Initially, I setup my ASP.NET Core project with authentication from Azure Active Directory through Visual Studio. It executed without error. After cloning to another PC the authentication keeps throwing Bad Request error. Tracing down the stack I got the following exception:
System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<RedeemAuthorizationCodeAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRemoteAuthenticateAsync>d__19.MoveNext()
For sure all the setup of AAD in the portal are kept default and no configuration value changed after committing/cloning. Could someone please offer some solution for this?
Based on the error message, the error was occurred at the RedeemAuthorizationCodeAsync, however it doesn’t show the real reason for the 400 error.
To narrow down this issue, I suggest that you use the Fiddler to capture the http request and response, then you can find the root cause for this issue by review the exact error message.
Related
I'm implementing Auth0 ROPC in a .NET 4.5.2 ASP.NET WebForms application. There is no Startup.cs or OWIN involved. I send in my credentials to the AuthenticationAPI client provided in the [Auth0 .NET SDK][1].
var result = await AuthenticationApiClient.GetTokenAsync(new ResourceOwnerTokenRequest
{
ClientId = ClientId,
ClientSecret = ClientSecret,
Scope = Scope,
Realm = Realm,
Username = <Username>,
Password = <Password>
});
I am able to get a response locally, but when deployed in a Windows 2016 server authentication fails with the following message:
Message: IDX20804: Unable to retrieve document from: 'https://mytenantname:443/.well-known/openid-configuration'., StackTrace: at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__12.MoveNext()
I have the TLS1.2 set in place in the code. I have also setup the proxy to access Auth0. The configuration Url https://mytenantname:443/.well-known/openid-configurationin fact returns the JSON configuration when accessed in a browser in the server, with traffic routed via the proxy.
I also have user management activities using Auth0 like user creation and update which work as expected from the site hosted in the server
[1]: https://auth0.github.io/auth0.net/
I'm hosting an ASP.NET Core 3.1 web app with IIS 10, and it's throwing the following exception when trying to hit my API's through Postman:
System.Security.Authentication.AuthenticationException: System error.
at Microsoft.AspNetCore.Authorization.AuthorizationHandler`1.HandleAsync(AuthorizationHandlerContext context)
at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, Object resource)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
When using Postman on the machine running the web app, I can make successful HTTP requests and not have any issues. It seems to only be happening when trying to make external requests, but the error text is extremely unhelpful and I'm not sure where to begin diagnosing. As far as I can tell, the directory containing the web app project files doesn't have any specific security restrictions and the Application Pool is using an account with sufficient permissions to access and use them.
Has anyone seen error text like this before, or have any idea what the issue might be?
As it turns out, this exception was being thrown as a result of an incorrect database connection string. This particular request checks against a local database to ensure the user exists there.
Strangely enough, I've encountered this same type of issue before (where a database connection string is broken / changed at some point), but the resulting exception was much more specific in its Exception text and stack trace. The only thing I can't explain here is why the above error is so generic.
I will try my best to explain the exception I am facing. I have an application built with dotnet core 2.1 running under localhost:5000. I have applied the global exception handler within the startup class to handle any exception thrown by the application. I have tested this functionality and its working absolutely fine. However, if I pass this 'http://localhost:5000/redirect=https%3a%2f%2fey.com' in the url it throws an exception but doesn't get caught within the application. Please refer to the screenshot attached. My requirement is to redirect the user to a generic error page.
[EDITED] This issue was found during QA testing. Also, 'redirect' is not a keyword here, if we try to replace redirect with any random character throws the same exception. eg 'http://localhost:5000/a=https%3a%2f%2fey.com'
Got my web site pretty much set the way I needed it and so went ahead and converted the site to SSL installing a certificate and then rebuilt my project and pushed it up to the sub folder figuring that would be it. It wasn't the case!
What I have is a two tier'd web site with a landing site that is Anonymous and then a application sub site in a subfolder which uses Windows authentication. The landing site/page works fine yet but when you click on the link to launch the web app and initiate the web app in the sub folder where the Windows authentication is taking place, you are prompted for credentials as you should but upon validation you get this error:
Server Error in '/CInTrac' Application.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for
user 'NT AUTHORITY\ANONYMOUS LOGON'.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the exception
can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
Now admittedly this is my first time setting up SSL so I'm sure that there are things that I could be missing here and so I've likely made some mistakes here but what one earth would cause this to act this way. There is no anonymous calls in the code at all and this runs fine in VS on the desktop. It did run fine prior to setting up the certificate on the server
Any suggestions would be greatly appreciated!
Thanks
Ken...
For some reason, I had to switch to using Basic Authentication with ASP.NET Impersonation enabled (Impersonating the authenticated user) in order to get this to work with the SSL certificate in place. After doing so all was fine.
Is there any way to get detail exception & Stack trace from deployed Web Api?
Even if I deployed in Debug mode, do I get detail error traces?
I got bellow message from server API
"message": "Processing of the HTTP request resulted in an exception.
Please see the HTTP response returned by the 'Response' property of
this exception for details."
This happened only in server, same code running perfectly in local machine.
Did you check the content-type for the request that you are performing?
Sometimes this error comes because you don't specify this value, e.g. "application/json" in the headers of the request.
If your scenario is to have a central place to log any exceptions that happen when requests are being processed, then I would suggest to take a look at 5.1 version of Web API (released couple of days back), specifically the Global Error Handling feature.
http://www.asp.net/web-api/overview/releases/whats-new-in-aspnet-web-api-21#global-error
If you go to the above page,you should notice ExceptionLoggerContext which gives you details of the exception.
About Web API versions 5.0 and before:
In these versions there was no really a central place for catching exceptions. ExceptionFilterAttributes caught exceptions for only certain areas of Web API.