Need windows Azure app to authenicate against Office 365 Active Directory

Question

I have an mvc web application that I've published to windows Azure. I would like to use our Office 365 Active Directory to authenticate on log-in. I've entered a ticket with window Azure and they have sent me here.

I feel like I'm close to figuring this out. When I select the to sign-in it takes me to the microsoft log-in page and looks to authenticate me,but on the trip back to my applicaton I get the following error. I have changed the client secret key a dozen time and recreated the azure publish profile and azure app.

Error:

The remote server returned an error: (401) Unauthorized. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[WebException: The remote server returned an error: (401) Unauthorized.] System.Net.HttpWebRequest.GetResponse() +1465 Microsoft.IdentityModel.Clients.ActiveDirectory.d__2.MoveNext() +378 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.IdentityModel.Clients.ActiveDirectory.d__0`1.MoveNext() +410

[AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50012: **Invalid client secret is provided Trace ID: fa6387cc-0e46-417d-a109-0d6f356b619b Correlation ID: 5bf34f08-6b63-4845-b684-85ddc6d27e27 Timestamp: 2015-09-21 13:00:07Z] Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask(Task`1 task) +89 Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenByAuthorizationCode(String authorizationCode, Uri redirectUri, ClientCredential clientCredential, String resource) +64 NavPO.Startup.b__7_0(AuthorizationCodeReceivedNotification context) +279 Microsoft.Owin.Security.OpenIdConnect.d__1a.MoveNext() +4931 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +26 Microsoft.Owin.Security.OpenIdConnect.d__1a.MoveNext() +6453 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +581 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +225 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +187 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +561

Answer 1

From the error message:

AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50012: **Invalid client secret is provided

There is Azure AD code running in your app that is trying to complete the login flow. It's failing to do so because the client secret that is configured in your web app (probably in your web.config) is incorrect - i.e. it doesn't match any secret that was configured in your Azure AD application.

Take a look at the following sample as a starting point and compare it to your app to see where things might be misconfigured:

https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet