microsoft-identity-web
microsoft-identity-web copied to clipboard
AzureAD
[Bug] Issue with running in docker
Which version of Microsoft Identity Web are you using? Note that to get help, you need to run the latest version.
1.25.0
Where is the issue?
- Web app If locally run dotnet app.dll everything is ok, but if package into an image and run in docker or kubernetes, each request will occur error:
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.
System.ArgumentNullException: IDW10106: The 'ClientId' option must be provided.
at Microsoft.Identity.Web.MergedOptionsValidation.Validate(MergedOptions options)
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.<>c__DisplayClass5_0.<AddMicrosoftIdentityWebAppInternal>b__3(OpenIdConnectOptions options, IServiceProvider serviceProvider, IOptionsMonitor'1 mergedOptionsMonitor, IOptionsMonitor'1 msIdOptionsMonitor, IOptions'1 msIdOptions)
at Microsoft.Extensions.Options.ConfigureNamedOptions'5.Configure(String name, TOptions options)
at Microsoft.Extensions.Options.OptionsFactory'1.Create(String name)
at Microsoft.Extensions.Options.OptionsMonitor'1.<>c__DisplayClass10_0.<Get>b__0()
at System.Lazy'1.ViaFactory(LazyThreadSafetyMode mode)
--- End of stack trace from previous location ---
at System.Lazy'1.CreateValue()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler'1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
Repro appsettings.json
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx",
"TenantId": "xxx",
"ClientId": "xxx",
"CallbackPath": "/signin-oidc",
"ClientSecret": "xxx",
"ClientCertificates": []
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"MicrosoftGraph": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
}
}
appsettings.Production.json (set in configmap)
{
"ConnectionString": "AccountEndpoint=https://xxx.documents.azure.com:443/;AccountKey=xxx;"
}
Dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:6.0
COPY ./apprelease /home/app
I created other 2 apps in Visual Studio, both app are Blazor server and ASP.NET core app, and enabled the "Microsoft Identity Platform" as Authentication type, and Enabled "Microsoft Graph" in guard. And didn't modify any codes. Copy the published files into container will get same result as above. And running locally is OK.
Are you sure the appsettings*.json files are copied to the container? Just a quick check. Had some issues with that in the past. Just start the container interactive with a terminal and check the folder contents, or add ls -la /app to your dockerfile and do a build.
And apart from that what happens if you set the environment variables in the container. I'm curious to whether or not this is an issue with this library or a configuration error. Like:
-
AZUREAD__INSTANCE=https://login.microsoftonline.com/ -
AZUREAD__TENANTID=xxx - ...
(mind the double underscore __ as a section seperator.)
Hi @svrooij , Thanks for reply, I have pulled the container image and checked the file is exists in there. And I have created a new project to make sure the issue is there, here are the steps:
- In visual studio right click the solution and choose Add - New project. Then select Blazor server (ASP.NET core web app got same result), and in wizard choose Microsoft identity platform for Authentication type. Then create the project, after install some required component, follow the steps to connect this project to AAD app. Finally open the appsettings.json to make sure the 2 ids and domain are fetched and saved in that file.
- Open terminal and locate to root path of project, and start to build,
dotnet restore,dotnet publish -o ./apprelease -c release, then start the appdotnet /apprelease/BlazorApp2.dll, and open the webpage to make sure the web app is OK. - Start the docker and enter
docker pull mcr.microsoft.com/dotnet/aspnet:6.0,docker run --name temp -itd -p 5001:80 mcr.microsoft.com/dotnet/aspnet:6.0,docker cp ./apprelease/. temp:/home/app, then in the container terminalls /home/appto check the files are there, thendotnet /home/app/BlazorApp2.dllto start app in container. - Open that page in browser will see 500 result, and in container terminal will see the error:
As you can see all the codes are generated by visual studio and I didn't modify any code. And you can try it yourself following the steps above. Waiting your response.
Hi @svrooij , I'm checking is there anything update about this issue, because this issue has blocked our delivery progress for few days, so I was hoping you can give me a solution or fix this issue ASAP, thanks.
