Authenticating Azure AD Function fails with "Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.29.0.0, The system cannot find the file specified."

Siegfried Heintze 1,861

History:

I'm trying to write a compiled C# azure function that authenticates (and eventually authorizes) with Azure AD B2C This azure function will be protected by an Azure API Mgt. After a lot of fussing and cursing, I have a C# script azure function (as per this tutorial: https://learn.microsoft.com/en-us/azure/api-management/howto-protect-backend-frontend-azure-ad-b2c#build-the-function-api) that fetches the authentication header and decodes it to fetch the claims (to implement authorization) as discussed here: https://learn.microsoft.com/en-us/answers/questions/1240218/azure-ad-authenticated-azure-function-claims-to-be

I don't know why I cannot just fetch the claims from the http request: this works in MVC web apps but not in Azure (C# script) functions.

Since C# scripts die horribly when using the cosmos client (see https://learn.microsoft.com/en-us/answers/questions/1049462/azure-function-portal-c-script-cannot-fetch-nuget) I am creating a compiled C# azure function.

Current State of Affairs:

I need "System.IdentityModel.Tokens.Jwt" to decode the authentication header and this is working in the C# script. However, when I try to run the same code in a compiled C# azure function, I get this error:

WARNING: 2023-04-28T01:59:32.574 [Error] Executed 'Hello' (Failed, Id=ecb6cb4c-f99d-4532-9207-6e4e86e033d3, Duration=1ms) Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.29.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. The system cannot find the file specified.

I tried to uninstall this package and install it again using Visual Studio and deploy the compiled C# again but Visual Studio could not successfully deploy my C# code to the azure function any more (no error messages except a little warning icon in the portal that said "Azure Functions Runtime is unreachable").

So I deleted the azure function and deployed again with Visual Studio and was able to get the above error message from the logs again.

Please help me resolve this error so my azure function can authenticate and authorize.

Thanks

Siegfried

3 answers

RevelinoB 2,775 Reputation points

2023-04-28T04:23:28.9966667+00:00

Hi Siegried, It looks like you are facing an issue with loading the System.IdentityModel.Tokens.Jwt assembly in your compiled C# Azure Function. This error occurs when the required assembly is not found or cannot be loaded by the function.

To resolve this issue, please try to do the following steps if possible:

Ensure that the System.IdentityModel.Tokens.Jwt assembly is referenced in your project. You can do this by right-clicking on your project in Visual Studio, selecting "Manage NuGet Packages," and searching for the System.IdentityModel.Tokens.Jwt package. If it is not listed, install it.

Check the properties of the System.IdentityModel.Tokens.Jwt assembly reference in your project. Set the "Copy Local" property to true. This ensures that the assembly is copied to the output directory when building the project.

If you have multiple projects in your solution, make sure that all the projects targeting the Azure Function have the System.IdentityModel.Tokens.Jwt assembly referenced and set to "Copy Local" as mentioned in step 2.

Clean and rebuild your solution to ensure that the assembly is copied to the output directory.

Ensure that you have the appropriate version of the System.IdentityModel.Tokens.Jwt assembly referenced in your project. Check the version specified in your error message (Version=6.29.0.0) and verify if you have that specific version installed. If not, try installing the required version or update the code to use a compatible version of the assembly.

If the issue persists, try removing and re-adding the System.IdentityModel.Tokens.Jwt assembly reference. You can remove it from the project, clean the solution, and then add it again.

Verify that the required assembly is deployed to the Azure Function App. You can check the "Dependencies" section in the Azure portal for your Function App and ensure that System.IdentityModel.Tokens.Jwt is listed as a dependency. If it is not listed, try redeploying your Azure Function from Visual Studio to ensure the correct deployment.

After you followed these steps you should be able to resolve the assembly loading issue and successfully authenticate and authorize your Azure Function using Azure AD B2C.

I hope this helps? Please let me know if you have any other queries?
Please sign in to rate this answer.
Siegfried Heintze 1,861 Reputation points

2023-04-28T15:48:06.8966667+00:00

Years ago I remember being able to use the VS solution explorer to right click on a dependency and market it "local copy" but I cannot figure out how to do this in VS 2023 preview. I click on properties and is no menu entry to make a local copy.

Can this be done on the command with dotnet?

Perhaps I could edit the csproj file?

Siegfried Heintze 1,861 Reputation points

2023-04-29T00:44:58.94+00:00

I'm thinking that deploying a docker image to the function app will solve the problem but that is not working either (so far): https://learn.microsoft.com/en-us/answers/questions/1266333/how-to-deploy-docker-hub-linux-image-to-azure-func

RevelinoB 2,775 Reputation points

2023-04-29T07:28:11.98+00:00

Hi Siegfried.

In Visual Studio 2022 and later versions, the option to mark a dependency as "local copy" has been removed from the Solution Explorer. However, you can still achieve the same result by editing the project file (csproj) manually.

Alternatively, if you prefer to edit the project file manually without unloading the project, you can open the .csproj file in a text editor and make the necessary changes.

