Open heppersonmicrosoft opened 1 year ago
Facing issues in the middleware for azure app service.
2022-11-08T08:43:50.952470638Z [41m[30mfail[39m[22m[49m: Microsoft.AspNetCore.Server.Kestrel[13]
2022-11-08T08:43:50.952591539Z Connection id "0HMM1CLD8L0S4", Request id "0HMM1CLD8L0S4:00000002": An unhandled exception was thrown by the application.
2022-11-08T08:43:50.952599139Z System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform.
2022-11-08T08:43:50.952603039Z at System.Security.Cryptography.RSACng..ctor()
2022-11-08T08:43:50.952606639Z at Microsoft.Azure.AppService.Middleware.JsonWebKey.GetSecurityKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/JsonWebKey.cs:line 100
2022-11-08T08:43:50.952610339Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.RefreshOpenIdConnectKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 80
2022-11-08T08:43:50.952614039Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.GetOpenIdConnectKeys(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 99
2022-11-08T08:43:50.952617639Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.GetTokenValidationParameters(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 476
2022-11-08T08:43:50.952621239Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.<TryAuthenticateRequest>b__32_0(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 416
2022-11-08T08:43:50.952626040Z at Microsoft.Azure.AppService.Middleware.BearerTokenAuthenticationHelper.TryAuthenticateFromBearerToken(String siteName, HttpContextBase context, String headerName, String providerAlias, Boolean useLegacyClaims, Func`2 getTokenValidationParametersFunc, AuthenticatedPrincipal& user, Exception& tokenValidationException, Boolean clearDefaultClaimsMapping) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/BearerTokenAuthenticationHelper.cs:line 64
2022-11-08T08:43:50.952631840Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.TryAuthenticateRequest(HttpContextBase context, AuthenticatedPrincipal& user, Exception& tokenValidationException) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 410
2022-11-08T08:43:50.952636140Z at Microsoft.Azure.AppService.Middleware.EasyAuthModule.AuthenticateAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 874
2022-11-08T08:43:50.952639640Z at Microsoft.Azure.AppService.Middleware.EasyAuthModule.OnAuthenticateRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 274
2022-11-08T08:43:50.952643140Z at Microsoft.Azure.AppService.Middleware.NetCore.AppServiceMiddleware.InvokeAsync(HttpContext context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.NetCore/AppServiceMiddleware.cs:line 112
2022-11-08T08:43:50.952654440Z at Microsoft.Azure.AppService.MiddlewareShim.AutoHealing.AutoHealingMiddleware.Invoke(HttpContext context) in /EasyAuth/Middleware.Host/AutoHealing/AutoHealingMiddleware.cs:line 55
2022-11-08T08:43:50.952657940Z at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
Since this is the latest release. Could you help rectifying it.
Env: Azure App service runnning a linux container on B1 plan
Application: Docker container running a linux executable
Authentication configured: Configured authentication via Azure ADB2C App registration
Hi I am not facing issues on version 1.5.1, for me it's the last stable version. But I am facing major problems on version 1.6.2 which is the latest version that my apps are receiving and it's causing the error that @bhaweshksingh is reporting.
Other users are facing this problem on stackoverflow
@HugoS99 Looking at stackoverflow link, were you able to find any other workaround to downgrade to version 1.5.1
for the easyauth middleware in appservice.
Setting the "WEBSITE_CUSTOM_MIDDLEWARE_VERSION" environment variable to value "stage2" this changed the version of easyauth from 1.6.2 to 1.5.1
The above workaround doesn't work for me.
@bhaweshksingh no I was unable to find another workaround, what that workaround was effectively doing was settings the version on 1.5.1 instead of 1.6.2 but that no longer works (most likely it worked because that old image was present on the VM but it was eventually updated and the VM can't pull other versions)
Facing issues in the middleware for azure app service.
