something like this issue? I’ve been at it for a couple of days and I can’t solve it.

Any helped is greatly appreciated.

One Answer

I tried publishing the microsoft tutorial linked in the question to a new Azure App Service with a new App Registration in Azure AD.

It signed in without a problem.

After that I suspected that there might be a problem with the App Registration. I came to that conclusion because the Azure AD Registration that the MVC Web App was using was created directly in Visual Studio and not manually in the Azure Portal.

Finally, all I did was create a new App Registration in Azure AD and published the MVC Web App with the new client secret and client id. Everything seem to work fine on the published Azure App Service.

Answered by Ricardo Márquez on November 27, 2020

Add your own answers!

Related Questions

Implementing an interface with partial delegation

1  Asked on November 22, 2021 by fabrizio


postgresql execute dynamic sql command

2  Asked on November 22, 2021 by boothy


How to make dict from dataframe?

2  Asked on November 22, 2021 by oumayma-hamdi


IOS Full Screen App: why does toolbar appears when page changes?

1  Asked on November 22, 2021 by joel-hoelting


azure build pipeline does not start as triggered

2  Asked on November 22, 2021 by oleksa


How to fix Exception with queryStringParameters?

1  Asked on November 22, 2021 by mvn-2047


PostGIS ST_X() precision behaviour

1  Asked on November 22, 2021 by vance-tunnicliffe


merge Map and Array of objects by key

2  Asked on November 22, 2021


Changing react barcode format

1  Asked on November 22, 2021 by mig_08


MongoDB Document of Size 300kb taking 8-15s

2  Asked on November 22, 2021 by liqteq-developer


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir