Following documentation on how to setup with OWIN Web API, I tried to adapt the solution to work with a self-hosted OWIN setup, but I get a System.NullReferenceException when I try to call TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>(). The setup is explained in the reproduction steps, but basically it calls Microsoft.Owin.Hosting.WebApp.Start<Startup>() in a console app (which works fine if I don't try to call the OwinTokenAcquirerFactory).
It throws an exception in the DefineConfiguration method override, which binds default AzureAD appsettings values and, for some reason, returns HttpContext.Current.Request.PhysicalApplicationPath
Considering that I'm in a Console app, and just starting up the owin host, there are no HttpContext. I tried assigning a bogus HttpContext to Current but it still complained about path being null further down the line. Also, I made sure to run Visual Studio in Administrator too, as it crashed around FilePermissions when using the bogus HttpContext.
Reproduction steps
Create a new .NET Framework 4.8 Console App
Add the Microsoft.Identity.Web.OWIN, Microsoft.AspNet.WebApi.OwinSelfHost and Microsoft.Owin.Security.Cookies
Add a Startup.cs file and copy this code
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
// Web API configuration and services
var config = new HttpConfiguration();
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
app.UseWebApi(config);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OwinTokenAcquirerFactory factory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
app.AddMicrosoftIdentityWebApi(factory);
factory.Build();
}
}
Add this bit of code to your Main
var baseAddress = "http://localhost:9000/";
using (var server = WebApp.Start<Startup>(baseAddress))
{
Console.WriteLine(string.Format("Server running at {0}", baseAddress));
Console.ReadLine();
}
System.NullReferenceException
HResult=0x80004003
Message=Object reference not set to an instance of an object.
Source=Microsoft.Identity.Web.OWIN
StackTrace:
at Microsoft.Identity.Web.OWIN.OwinTokenAcquirerFactory.DefineConfiguration(IConfigurationBuilder builder)
at Microsoft.Identity.Web.TokenAcquirerFactory.ReadConfiguration()
at Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance[T](String configSection)
at MicrosoftEntraSelfHostOWIN.Startup.Configuration(IAppBuilder app) in C:\GitHub\MicrosoftEntraOWIN\MicrosoftEntraSelfHostOWIN\Startup.cs:line 30
Id Web logs
No response
Relevant code snippets
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
// Web API configuration and services
var config = new HttpConfiguration();
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
app.UseWebApi(config);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
OwinTokenAcquirerFactory factory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
app.AddMicrosoftIdentityWebApi(factory);
factory.Build();
}
}
internal class Program
{
static void Main(string[] args)
{
var baseAddress = "http://localhost:9000/";
using (var server = WebApp.Start<Startup>(baseAddress))
{
Console.WriteLine(string.Format("Server running at {0}", baseAddress));
Console.ReadLine();
}
}
}
<appSettings>
<add key="ida:ClientId" value="ba39bc6d-30c9-4882-9d7f-7aa94fa16afc" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
<add key="ida:Domain" value="indixio.com" />
<add key="ida:TenantId" value="bda58cbe-3512-4e4b-b8e2-7c3972ce7116" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44382/signin-oidc" />
<add key="ida:ClientSecret" value="" />
</appSettings>
Regression
No response
Expected behavior
I expect TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>() to return an OwinTokenAcquirerFactory, even when in a Self-Hosted Owin environment.
I can also live with documented extra steps for this specific scenario.
Microsoft.Identity.Web Library
Microsoft.Identity.Web.OWIN
Microsoft.Identity.Web version
2.17.0
Web app
Not Applicable
Web API
Protected web APIs (validating scopes/roles)
Token cache serialization
In-memory caches
Description
Following documentation on how to setup with OWIN Web API, I tried to adapt the solution to work with a self-hosted OWIN setup, but I get a System.NullReferenceException when I try to call
TokenAcquirerFactory
.GetDefaultInstance
<OwinTokenAcquirerFactory>()
. The setup is explained in the reproduction steps, but basically it callsMicrosoft.Owin.Hosting.WebApp.Start<Startup>()
in a console app (which works fine if I don't try to call theOwinTokenAcquirerFactory
).It throws an exception in the
DefineConfiguration
method override, which binds default AzureAD appsettings values and, for some reason,returns HttpContext.Current.Request.PhysicalApplicationPath
Considering that I'm in a Console app, and just starting up the owin host, there are no HttpContext. I tried assigning a bogus
HttpContext
toCurrent
but it still complained aboutpath
being null further down the line. Also, I made sure to run Visual Studio in Administrator too, as it crashed around FilePermissions when using the bogus HttpContext.Reproduction steps
Microsoft.Identity.Web.OWIN
,Microsoft.AspNet.WebApi.OwinSelfHost
andMicrosoft.Owin.Security.Cookies
Add a Startup.cs file and copy this code
Copy Always
and put the following content:Error message
System.NullReferenceException HResult=0x80004003 Message=Object reference not set to an instance of an object. Source=Microsoft.Identity.Web.OWIN StackTrace: at Microsoft.Identity.Web.OWIN.OwinTokenAcquirerFactory.DefineConfiguration(IConfigurationBuilder builder) at Microsoft.Identity.Web.TokenAcquirerFactory.ReadConfiguration() at Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance[T](String configSection) at MicrosoftEntraSelfHostOWIN.Startup.Configuration(IAppBuilder app) in C:\GitHub\MicrosoftEntraOWIN\MicrosoftEntraSelfHostOWIN\Startup.cs:line 30
Id Web logs
No response
Relevant code snippets
Regression
No response
Expected behavior
I expect
TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>()
to return an OwinTokenAcquirerFactory, even when in a Self-Hosted Owin environment.I can also live with documented extra steps for this specific scenario.