Reputation: 81
ASP.NET Core Web App using Work (Azure AD) Authentication works debugging locally, but not after publish to Azure
My ASP.NET Core web app works great when running and debugging locally, but fails to run once published to Azure.
- I enabled Organizational Authentication and selected the appropriate domain upon publishing.
- The appropriate reply URL was registered
After I publish to Azure I get this error:
An unhandled exception occurred while processing the request. OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'. Trace ID: 640186d6-9a50-4fce-ae39-bbfc1caf2400 Correlation ID: 622758b2-ca52-4bb0-9a98-e14d5a45cf80 Timestamp: 2017-04-19 16:36:32Z', error_uri: 'error_uri is null'.
I'm assuming that it's because the Client Secret needs to be stored in Azure somewhere; however, the value in secrets.json did not work when I added it as an App Setting (invalid client secret error) as I saw someone was able to do on another post. Also not sure if putting the value of "Authentication:AzureAd:ClientSecret" in Azure AppSettings is a good idea anyway.
Upvotes: 3
Views: 4804
Answers (2)
Reputation: 721
Not sure if this is useful to anyone or not. But i receive a similar error message.
OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'error_description is null', error_uri: 'error_uri is null'.
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler+<RedeemAuthorizationCodeAsync>d__22.MoveNext()
The solution for me was to provide a secret in the token service
,new Client
{
ClientId = "Testclient",
ClientName = "client",
ClientSecrets =
{
new Secret("secret".Sha256())
},
//Hybrid is a mix between implicit and authorization flow
AllowedGrantTypes = GrantTypes.Hybrid,
And provide the secret in the client
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
//The name of the authentication configuration.. just incase we have multiple
AuthenticationScheme = "oidc",
//Represents where to store the identity information -> which points to the cookie middleware declared above
SignInScheme = "Cookies",
//where the token service reside -> system will configure itself by invoking the discovery endpoint for the token service
Authority = "http://localhost:5000",
RequireHttpsMetadata = false,
ClientId = "Testclient",
ClientSecret = "secret",
//hybrid flow -grant type
ResponseType = "code id_token",
Hopefully this helps someone
Upvotes: 4
Reputation: 81
Somehow I the Azure AD IDs needed for the proper Azure Active Directory App Registration were mixed up. There were 2 App Registration entries and the ClientID and TenentID's didn't match up with the local. So I synchronized the Client and Tenent IDs with one of the App Registration entries, and made sure the Client Secret was in App Settings, and it worked properly.
I verified these steps with this fine example Win's GitHub repository and they match now.
Upvotes: 0
Related Questions
- Login not working using Azure Active Directory for ASP.NET Core app
- Active Directory Interactive authentication in ASP.NET Core Razor Pages Web App not working when deployed to Azure App Service
- Azure AD Login issue only happening when running app on IIS Server
- Azure AD Not Authenticating in .NET Core 3.1
- AzureAD authentication only works on local
- ASP.NET Core 2.0 AzureAD Authentication not working
- ASP.NET Core authentication with Azure Active Directory throws Bad Request
- Cannot login to a local ASP.NET app after publishing it to Azure
- DotNet Core web app working locally but not when deployed to Azure
- Asp.net Core and Microsoft account authentication access denied