Azure Active Directory B2C accessing configuration file by static link error
I'm using Azure Active Directory B2C for external authorization by Azure. Everything was working fine until Friday 19 when suddenly my backend could not respond because it couldn't receive configuration info from a static link.
The interesting thing, this link is fully workable, it opens json file when go by this URL in the browser, but my backend cannot access it.
The temporary decision was to load this file to the s3 bucket on AWS to get its public URL and change the link to this file in my application configuration. But this decision is ugly, and I want to figure out what the problem is.
Stack: .Net Framework 4.6.2.
Link to configuration file in my project settings:
<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />
Yes for the Dotnet framework later than 4.6.x must have the upgraded tls version.
I could successfully bypass the error by using tls version 1.2
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Check the following:
Startup.cs:
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
namespace WebApp_OpenIDConnect_DotNet
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
// Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
options.HandleSameSiteCookieCompatibility();
});
// Configuration to sign-in users with Azure AD B2C
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C);
services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
services.AddRazorPages();
//Configuring appsettings section AzureAdB2C, into IOptions
services.AddOptions();
services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //add this tls
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
}
}
Appsettings.json
{
"AzureAdB2C": {
"Instance": "https://xxxab2c.b2clogin.com",
"ClientId": "xxx",
"Domain": "xxb2c.onmicrosoft.com",
"SignedOutCallbackPath": "/signout/B2C_1_susi",
"SignUpSignInPolicyId": "b2c_1_susi",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile" // Optional profile editing policy
//"CallbackPath": "/signin/B2C_1_sign_up_in" // defaults to /signin-oidc
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
Ensure the latest frameworks are upgraded with latest patches and also check for the network connectivity. Then the program can be run successfully with azure ad b2c
- Manually prevent new rows in WPF DataGrid
- Does the .net framework have a build-in method to convert from degrees to radians?
- Why .NET Core introduced Autofac since it has dependency control system?
- How do I check if a filename matches some wildcard pattern?
- Token Request Failing and Returning error invalid grant
- Bug in .NET MAUI Custom ScrollView for iOS
- IIS server error .Server Error in '/' Application
- How to iterate over ReadOnlySpan in F#?
- Shared AssemblyInfo for uniform versioning across the solution
- Adding classes to Blazor(Razor) Validation
- Correct way to link lssl and lcrypto for a static lib
- dotnet publish --self-contained -> running the app still asks for .net installation
- DataTable already belongs to another DataSet
- Read connection string from web.config
- Split String into smaller Strings by length variable
- Autofac Access the IoC container in .NET MAUI
- How to make Entity Framework Data Context Readonly
- Prevent multiple instances of a given app in .NET?
- compiling C code and C# code both into .NET DLL
- How to manage multiple uses of a model in an application?
- How to enlist with a TransactionScope?
- Disable bootstrap offcanvas closure on backdrop click in Blazor .NET app
- Detect if headphones are plugged in or not via C#
- The named 'CommandType' does not exist in the current context
- Launching an application (.EXE) from C#?
- internal vs public in C#
- PowerShell script to return versions of .NET Framework on a machine?
- string interning vs address in memory
- Parallel Tasks - Run Parallel threads but dont wait for other Tasks to complete and get the latest data from database
- Custom NuGet feed with invalid certificate