MVC to Azure Active Directory sign on replying with "Bad Request" and message with "Unable to create to obtain configuration from"

Question

What am I doing wrong?

I'm trying to sign on to an Azure Active Directory from a sample MVC app and getting "Bad Request".

I'm following the example (dated 7/17/2015) here:

azure.microsoft.com example

and here is a more detailed step by step of the same data by someone else:

azure example expanded by blogger

I've replaced the name of my active directory with "myActiveDirectory" below.

Here is my webconfig data:

AccountController.cs

using System.Web;
using System.Web.Mvc;
// OWIN 
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;


namespace TodoListWebApp.Controllers
{
    public class AccountController : Controller
    {
        public void SignIn()
        {
            // Sends an OpenID sign-in request. 
            if (!Request.IsAuthenticated)
            {
                HttpContext.GetOwinContext().
                Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }


        public void SignOut()
        {
            // Sends an OpenID sign-out request. 
            HttpContext.GetOwinContext().Authentication.SignOut(
                OpenIdConnectAuthenticationDefaults.AuthenticationType,
                CookieAuthenticationDefaults.AuthenticationType);
        }
    }
}

Startup.cs

// OWIN 
using Owin;

namespace ActiveDirSample
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }
    }
}

Startup.Auth.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Configuration;


// OWIN 
using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security.Cookies;
using System.Globalization;


[assembly: OwinStartup(typeof(ActiveDirSample.Startup))]

namespace ActiveDirSample
{



  public partial class Startup
    {

        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
        private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];

        string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,
                });
        }
    }
}

Here is the response I get:

Server Error in '/' Application.

Response status code does not indicate success: 400 (Bad Request). 
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

 Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

Source Error: 


 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace: 



[HttpRequestException: Response status code does not indicate success: 400 (Bad Request).]
   System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +92108
   Microsoft.IdentityModel.Protocols.d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:54

[IOException: Unable to get document from: https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration]
   Microsoft.IdentityModel.Protocols.d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\HttpDocumentRetriever.cs:59
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.d__0.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\OpenIdConnectConfigurationRetriever.cs:81
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.IdentityModel.Protocols.d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:198

[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.windows.net/myActiveDirectory.onmicrosoft.com/.well-known/openid-configuration'.]
   Microsoft.IdentityModel.Protocols.d__3.MoveNext() in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\Configuration\ConfigurationManager.cs:212
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.OpenIdConnect.d__c.MoveNext() +599
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.d__b.MoveNext() +292
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.d__8.MoveNext() +278
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +165
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +716
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +561
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +187
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__2.MoveNext() +185
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
   System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +380
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155




Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.81.0

Roland Buergi · Accepted Answer

It is difficult to diagnose this problem from the call stack. You might try the following:

Use the Tenant Guid rather than the name (you can find the Guid e.g. in the URL when you are on your Azure AD instance in the management portal). I had problems before that the name could not be resolved properly, and using the Guid helped.

SOLUTION

In Portal, navigate to Azure Active Directory > App registrations > Endpoints, and then copy the guid from the endpoint URIs. This is the Tenant ID.

replace the tenant name with the guid in the web.config file
In Azure AD, you must register your application with sufficient privileges. You will need to have privileges configured to read directory information.

MVC to Azure Active Directory sign on replying with "Bad Request" and message with "Unable to create to obtain configuration from"

Answers (2)

Related Questions

MVC to Azure Active Directory sign on replying with &quot;Bad Request&quot; and message with &quot;Unable to create to obtain configuration from&quot;

Answers (2)

Related Questions

MVC to Azure Active Directory sign on replying with "Bad Request" and message with "Unable to create to obtain configuration from"