active-directory-aspnetcore-webapp-openidconnect-v2 icon indicating copy to clipboard operation
active-directory-aspnetcore-webapp-openidconnect-v2 copied to clipboard
verified publisher icon Azure-Samples

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://XXX.onmicrosoft.com/XXX_SignUp_SignIn/v2.0/.well-known/openid-configuration'.

Open jimmathew999 opened this issue 2 years ago • 5 comments

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

The issue was found for the following scenario:

Please add an 'x' for the scenario(s) where you found an issue

  1. Web app that signs in users
    1. [ ] with a work and school account in your organization: 1-WebApp-OIDC/1-1-MyOrg
    2. [ ] with any work and school account: /1-WebApp-OIDC/1-2-AnyOrg
    3. [ ] with any work or school account or Microsoft personal account: 1-WebApp-OIDC/1-3-AnyOrgOrPersonal
    4. [ ] with users in National or sovereign clouds 1-WebApp-OIDC/1-4-Sovereign
    5. [x ] with B2C users 1-WebApp-OIDC/1-5-B2C
  2. Web app that calls Microsoft Graph
    1. [ ] Calling graph with the Microsoft Graph SDK: 2-WebApp-graph-user/2-1-Call-MSGraph
    2. [ ] With specific token caches: 2-WebApp-graph-user/2-2-TokenCache
    3. [ ] Calling Microsoft Graph in national clouds: 2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph
  3. [ ] Web app calling several APIs 3-WebApp-multi-APIs
  4. [ ] Web app calling your own Web API
    1. [ ] with a work and school account in your organization: 4-WebApp-your-API/4-1-MyOrg
    2. [ ] with B2C users: 4-WebApp-your-API/4-2-B2C
    3. [ ] with any work and school account: 4-WebApp-your-API/4-3-AnyOrg
  5. Web app restricting users
    1. [ ] by Roles: 5-WebApp-AuthZ/5-1-Roles
    2. [ ] by Groups: 5-WebApp-AuthZ/5-2-Groups
  6. [ ] Deployment to Azure
  7. [ ] Other (please describe)

Repro-ing the issue

Repro steps

I have registered my app and when I tried to access, I'm getting following error...

I'm accessing through proxy due to security restrictions. also enabled TL1.2 based on other community feedbacks.

Category: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware EventId: 1 SpanId: f3a0e0b6f3d02df5 TraceId: 2428398476c24cd49c3f809ef4c6d4e5 ParentId: 0000000000000000 RequestId: 8000000a-0002-fa00-b63f-84710c7967bb RequestPath: /App1/MicrosoftIdentity/Account/SignIn

An unhandled exception has occurred while executing the request.

Exception: System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://XXX.onmicrosoft.com/XXX_SignUp_SignIn/v2.0/.well-known/openid-configuration'. Will retry at '6/1/2023 5:37:52 AM +00:00'. Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://XXX.onmicrosoft.com/XXX_SignUp_SignIn/v2.0/.well-known/openid-configuration'. ---> System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 60 seconds elapsing. ---> System.TimeoutException: A task was canceled. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled. at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.HttpConnectionWaiter1.WaitForConnectionAsync(Boolean async, CancellationToken requestCancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)

Message 2: IDX20804: Unable to retrieve document from: 'https://XXX.onmicrosoft.com/XX_SignUp_SignIn/v2.0/.well-known/openid-configuration'., InnerException: The request was canceled due to the configured HttpClient.Timeout of 60 seconds elapsing..

Expected behavior

Actual behavior

Possible Solution

Additional context/ Error codes / Screenshots

Any log messages given by the failure

Add any other context about the problem here, such as logs.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

of ASP.NET Core, of MSAL.NET

Attempting to troubleshooting yourself:

Mention any other details that might be useful

Thanks! We'll be in touch soon.

jimmathew999 avatar Jun 01 '23 05:06 jimmathew999

@jimmathew999 are you able to go to this URL in the browser (using your values obviously)? https://xxx.onmicrosoft.com/XX_SignUp_SignIn/v2.0/.well-known/openid-configuration You should be able to see the metadata.

jennyf19 avatar Jun 05 '23 18:06 jennyf19

@jennyf19 Yes I'm able to see the metadata. but redirection to Microsoft login is not happening. I'm getting mentioned error. I tried to trace network traffic with the security team to see any firewall blockage. nothing blocked.

  • Added all Microsoft URLs to the proxy.
  • Enabled TLS 1.2 in the registry. Disabled other TLS versions.
  • Verified certificate
  • I'm using Visual Studio 2022 17.6.1

Totally stuck with this issue. I'm troubleshooting for the past few weeks. Not getting any hints.

jimmathew999 avatar Jun 05 '23 18:06 jimmathew999

@jimmathew999 : would this article be helpful? https://github.com/AzureAD/microsoft-identity-web/wiki/Deploying-Web-apps-to-App-services-as-Linux-containers

jmprieur avatar Jun 06 '23 03:06 jmprieur

@jimmathew999 : would this article be helpful? https://github.com/AzureAD/microsoft-identity-web/wiki/Deploying-Web-apps-to-App-services-as-Linux-containers

@jmprieur thanks for your suggestion. that didn't work. I noticed that this is happening only on corporate environment which is behind proxy. on my personal laptop its working fine.

jimmathew999 avatar Jun 08 '23 05:06 jimmathew999

I had this error too even though I'm not even behind a proxy. I was doing something else, can't remember what, I think trying to sign into my visual studio account and it responded with a proxy error. I was like, "what??? I'm not even behind a proxy!!". Well, I connected my development laptop to my phone's wifi hotspot and this error went away. So I guess my home internet router is doing some weird stuff, no clue.

PostImpatica avatar Oct 11 '23 16:10 PostImpatica