skip to Main Content

I’m using Azure Active Directory B2C for external authorization by Azure.
Everything was working fine until Friday 19 when suddenly my backend could not respond because it couldn’t receive configuration info from a static link.

Azure B2C config accessing error, stack trace

The interesting thing, this link is fully workable, it opens json file when go by this URL in the browser, but my backend cannot access it.

The temporary decision was to load this file to the s3 bucket on AWS to get its public URL and change the link to this file in my application configuration. But this decision is ugly, and I want to figure out what the problem is.

Stack: .Net Framework 4.6.2.
Link to configuration file in my project settings:

<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />

2

Answers


  1. Chosen as BEST ANSWER

    Okay, the problem was in the TLS version. My application used the TLS 1.1 version by default. I think Azure silently deprecated TLS 1.1 version, and all requests are skipped with status code 426 Upgrade required.

    The solution was to change the TLS version to 1.2 in my project.

    The following code resolved my problem:

    public void SetAppropriateTlsVersion()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
    }
    

  2. Yes for the Dotnet framework later than 4.6.x must have the upgraded tls version.
    I could successfully bypass the error by using tls version 1.2
    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

    Check the following:

    Startup.cs:

    using Microsoft.AspNetCore.Authentication.OpenIdConnect;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.Http;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.Hosting;
    using Microsoft.Identity.Web;
    using Microsoft.Identity.Web.UI;
    
     
    
    namespace WebApp_OpenIDConnect_DotNet
    {
        public class Startup
        {
            public Startup(IConfiguration configuration)
            {
                Configuration = configuration;
            }
    
     
        public IConfiguration Configuration { get; }
    
    
    
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
                options.HandleSameSiteCookieCompatibility();
            });
    
    
    
            // Configuration to sign-in users with Azure AD B2C
            services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C);
    
            services.AddControllersWithViews()
                .AddMicrosoftIdentityUI();
    
    
    
            services.AddRazorPages();
    
    
    
            //Configuring appsettings section AzureAdB2C, into IOptions
            services.AddOptions();
            services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
        }
    
    
    
        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
    
    
    
            app.UseHttpsRedirection();
            app.UseStaticFiles();
            System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //add this tls
            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();
    
    
    
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
            });
        }
    }
    

    }

    enter image description here

    Appsettings.json

    {
      "AzureAdB2C": {
        "Instance": "https://xxxab2c.b2clogin.com",
        "ClientId": "xxx",
        "Domain": "xxb2c.onmicrosoft.com",
        "SignedOutCallbackPath": "/signout/B2C_1_susi",
        "SignUpSignInPolicyId": "b2c_1_susi",
        "ResetPasswordPolicyId": "b2c_1_reset",
        "EditProfilePolicyId": "b2c_1_edit_profile" // Optional profile editing policy
        //"CallbackPath": "/signin/B2C_1_sign_up_in"  // defaults to /signin-oidc
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information",
          "Microsoft": "Warning",
          "Microsoft.Hosting.Lifetime": "Information"
        }
      },
      "AllowedHosts": "*"
    }
    

    Ensure the latest frameworks are upgraded with latest patches and also check for the network connectivity.
    Then the program can be run successfully with azure ad b2c

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search