microsoft-identity-web: ADB2C SSO giving ASPNETCORE ENV error when trying to sign in. [Bug]
Which version of Microsoft Identity Web are you using?
Microsoft Identity Web 1.1.0
Where is the issue?
- Web app
- Sign-in users
- Sign-in users and call web APIs
- Web API
- Protected web APIs (validating tokens)
- Protected web APIs (validating scopes)
- Protected web APIs call downstream web APIs
- Token cache serialization
- In-memory caches
- Session caches
- Distributed caches
- Other (please describe)
Is this a new or an existing app?
This is a new app or an experiment.
I have been experimenting with ADB2C using .NET Core, in order to implement it in our company’s future products, however, I came across this issue. I mistakenly misconfigured my app so that it uses Auth Code Flow without ticking the ID Token / Access Token from the portal, and obviously, it didn’t work. What is confusing about this is that I was getting redirecting by /signin-oidc endpoint to an error page which is managed by Microsoft Identity Web - */MicrosoftIdentity/Account/Error. The error that was displayed by this error page is completely misleading and I spent hours debugging both my application and Azure’s configuration before I eventually found out what the problem is.
The error that was being displayed is:
When I checked the launchsettings.json, everything was set-up correctly, as it can be seen below:
{
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:21020",
"sslPort": 44330
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development",
"ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation"
}
},
"WebApplication3": {
"commandName": "Project",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production",
"ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation"
},
"dotnetRunMessages": "true",
"applicationUrl": "https://localhost:5001;http://localhost:5000"
}
}
}
I was able to view the actual issue by going to my Network and in the form data being passed by the signin-oidc endpoint, there was an exception that was being thrown by ADB2C itself.
Expected behavior I expected that the error message would be clearly explained by ADB2C instead of it being hidden the way it is currently. I understand that this might be a security concern, however, the error message does not help in identifying what the issue is. So something along the lines of “An ADB2C configuration exception has occurred” would have been a great help here.
Actual behavior An incorrect error is being displayed instead.
Error: An error occurred while processing your request. Development Mode Swapping to Development environment will display more detailed information about the error that occurred. Development environment should not be enabled in deployed applications, as it can result in sensitive information from exceptions being displayed to end users. For local debugging, development environment can be enabled by setting the ASPNETCORE_ENVIRONMENT environment variable to Development, and restarting the application.
Is there something that could have been done from my end or is this simply an issue, and if so are there any plans on this being fixed at any point?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 16 (2 by maintainers)
The production error page intentionally does not discuss implementation details like this for the reasons it says above. The error would have still been reported in the server logs though. The error page should mention checking the server logs before it recommends enabling development mode. I’ll file an issue for that. (https://github.com/dotnet/aspnetcore/issues/33055)