search

AzureAD / azure-activedirectory-identitymodel-extensions-for-dotnet

IdentityModel extensions for .Net
MIT License
1.07k stars 401 forks source link

Microsoft.IdentityModel is broken for Azure Deployment #956

Closed ghost closed 6 years ago

ghost commented 6 years ago

I have a Cloud Service (Worker Role) that works just great in the development environment using the Cloud emulator. When I deploy that service to Azure, the call to validate the security token on the server side fails. It throws several exceptions which the client process. Digging into the inner exception stack, the first important one is:

IDX20804: Unable to retrieve document from: '[PII is hidden]'. 

   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__23.MoveNext()

Digging deeper, we get:

The type initializer for 'Microsoft.IdentityModel.Protocols.HttpDocumentRetriever' threw an exception. with a stack trace of:

at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()

And finally, there's this inner exception:

Could not load type 'System.FormattableString' from assembly 'mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. with

   at System.Net.Http.HttpMessageHandler..ctor()
   at System.Net.Http.HttpClientHandler..ctor()
   at System.Net.Http.HttpClient..ctor()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever..cctor()

Again, can't stress this enough, works great on the simulator. Blows up in the cloud. Did no one consider that we might be using this library in a Cloud Service?

brentschmaltz commented 6 years ago

@Dark-Bond Can you run it again, first setting IdentityModelEventSource.ShowPII = true (thank GDPR, not me).

brentschmaltz commented 6 years ago

@Dark-Bond we just pulled https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/953 , that should be up on myget soon (https://www.myget.org/gallery/azureadwebstacknightly)

ghost commented 6 years ago

I ran it with ShowPII = true. No difference. It crashed. But I noticed that it kept crashing on System.FormattableString, so I tried to instantiate on in the method that called the Microsoft.IdentityModel methods. Azure took an exception in that method. It would appear that whatever assembly attempts to call System.FormattableString, that assembly will crash Azure Cloud Services.

brentschmaltz commented 6 years ago

@Dark-Bond ShowPII = true, will give us the full stack trace, won't fix the issue. Sorry, I could have been clearer.

Failing on FormattableString is a good clue, thanks.

ghost commented 6 years ago

Sorry, I've had to move on, but the last clue should be enough. Whatever level you have set for your stack tracing, it will stop at the level before you try to instantiate a System.FormattableString.

GeoK commented 6 years ago

There is not enough information to reproduce the issue and the issue author has left GitHub. I'm therefore closing this issue.