Could not load file or assembly 'Microsoft.IdentityModel.Tokens, Version=6.12.0.0...

[spplante]

Hi there,

I have been banging my head over this dependency problem and I am literally out of ideas...All I want to do it to secure my v3 HTTP trigged function by validating that the request has been granted the proper application role from a given app registration.

To do so I do the following:

• Create a brand new Azure Function v3
• Add the latest Microsoft.Azure.Functions.Extensions nuget (in order to be able to create the Startup.cs class)
• Add the latest Microsoft.Identity.Web nuget (for the IFunctionHostServices.Services.AddMicrosoftIdentityWebApi method)

Then all my function does is validate that the request access token comes from a specific app registration and contains a specific application role using the HttpContext.AuthenticateAsync() method, the code does absolutely nothing more.

Packages

    <PackageReference Include="Microsoft.Azure.Functions.Extensions" Version="1.1.0" />
    <PackageReference Include="Microsoft.Identity.Web" Version="1.15.2" />
    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="3.0.13" />

Startup.cs

public class Startup : FunctionsStartup
    {
        public override void Configure(IFunctionsHostBuilder builder)
        {
            var config = ...
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApi((JwtBearerOptions jwtBearerOptions) => { }, (MicrosoftIdentityOptions msiOptions) =>
            {
                msiOptions.Instance = "https://login.microsoftonline.com/";
                msiOptions.TenantId = "...";
                msiOptions.Domain = "...";
                msiOptions.ClientId = "...";
            });
        }
    }

Function1.cs

[FunctionName("Function1")]
public static async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
{
    AuthenticateResult? result = await req.HttpContext.AuthenticateAsync("Bearer");

    if (!result.Succeeded)
        return new StatusCodeResult(StatusCodes.Status401Unauthorized);
    if (!result.Principal.IsInRole("CallAPI"))
        return new StatusCodeResult(StatusCodes.Status403Forbidden);

    return new OkObjectResult("hehe");
}

So right away, with this simple helloworld example the latest Microsoft.Identity.Web nuget is broken right out of the box. The AuthenticateAsync() method fails like so :

When looking in the bin folder, the Microsoft.IdentityModel.Token dll is perfectly in place with the proper 6.12.0 version so I have no idea what the error is talking about...

After messing with the packages, I managed to stop this random error by downgrading the Microsoft.Identity.Web nuget to 1.14.1 which made my code run 100% perfectly.

Until I added another package! After adding the PnP.Core v1.3.0 nuget, without any additional line of code, the AuthenticateAsync() now runs without throwing but its output now return the following error :

This time it's complaining about Microsoft.IdentityModel.Token that can't be loaded using version 6.11.1 and obviously this is the exact version sitting in the bin folder.

I tried downgrading both nugets, I tried explicitely installing Microsoft.IdentityModel.Token, I tried the <_FunctionsSkipCleanOutput>true trick in the .csproj and it simply generated another error, what is going on with the dependencies?!

Any help would be appreciated!

[trobed]

Hey, I don't have a solution for you but noticed that there has been a bug created in the Identity Web github which mentions this problem, so perhaps it is being looked at there and you could mention that second issue with the PnP.Core in case it is relevant? See here https://github.com/AzureAD/microsoft-identity-web/issues/1386

[spplante]

@trobed Thanks will take a look, I also opened 7756 in the azure-functions-host repo and got an obscure response I didn't quite understand, we'll see how this goes...

[scale-tone]

Still observing the same.

This seems to be an ever-green issue. Previously raised as #397 and claimed to be fixed with https://github.com/Azure/azure-functions-host/issues/5894. All of those are closed, but the problem is still there.

Workarounds:

• Downgrade to Microsoft.NET.Sdk.Functions 3.0.3 (works for me).
• Add <_FunctionsSkipCleanOutput>true</_FunctionsSkipCleanOutput> to your CSPROJ-file (works for me).

[Ved2806]

Hi @spplante Closing this as duplicate as this issue is already being tracked at #7592. Thanks.