What causes the static link error when accessing the configuration file in Azure Active Directory B2C?

tweeker
May 26, 2023
257 views
0 votes
2 Answers

I’m using Azure Active Directory B2C for external authorization by Azure.
Everything was working fine until Friday 19 when suddenly my backend could not respond because it couldn’t receive configuration info from a static link.

The interesting thing, this link is fully workable, it opens json file when go by this URL in the browser, but my backend cannot access it.

The temporary decision was to load this file to the s3 bucket on AWS to get its public URL and change the link to this file in my application configuration. But this decision is ugly, and I want to figure out what the problem is.

Stack: .Net Framework 4.6.2.
Link to configuration file in my project settings:

<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />

Answers

Chosen as BEST ANSWER
- tweeker
- May 26, 2023 at 1:41 pm
- 0 votes
0
Okay, the problem was in the TLS version. My application used the TLS 1.1 version by default. I think Azure silently deprecated TLS 1.1 version, and all requests are skipped with status code 426 Upgrade required.

The solution was to change the TLS version to 1.2 in my project.

The following code resolved my problem:
```
public void SetAppropriateTlsVersion()
{
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
}
```

(Edit)

Yes for the Dotnet framework later than 4.6.x must have the upgraded tls version.
I could successfully bypass the error by using tls version 1.2
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

Check the following:

Startup.cs:

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;

 

namespace WebApp_OpenIDConnect_DotNet
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

 
    public IConfiguration Configuration { get; }



    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
            options.HandleSameSiteCookieCompatibility();
        });



        // Configuration to sign-in users with Azure AD B2C
        services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C);

        services.AddControllersWithViews()
            .AddMicrosoftIdentityUI();



        services.AddRazorPages();



        //Configuring appsettings section AzureAdB2C, into IOptions
        services.AddOptions();
        services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
    }



    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }



        app.UseHttpsRedirection();
        app.UseStaticFiles();
        System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //add this tls
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();



        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
            endpoints.MapRazorPages();
        });
    }
}

}

Appsettings.json

{
  "AzureAdB2C": {
    "Instance": "https://xxxab2c.b2clogin.com",
    "ClientId": "xxx",
    "Domain": "xxb2c.onmicrosoft.com",
    "SignedOutCallbackPath": "/signout/B2C_1_susi",
    "SignUpSignInPolicyId": "b2c_1_susi",
    "ResetPasswordPolicyId": "b2c_1_reset",
    "EditProfilePolicyId": "b2c_1_edit_profile" // Optional profile editing policy
    //"CallbackPath": "/signin/B2C_1_sign_up_in"  // defaults to /signin-oidc
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

Ensure the latest frameworks are upgraded with latest patches and also check for the network connectivity.
Then the program can be run successfully with azure ad b2c

Please signup or login to give your own answer.

Click here to cancel reply.