简体   繁体   中英

MVC to Azure Active Directory sign on replying with “Bad Request” and message with “Unable to create to obtain configuration from”

What am I doing wrong?

I'm trying to sign on to an Azure Active Directory from a sample MVC app and getting "Bad Request".

I'm following the example (dated 7/17/2015) here:

azure.microsoft.com example

and here is a more detailed step by step of the same data by someone else:

azure example expanded by blogger

I've replaced the name of my active directory with "myActiveDirectory" below.

Here is my webconfig data:

<add key="ida:AppKey" value="<snip my key>" />
<add key="ida:ClientId" value="d2bfc007-<snip my client ID>-9f" />
<add key="ida:Tenant" value="myActiveDirectory.onmicrosoft.com" />
<add key="ida:AADInstance" value="https://login.windows.net/{0}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44320/" />

AccountController.cs

using System.Web;
using System.Web.Mvc;
// OWIN 
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;


namespace TodoListWebApp.Controllers
{
    public class AccountController : Controller
    {
        public void SignIn()
        {
            // Sends an OpenID sign-in request. 
            if (!Request.IsAuthenticated)
            {
                HttpContext.GetOwinContext().
                Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }


        public void SignOut()
        {
            // Sends an OpenID sign-out request. 
            HttpContext.GetOwinContext().Authentication.SignOut(
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);
        }
    }
}

Startup.cs

// OWIN 
using Owin;

namespace ActiveDirSample
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }
    }
}

Startup.Auth.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration;


// OWIN 
using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;
using System.Globalization;


[assembly: OwinStartup(typeof(ActiveDirSample.Startup))]

namespace ActiveDirSample
{



  public partial class Startup
    {

        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,
                });
        }
    }
}

Here is the response I get:


Server Error in '/' Application.

Response status code does not indicate success: 400 (Bad Request). 
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

Source Error: 


 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 



[HttpRequestException: Response status code does not indicate success: 400 (Bad Request).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +92108
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:54

[IOException: Unable to get document from: https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:59
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.<GetAsync>d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\OpenIdConnectConfigurationRetriever.cs:81
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:198

[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration'.]
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:212
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext() +599
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +292
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +278
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +165
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +716
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +561
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +185
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
   System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +380
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155




Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.81.0 

It is difficult to diagnose this problem from the call stack. You might try the following:

  1. Use the Tenant Guid rather than the name (you can find the Guid eg in the URL when you are on your Azure AD instance in the management portal). I had problems before that the name could not be resolved properly, and using the Guid helped.

    SOLUTION

    In Portal, navigate to Azure Active Directory > App registrations > Endpoints, and then copy the guid from the endpoint URIs. This is the Tenant ID. 在此输入图像描述

    replace the tenant name with the guid in the web.config file

     <add key="ida:Tenant" value="myenantGuid" /> 
  2. In Azure AD, you must register your application with sufficient privileges. You will need to have privileges configured to read directory information.

This worked for me;

1- Open the Web.config file for the app.

2- In the Web.config file, verify that the app key "ida:SignUpPolicyId" exists.

3- Replace the value of the app key with the name of the sign-up policy that you provided in the Azure AD B2C admin portal.

4-The changed part of the file will resemble the following:

<appSettings>
  <add key="ida:SignUpPolicyId" value="B2C_Signup_Policy_Name">
</appSettings>

You need to make sure about all the configurations in web config match wtih the web.config

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM