Reputation: 1
Azure Ad WebApp MSGraph Value cannot be null
I'm running into an issue with AzureAd/Graph configuration between Azure and Local. I'm using Vs2019 .Net Core 5 Identity.Web 1.23 On local both in Visual Studio and stand alone exe. I am able to connect to Graph get my roles and details when the same code is deployed to the Azure Web App I get the follow.
Code: generalException Message: An error occurred sending the request. Value cannot be null. (Parameter 'headers') at Microsoft.Identity.Web.AppServicesAuthenticationInformation.GetIdToken(IDictionary
2 headers) at Microsoft.Identity.Web.AppServicesAuthenticationTokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions) at Microsoft.Identity.Web.TokenAcquisitionAuthenticationProvider.AuthenticateRequestAsync(HttpRequestMessage request) at Microsoft.Graph.AuthenticationHandler.SendAsync(HttpRequestMessage httpRequestMessage, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken) at Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)<Microsoft.Identity.Web
The code in question
var initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.TokenValidationParameters.RoleClaimType = "roles";
});
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
services.AddRazorPages()
.AddMicrosoftIdentityUI();
// Add the UI support to handle claims challenges
services.AddServerSideBlazor()
.AddMicrosoftIdentityConsentHandler();
app.config for reference
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientCertificates": [
],
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath ": "/signout-callback-oidc"
},
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "User.Read"
},
Anything pointing me in a direction would be helpful, I have been stumped by this for a week now.
Upvotes: 0
Views: 253
Answers (1)
Reputation: 1
I found my issue. the azure web app was running as a managed account and because of this it could not connect to graph as the user.
Upvotes: 0
Related Questions
- Microsoft graph return "access token is empty"
- MS Graph Valid User Attribute Reported as Request_ResourceNotFound
- Microsoft Graph Api - request not working
- Getting a error issue from Microsoft Portal azure active directory
- Microsoft Graph throws Request_ResourceNotFound instead of null/0
- Microsoft graph unable to get required data from .Net core application
- User account never null
- What does it mean "Property has an invalid value"?
- One or more properties contains invalid values in Microsoft graph API
- Having a problem getting Microsoft Graph call to work within a .net web application