2022-11-08T08:43:50.952470638Z [41m[30mfail[39m[22m[49m: Microsoft.AspNetCore.Server.Kestrel[13] 2022-11-08T08:43:50.952591539Z Connection id "0HMM1CLD8L0S4", Request id "0HMM1CLD8L0S4:00000002": An unhandled exception was thrown by the application. 2022-11-08T08:43:50.952599139Z System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform. 2022-11-08T08:43:50.952603039Z at System.Security.Cryptography.RSACng..ctor() 2022-11-08T08:43:50.952606639Z at Microsoft.Azure.AppService.Middleware.JsonWebKey.GetSecurityKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/JsonWebKey.cs:line 100 2022-11-08T08:43:50.952610339Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.RefreshOpenIdConnectKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 80 2022-11-08T08:43:50.952614039Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.GetOpenIdConnectKeys(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 99 2022-11-08T08:43:50.952617639Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.GetTokenValidationParameters(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 476 2022-11-08T08:43:50.952621239Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.<TryAuthenticateRequest>b__32_0(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 416 2022-11-08T08:43:50.952626040Z at Microsoft.Azure.AppService.Middleware.BearerTokenAuthenticationHelper.TryAuthenticateFromBearerToken(String siteName, HttpContextBase context, String headerName, String providerAlias, Boolean useLegacyClaims, Func`2 getTokenValidationParametersFunc, AuthenticatedPrincipal& user, Exception& tokenValidationException, Boolean clearDefaultClaimsMapping) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/BearerTokenAuthenticationHelper.cs:line 64 2022-11-08T08:43:50.952631840Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.TryAuthenticateRequest(HttpContextBase context, AuthenticatedPrincipal& user, Exception& tokenValidationException) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 410 2022-11-08T08:43:50.952636140Z at Microsoft.Azure.AppService.Middleware.EasyAuthModule.AuthenticateAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 874 2022-11-08T08:43:50.952639640Z at Microsoft.Azure.AppService.Middleware.EasyAuthModule.OnAuthenticateRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 274 2022-11-08T08:43:50.952643140Z at Microsoft.Azure.AppService.Middleware.NetCore.AppServiceMiddleware.InvokeAsync(HttpContext context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.NetCore/AppServiceMiddleware.cs:line 112 2022-11-08T08:43:50.952654440Z at Microsoft.Azure.AppService.MiddlewareShim.AutoHealing.AutoHealingMiddleware.Invoke(HttpContext context) in /EasyAuth/Middleware.Host/AutoHealing/AutoHealingMiddleware.cs:line 55 2022-11-08T08:43:50.952657940Z at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
i have exactly the same setup :
Azure App service runnning a linux container on B1 plan Application: Docker container running a linux executable Authentication configured: Configured authentication via Azure ADB2C App registration
I tried it all :
rebuild the app in an other app service plan : did not work downgrading the version of the middleware of app service : did not work Reconfigure the Auth part : did not work
I'm waiting for Microsoft support to analyze the issue that we have. They should come back to me today of tomorrow (I hope!!!) Out test environment is dead, hopefully the production environment is still working : call it luck!
We're running into the same issues. Around 6 hours ago our production environment was running into 500 errors from the EasyAuth authentication layer. Other environments were still running during that time, since 2 hours our test environment also got affected. We were quite unlucky with the environment order in which the issues started occurring, i hope the best for you @rubicondimitri (however prepare for the worst).
We tested the following as well:
az webapp auth update --name <resource-name> --resource-group <resource-group> --runtime-version 1.5.1
(running az extension add --name authV2
beforehand)WEBSITE_CUSTOM_MIDDLEWARE_VERSION
configuration setting to stage2
These changes, including the suggestions mentioned above, did not change anything for our setup. We contacted Azure support as well and hope they resolve these issues quickly on their end, preferably using a rollback.
Also running into this issue with an App Service hosted with Ubuntu latest using the easy auth with a custom OneLogin provider. Here is my trace:
2022-11-08T15:54:32.026117357Z [41m[30mfail[39m[22m[49m: Microsoft.AspNetCore.Server.Kestrel[13]
2022-11-08T15:54:32.026164657Z ... An unhandled exception was thrown by the application.
2022-11-08T15:54:32.032132517Z System.PlatformNotSupportedException: Windows Cryptography Next Generation (CNG) is not supported on this platform.
2022-11-08T15:54:32.033581131Z at System.Security.Cryptography.RSACng..ctor()
2022-11-08T15:54:32.033592731Z at Microsoft.Azure.AppService.Middleware.JsonWebKey.GetSecurityKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/JsonWebKey.cs:line 100
2022-11-08T15:54:32.033596931Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.RefreshOpenIdConnectKeys() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 80
2022-11-08T15:54:32.033603431Z at Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectConfig.GetOpenIdConnectKeys(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/Config/IdentityProviders/OpenIdConnectConfig.cs:line 99
2022-11-08T15:54:32.033619031Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.GetTokenValidationParameters(Boolean forceRefresh) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 476
2022-11-08T15:54:32.033624231Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.TryValidateIdToken(String idToken, HttpContextBase context, AuthenticatedPrincipal& user, Exception& tokenValidationException) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 430
2022-11-08T15:54:32.033628431Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectProvider.HandleServerDirectedLoginAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/OpenIdConnectProvider.cs:line 336
2022-11-08T15:54:32.033632031Z at Microsoft.Azure.AppService.Middleware.IdentityProviderBase.OnCompleteServerDirectedLoginAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/IdentityProviderBase.cs:line 655
2022-11-08T15:54:32.033635732Z at Microsoft.Azure.AppService.Middleware.IdentityProviderBase.TryHandleProtocolRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/IdentityProviderBase.cs:line 185
2022-11-08T15:54:32.033639332Z at Microsoft.Azure.AppService.Middleware.EasyAuthModule.OnBeginRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 220
2022-11-08T15:54:32.033643132Z at Microsoft.Azure.AppService.Middleware.NetCore.AppServiceMiddleware.InvokeAsync(HttpContext context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.NetCore/AppServiceMiddleware.cs:line 102
2022-11-08T15:54:32.033646532Z at Microsoft.Azure.AppService.MiddlewareShim.AutoHealing.AutoHealingMiddleware.Invoke(HttpContext context) in /EasyAuth/Middleware.Host/AutoHealing/AutoHealingMiddleware.cs:line 55
2022-11-08T15:54:32.033650332Z at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
Edit: Was able to resolve after shutting down the app service, deleted all IDPs and disabled authentication. Re-setup authentication and IDPs and its working again.
App Service Authentication/Authorization team has identified the bug in version 1.6.2 and has now reverted all linux instances back to version 1.5.1. Please try restarting app to pick up version 1.5.1
Discussion issue for App Service Authentication/Authorization/CORS Middleware Version 1.5.1