TekOnline

MVC project running under Windows Server 2012r2 and ASP.NET 4.7 cant use Azure to authenticate anymore IDX20803 [SOLVED]

I logged in one morning to find that users of one of our apps were getting an error authenticating with an MVC site. When I investigated to check if this was a site wide issue, it seemed that anything on the site that was using Azure Identity was failing.

The issue seemed to be caused by the application not being able to fetch the discovery document from the endpoint, I was getting an error which was similar to below:

https://www.google.com/search?client=firefox-b-d&q=unable+to+obtain+from+ppi+is+hidden&safe=active

What I found strange, was I could navigate to the endpoint fine on the server (Microsoft Server 2012 r2) and the application ran fine on my machine (Windows 10).

First I needed to check that the app was fetching the doc from the right location.

I added the following to give me more info on the error. Without this the error will looks something like [PPI is hidden]

This was added in the MVC application in the startup.auth.cs file:

public void ConfigureAuth(IAppBuilder app)
{
     //Removed for brevity
     //Inherited from Microsoft.IdentityModel.Logging
     IdentityModelEventSource.ShowPII = true;
}

Once this was added, the error showed that indeed, the discovery document URI was what I expected… so why wasn’t it loading? ๐Ÿค”

After looking at possible solutions, I came across this post:

https://stackoverflow.com/a/66921932/5906543

I added the following code as below:

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls|
SecurityProtocolType.Tls11|
SecurityProtocolType.Tls12|
SecurityProtocolType.Ssl3;

After this was added, BAM! ๐Ÿ’ฃ Users could authenticate again! ๐ŸŽ‰

But why do I need to add this when using Windows Server 2012r2 and ASP.NET 4.7???

This leaves me with a few big questions

  • From what I understand, because the site is hosted on IIS under Windows Server 2012r2 the TLS settings should be right at the operating system level…
  • My app is using ASP.Net 4.7 which seems like this line shouldn’t need adding

If you have some thoughts on why this was needed, please feel free to comment. I would be most grateful ๐Ÿ™

Posted

in

by

jcianci12

Tags:

, , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *