Search code examples
authenticationazure-active-directoryopenid-connectowin

OWIN Middleware in a .NET is no longer triggering the authentication server's login screen

I have a .NET APP that uses Open Id Connect Authentication (with Azure as the authentication server) and was working up until very recently.

Currently, when run I receive the following error: enter image description here

The stack trace:

[IOException: IDX20807: Unable to retrieve document from: 'System.String'. HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'.]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__16.MoveNext() +1152
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.IdentityModel.Protocols.OpenIdConnect.<GetAsync>d__3.MoveNext() +391
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext() +958

[InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.]
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext() +1699
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__10.MoveNext() +565
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__40.MoveNext() +349
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__39.MoveNext() +447
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__34.MoveNext() +196
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__5.MoveNext() +929
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__7.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__5.MoveNext() +735
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   NSwag.AspNet.Owin.Middlewares.<Invoke>d__4.MoveNext() +881
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   NSwag.AspNet.Owin.Middlewares.<Invoke>d__4.MoveNext() +809
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   NSwag.AspNet.Owin.Middlewares.<Invoke>d__7.MoveNext() +830
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Mapping.<Invoke>d__3.MoveNext() +861
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__7.MoveNext() +197
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__12.MoveNext() +192
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +118
   System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +225
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +162

Note: I am very very certain that this used to work as described and still very certain that this code is being executed.

The authentication configuration in my Startup.cs:

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        // Sets the ClientId, authority, RedirectUri as obtained from web.config
        ClientId = clientId,
        Authority = authority,
        RedirectUri = redirectUri,
        // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
        PostLogoutRedirectUri = redirectUri,
        Scope = OpenIdConnectScope.OpenIdProfile,
        // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
        ResponseType = OpenIdConnectResponseType.CodeIdToken,
        // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
       Notifications = new OpenIdConnectAuthenticationNotifications
       {
           AuthenticationFailed = OnAuthenticationFailed,
       }
});

The code that used to (at least i think) trigger the login screen in my default controller:

public HttpStatusCodeResult SignIn()
{
    if (!Request.IsAuthenticated)
    {
        HttpContext.GetOwinContext().Authentication.Challenge(
            new AuthenticationProperties { 
                RedirectUri = MeshConfigSupport.LocalSettings.TryGetSetting<string>("RedirectUri").value,},
            OpenIdConnectAuthenticationDefaults.AuthenticationType);
    }
    HttpStatusCodeResult statusCode = new HttpStatusCodeResult(HttpContext.GetOwinContext().Response.StatusCode);
    return statusCode;
}
Solution

  • We had the exact same problem with one of our apps. Seems like MS turned of support for ssl protocols lower than tls 1.2. In our cas the issue was fixed by running the app under .Net 4.7.2 instead of 4.5.2 (defaults were apparently changed in 4.6). Check here for more details: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor