I'm implementing authentication by AD, for web project. When I run locally the authentication run successfully, but when it is take to the test environment it generates the following error:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConn
settings Startup.Auth
public partial class Startup
{
// Para obtener más información sobre cómo configurar la autenticación, visite https://go.microsoft.com/fwlink/?LinkId=301864
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static string postLoginRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
public static readonly string Authority = aadInstance + tenantId;
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//https://www.jamessturtevant.com/posts/ASPNET-Identity-Custom-Database-and-OWIN/
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLoginRedirectUri
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
}
}
Controller SingIn and SingOut
public void SignIn()
{
// Enviar una solicitud de inicio de sesión a OpenID Connect.
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
public void SignOut()
{
if (true)
{
// Send an OpenID Connect sign-out request.
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
}
}
Please check if proper internet connection is the issue while running on azure.
The error means the application is not able to download the OpenId configuration document which has almost information that is required for that app in order to sign-in such as the URLs, location of the public signing keys of service's.
Please make sure these two lines are in order otherwise it will error:
.UseAuthentication().UseAuthorization()
Also this error could be using the wrong tenantId or authority
url in web.config file and “Instance": "https://login.microsoftonline.com/"
To find out the error clearly. Set IdentityModelEventSource.ShowPII = true in your Startup.cs
.
if (env.IsDevelopment()) { // IdentityModelEventSource.ShowPII = true; // }
And Please make sure to use the latest version (or to 4.7.2) of your dot-net framework as some of the tasks may require updated / latest version of .NET framework to work properly.
Check and use the protocol - TLS 1.2 for application as TLS 1.1 or TLS 1.0 are depreciated.
In some cases packages maybe still defaulting to TLS 1.1 even after changing that when loading that metadata and it may take time to reflect the correct one.
To resolve, try to add the following in Global.asax.cs which will allow the openid-configuration to be obtained as it is pointed to tls1.2 or above and also change the tls to 1.2 in portal also.
protected void Application_Start() { ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; // allow TLSV1.2 and SSL3 only //or System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //other code }
References:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.