@wwy12321 I'm not in the MSAL team. I just noticed an issue that looked similar to mine few months ago (settings not loaded docker). I hope someone else can help you out.
@svrooij nvm, no one following my issue except you, and it seems our project gonna blocked at least for another few month =D, anyway, thanks for help.
@tratcher who could help with this? (deploying in a container does not find the Appsettings.json)
@Tratcher who could help with this? (deploying in a container does not find the Appsettings.json)
So, @Tratcher is responsible for MIW?
@jmprieur I think it's all about MIW's issue, ASP.NET core is good, MIW has something wrong with it.
I created other 2 apps in Visual Studio, both app are Blazor server and ASP.NET core app, and enabled the "Microsoft Identity Platform" as Authentication type, and Enabled "Microsoft Graph" in guard. And didn't modify any codes. Copy the published files into container will get same result as above. And running locally is OK.
@wwy12321 Visual Studio creates a client secret to call Microsoft Graph. Did you add it to your appsettings.json or to some secret store on the container? (it's visible from the "Manage User Secrets" contextual command on the project.
@jmprieur , the following comments I didn't enable the "Microsoft Graph" but still get the error:
1. In visual studio right click the solution and choose Add - New project. Then select Blazor server (ASP.NET core web app got same result), and in wizard choose Microsoft identity platform for Authentication type. Then create the project, after install some required component, follow the steps to connect this project to AAD app. Finally open the appsettings.json to make sure the 2 ids and domain are fetched and saved in that file.
The client secret is about getting user profile by MG, but now the errors I got is about authentication, i.e. no page can open successfully not only the user profile page, even if I didn't enable the "Microsoft Graph" the app still can't run in container.
I beg you try my steps that mentioned and check is the bug there or not.
@svrooij wwy12321 Can you please try without the Domain in your appsettings.json ? (only the TenantId) ?
@jmprieur I was only trying to help. We are not having this issue.
@wwy12321 they might have found a solution for you.
I am reporting the same issue. though my app doesn't even run when i tried to run it as dll. Tried to debug the library itself. it seems mergedOptionsMonitor [1] is an empty dict so the returned value of it (mergedOptions) is the default value of MicrosoftIdentityOptions which contains null as ClientId and all other "essential" values.
version used: 2.7.0 and master (for debugging).
error:
System.ArgumentNullException: IDW10106: The 'ClientId' option must be provided.
at Microsoft.Identity.Web.MergedOptionsValidation.Validate(MergedOptions options) in C:\Users\YoMommaIsSoFat\source\repos\microsoft-identity-web\src\Microsoft.Identity.Web\MergedOptionsValidation.cs:line 15
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.<>c__DisplayClass5_0.<AddMicrosoftIdentityWebAppInternal>b__3(OpenIdConnectOptions options, IServiceProvider serviceProvider, IMergedOptionsStore mergedOptionsMonitor, IOptionsMonitor`1 msIdOptionsMonitor, IOptions`1 msIdOptions) in C:\Users\YoMommaIsSoFat\source\repos\microsoft-identity-web\src\Microsoft.Identity.Web\WebAppExtensions\MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs:line 291
at Microsoft.Extensions.Options.ConfigureNamedOptions`5.Configure(String name, TOptions options)
at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.OptionsMonitor`1.<>c__DisplayClass10_0.<Get>b__0()
at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy`1.CreateValue()
at System.Lazy`1.get_Value()
at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
at Microsoft.Extensions.Options.OptionsMonitor`1.Get(String name)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.InitializeAsync(AuthenticationScheme scheme, HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationHandlerProvider.GetHandlerAsync(HttpContext context, String authenticationScheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
additional questions:
- i see there's a
MergedOptionsStoreregistered on line 231. where would thisMergedOptionsStoreservice be used and/or called? - if this Store is called whenever a request is coming in, why there's no update to its content?
thanks in advance, folks.
[1] https://github.com/AzureAD/microsoft-identity-web/blob/b03882c59c100fe9bb50a6e626aeda49e7a217ca/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L289
