Open JoeRicci opened 1 year ago
We have been recently experiencing this issue since updating to dot net 7.
We are using the in-memory cache when this issue pops up I have to reset the application to fix the issue.
I have set the Absolute Expiration Relative To Now to 20 minutes
Max age 1 day Refresh interval to 20 minutes Automatic Refresh Interval to 1 minute
But this issue still happens after a few days of the production app running which makes it nearly impossible to replicate in devlopment.
` services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Options => { configuration.Bind("AzureAd", Options);
Options.Prompt = "select_account";
Options.Authority = "https://login.microsoftonline.com/common/v2.0";
Options.MaxAge = TimeSpan.FromDays(1);
Options.UseTokenLifetime = false;
Options.SaveTokens = true;
Options.RefreshInterval = TimeSpan.FromSeconds(20);
Options.AutomaticRefreshInterval = TimeSpan.FromMinutes(1);
Options.ResponseType = OpenIdConnectResponseType.CodeToken;
Options.Events.OnTokenValidated = async context => {
ITokenAcquisition tokenAcquisition = context.HttpContext.RequestServices
.GetRequiredService<ITokenAcquisition>();
GraphServiceClient graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(async (request) => {
string token =
await tokenAcquisition.GetAccessTokenForUserAsync(initialScopes,
user: context.Principal);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
}));
//IUserRequest request = graphClient.Me.Request();
//User user = await request
// .Select(u => new {
// u.DisplayName,
// u.Mail,
// u.UserPrincipalName,
// u.MailboxSettings,
// })
// .GetAsync();
};
Options.Events.OnAuthenticationFailed = context => {
string error = WebUtility.UrlEncode(context.Exception.Message);
context.Response
.Redirect($"/Home/ErrorWithMessage?message=Authentication+error&debug={error}");
context.HandleResponse();
return Task.FromResult(0);
};
Options.Events.OnRemoteFailure = context => {
if (context.Failure is OpenIdConnectProtocolException) {
string error = WebUtility.UrlEncode(context.Failure.Message);
context.Response
.Redirect($"/Home/ErrorWithMessage?message=Sign+in+error&debug={error}");
context.HandleResponse();
}
return Task.FromResult(0);
};
},
cookieScheme: null, openIdConnectScheme: "AzureAD")
.EnableTokenAcquisitionToCallDownstreamApi(options => {
configuration.Bind("AzureAd", options);
}, initialScopes)
.AddMicrosoftGraph("https://graph.microsoft.com/v1.0",
defaultScopes: "User.Read Mail.Send openid offline_access MailboxSettings.Read Calendars.Read")
.AddInMemoryTokenCaches(optons =>
optons.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(20)) ;`
Any workaround for this issue? I experience the same.
@crissb3, @JoeRicci There is a regression in .NET 7.0, related to the options. It should be fixed by the patch of .NET 7.0 that will be released mid february. Meanwhile, there is a workaroud, described in see https://github.com/AzureAD/microsoft-identity-web/issues/1995#issuecomment-1374281775
cc: @kalyankrishna1
Did this get fixed in the february 14th release 7.0.3?
If so, do I need to upgrade my Nuget packages ("Microsoft.EntityFrameworkCore") to this version?
When doing this I am getting this error:
Microsoft.Common.CurrentVersion.targets(4862, 5): [MSB3021] Unable to copy file "C:\Users\user\.nuget\packages\microsoft.data.sqlclient.sni.runtime\5.0.1\runtimes\win-arm\native\Microsoft.Data.SqlClient.SNI.dll" to "bin\Debug\net7.0\runtimes\win-arm\native\Microsoft.Data.SqlClient.SNI.dll". Access to the path 'C:\WebPortal_new\webportBB\AppOwnsData\bin\Debug\net7.0\runtimes\win-arm\native\Microsoft.Data.SqlClient.SNI.dll' is denied.
I have tried doing what others suggest online; disabling Read-only for this folder, clearing nuget cache etc. But still getting this error and also still getting the error with CAE not kicking in.
I am using Jetbrains Rider and when selecting target framework I don't get the option to pick 7.0.3, only 7.0 and lower X.0, but guessing this includes 7.0.3?
This issue is for a: (mark with an
x
)The issue was found for the following scenario:
Please add an 'x' for the scenario(s) where you found an issue
Repro-ing the issue
Repro steps
Using 2-1-Call-MSGraph as is with replacing my Azure App Service & Azure AD details into the appsettings.json file
Expected behavior
When the Access token expires, I expect that CAE should kick in and and refresh the access token
Actual behavior
Error is thrown invalidAuthenticationToken Message: Access token has expired or is not yet valid.
Possible Solution
Additional context/ Error codes / Screenshots
Any log messages given by the failure
Add any other context about the problem here, such as logs.
OS and Version?
Versions
Attempting to troubleshooting yourself:
Originally, there was not Refresh Token being issued and had to go into into Resources.azure.com to set the offline access. Th research I did seems to indicate this doesn't work with a free Azure Account, but not sure if that's correct. I coudln't see any option to turn on CAE in the oducmentation I followed
Mention any other details that might be useful
This is my first forray into Azure App Service.