microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard
verified publisher icon AzureAD

I'm having this exact problem with version 1.22.3 of Microsoft.Identity.Web. Unlike @thestillheron there is no other authentication but Microsoft.Identity.Web. The relevant code is as below:

Open jimitndiaye opened this issue 4 years ago • 4 comments

I'm having this exact problem with version 1.22.3 of Microsoft.Identity.Web. Unlike @thestillheron there is no other authentication but Microsoft.Identity.Web. The relevant code is as below:

            services.AddAuthentication()
                .AddMicrosoftIdentityWebApp(
                    openIdConnectScheme: OpenIdConnectDefaults.AuthenticationScheme,
                    displayName: "Azure AD B2C",
                    configureMicrosoftIdentityOptions: options =>
                        ConfigureMicrosoftIdentityOptions(
                            options,
                            shellSettings),
                    configureCookieAuthenticationOptions: ConfigureCookieAuthenticationOptions,
                    cookieScheme: null,
                    subscribeToOpenIdConnectMiddlewareDiagnosticsEvents: env.IsDevelopment())
                .EnableTokenAcquisitionToCallDownstreamApi(options =>
                {
                    Configuration.GetSection(PortalAuthenticationConfigSection).Bind(options);
                    options.EnablePiiLogging = env.IsDevelopment();
                })
                .AddDownstreamWebApi(AuthenticationConstants.IdentityApiName,
                    options => { Configuration.GetSection("Portal:Authentication:Api").Bind(options); })
                .AddDistributedTokenCaches();

I initially didn't provide a callback to EnableTokenAcquisitionToCallDownstreamApi but ran into the null reference exception and added that callback to make sure Instance is being set. To my amazement, even after the call back is executed and the Instance property is set via configuration as depicted above, I still get a null reference exception - it is being overwritten somehow.

Originally posted by @jimitndiaye in https://github.com/AzureAD/microsoft-identity-web/issues/1507#issuecomment-1033079370

jimitndiaye avatar Feb 09 '22 09:02 jimitndiaye

Did you try https://www.nuget.org/packages/Microsoft.Identity.Web/1.23.1 ?

jmprieur avatar Mar 14 '22 00:03 jmprieur

I am also experiencing this. However it appears that the configure callback function I pass to EnableTokenAcquisitionToCallDownstreamApi is not being executed at all. I've updated to 1.23.1 and still experience the issue.

Apologies for so little information, I'll try and provide better feedback when I have time.

kyledevans avatar Mar 17 '22 12:03 kyledevans

EDIT: I think the issue I'm encountering is better documented in #1624.

So a little description about my use case. I'm trying to create a SPA application that communicates to my backend service API (the backend for frontend model). Ideally this application would utilize a SSO solution like Azure AD, but often times for development, testing, and debugging purposes I find that it's easier to use a solution that implements an internally managed username/password store.

I am utilizing the Asp.Net Core Identity framework with an Entity Framework store in SQL Server to persist usernames/passwords. The frontend SPA application will then authenticate against an API, and then call protected endpoints with a simple JWT token. I am currently trying to figure out how to implement middleware that will determine if the "Authorization: Bearer <...>" header has been issued by Azure AD, or by my own internal JWT generator. From there it should delegate to the appropriate middleware.

So as a proof of concept, I've created a default "Selector" middleware, that for now just hardcodes to forward to the AzureAd scheme:

    authBuilder.AddPolicyScheme(JwtBearerDefaults.AuthenticationScheme, "Selector", options => {
        options.ForwardDefaultSelector = context => {
            return "AzureAd";
        };
    });

Azure AD is configured as such:

    authBuilder.AddMicrosoftIdentityWebApi(jwtOptions => {
        }, msOptions => {
            //msOptions.Auth
            builder.Configuration.GetSection("AzureAd").Bind(msOptions);
        }, "AzureAd")
        .EnableTokenAcquisitionToCallDownstreamApi(msIdentOptions => {
            builder.Configuration.GetSection("AzureAd").Bind(msIdentOptions);    // THIS NEVER RUNS!  WHY?
            Console.WriteLine("BALAHAHAHAHAHA");
        })
        .AddMicrosoftGraph(graphOptions => {
            builder.Configuration.GetSection("MicrosoftGraph").Bind(graphOptions);
        })
        .AddInMemoryTokenCaches();

I've posted the application code I'm developing, it's a bit in a state of disarray at the moment because I'm trying to overhaul how I perform user management. Here is the repository. I can try and reduce this down to a more minimal reproduction of the issue if requested, but that will take a bit of time since I haven't spent a lot of time learning the ins and outs of the identity framework.

kyledevans avatar Mar 21 '22 18:03 kyledevans

Please check if this comment is relevant: https://github.com/AzureAD/microsoft-identity-web/issues/1507#issuecomment-1076338507

oledid avatar Mar 23 '22 12:03 oledid

Closing, as not sure if this is still repro'ing on the latest 2.17.3. If so, please re-open. Thank you.

jennyf19 avatar Mar 28 '24 02:03 jennyf19