0

I am currently working on an old ASP.NET MVC application and suddenly it appears there's something wrong with the login mechanism using the OpenIdConnectAuthenticationOptions, it won't get through to Microsoft login.

I can't figure it out and hard to trace what's the issue on it because I have another application with the same implementation of OpenIdConnectAuthenticationOptions but that works perfectly fine.

Has anyone experienced the same issue?

Thanks!

Image Here

Jog
  • 3
  • 2
  • Set a breakpoint in event-handlers added to the `OpenIdConnectAuthenticationOptions`'s `Event` object/property (in your `ConfigureServices` method) and configure your debugger to break on first-chance exceptions and take a look at what you see in the thrown exception, any output messages, and anything logged to `Microsoft.Extensions.Logging` (assuming that's your logging framework). Also fire-up Fiddler (with TLS decryption, of course) to look at the raw responses. – Dai Aug 11 '22 at 04:17
  • My guess is that your OIDC token request's configured `scope` needs updating - or maybe you configured your AAD to [require PKCE](https://learn.microsoft.com/en-us/answers/questions/218113/openid-connect-authorization-code-flow-with-proof.html) but your client doesn't support it - or is not configured to use PKCE... – Dai Aug 11 '22 at 04:19
  • _ANYWAY_ - the problem with authX frameworks is there's 1,001+ things that can go wrong, but for security reasons none of these libs/frameworks/etc will give you any useful information (client-side, at least) besides an unhelpfully vague error message - so my first suggestion is to check your AAD logs to see if the failed attempt was logged with the cause/reason/details. – Dai Aug 11 '22 at 04:20

1 Answers1

0

I found an answer!

Solution: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/{Tenant-ID}/.well-known/openid-configuration'

I was able to find this article and the solution from Brent. It is just the latest trend of rolling out of deprecation of SSL.

Option 1 and Option 2 both work fine but the most efficient way is to change the target framework HttpRunTime in the web config from 4.5.2 to 4.7.1 or higher.

I hope this help anyone who experiences the same.

Jog
  • 3
  • 2
  • 1
    You should update directly to .NET Framework 4.8 - not 4.7.1. – Dai Aug 11 '22 at 04:34
  • Can you tell why should I? Thanks! – Jog Aug 11 '22 at 04:35
  • ...because 4.7.1 [is already 5 years old and will very likely be unsupported by Microsoft by the end of the year](https://learn.microsoft.com/en-us/lifecycle/products/microsoft-net-framework), while 4.8.1 is current. There are no breaking-changes from 4.5.2. to 4.8 that I'm aware-of, so your question is like asking "why?" in response to being told you should upgrade from a horse-and-carriage to a car... – Dai Aug 11 '22 at 04:47
  • I see. That make sense. Thank you for this information Dai. I will change it into 4.8 instead! Thanks! – Jog Aug 12 '22 at 07:58