Regarding you last reply, Deploying a Docker image to an Azure Functions app can indeed be a solution to package and deploy your application along with its dependencies. It provides a self-contained environment that can help in resolving dependency-related issues.

To deploy a Docker image to an Azure Functions app, please follow the next steps:

Build and publish your Docker image locally using a Dockerfile that describes the necessary environment and dependencies for your Azure Functions app. Make sure the necessary packages, including System.IdentityModel.Tokens.Jwt, are included in the image.

Push the Docker image to a container registry such as Docker Hub, Azure Container Registry, or any other registry of your choice. This step makes the image accessible for deployment to Azure.

In the Azure portal, create an Azure Functions app or navigate to your existing app.

In the Function App settings, navigate to the "Container settings" section. Enable the "Deployment Center" and choose the container registry you used in Step 2. Configure the necessary settings for authentication and connection to the container registry.

Select the appropriate options to deploy the Docker image from the registry to your Azure Functions app. This may involve specifying the image name, tag, and any additional configuration settings.

Once the deployment process is completed, Azure will pull the Docker image from the container registry and deploy it as an Azure Functions app.

By deploying your application as a Docker image, you can have better control over the dependencies and ensure that the required packages, such as System.IdentityModel.Tokens.Jwt, are included. This approach can help resolve any missing assembly or dependency-related issues that you were facing with the compiled C# Azure Function.

Don't forget to make sure to test the deployed Docker-based Azure Functions app to verify that it works as expected with the desired authentication and authorization functionality.

I hope this helps with your issue?

Siegfried Heintze 1,861 Reputation points

2023-05-01T03:34:07.9766667+00:00

RevelinoB,

Thanks! I had some trouble figuring out how to mark it local! I got some hints from the new bing chat (I was hoping to find some explicit instructions or examples for the XML syntax. Since I found none I took a guess and I'm hoping that I'll get a syntax error if I'm wrong).

Here is what I tried in my csproj file:

<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.29.0"> <Private>True</Private> </PackageReference>

Is this the correct syntax? I did not get any syntax errors. Well shucks, I'm still getting the same error:

Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.29.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. The system cannot find the file specified.

I'm hoping you can help me make this "local copy" approach work because it should work with the consumption (free) model.

According to https://learn.microsoft.com/en-us/answers/questions/1266333/how-to-deploy-docker-hub-linux-image-to-azure-func, I need to use the premium or dedicated plan to use docker images. This is a surprise since I have successfully deployed docker webapp images on the free plan.

While I may give the premium plan a try tomorrow and hoping you can help me find a way to nail down this wayward package without having to abandon the consumption plan.

Siegfried
Sign in to comment
RevelinoB 2,775 Reputation points

2023-05-01T04:19:19.6466667+00:00
Hi Siegried, When I look at your code, the syntax you used in your .csproj file is incorrect for marking an assembly as local. To achieve this, you need to use the <PrivateAssets> attribute along with the CopyLocal value. To modify your .csproj file with the correct syntax:

<Project>  <ItemGroup>  <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.29.0"> <PrivateAssets>all</PrivateAssets> <CopyLocal>true</CopyLocal> </PackageReference> </ItemGroup>  </Project>

Try to update your .csproj file with these modifications and rebuild your Azure Function project.

Regarding the deployment of Docker images to Azure Functions, it's important to note that using Docker images with Azure Functions is supported in the premium or dedicated plans. Unfortunately, the free and consumption plans have certain limitations, and they may not support all features, including custom Docker images.

If you encounter difficulties with the "local copy" approach and the free plan, I recommend exploring alternative options. For example, you could consider using the "Copy Local Dependencies" feature in Visual Studio to handle the assembly copying automatically. Additionally, it might be worth exploring alternative methods for authentication and authorization in your Azure Function that don't rely on the System.IdentityModel.Tokens.Jwt package.

Just bare in mind, and I don't know if you're open to it, but you could try the premium or dedicated plans, as they offer greater flexibility and feature support for deploying Docker images in Azure Functions.

I hope this syntax will help you further?
Please sign in to rate this answer.
Siegfried Heintze 1,861 Reputation points

2023-05-01T16:14:34.4766667+00:00

Wow! I'm lovin' these fast responses! Thank you!

OK, I tried your syntax and did a rebuild and published again and I'm getting the same error:

`WARNING: Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.29.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. The system cannot find the file specified.

WARNING: 2023-05-01T16:09:16.650 [Information] Executing 'Hello' (Reason='This function was programmatically called via the host APIs.', Id=2688169d-9e07-4e06-81c2-a233878749d3)

WARNING: 2023-05-01T16:09:16.857 [Error] Executed 'Hello' (Failed, Id=2688169d-9e07-4e06-81c2-a233878749d3, Duration=1ms)`

I'll be eagerly awaiting your next suggestions. In the mean time I'll try that premium azure function with the docker container.

RevelinoB 2,775 Reputation points

2023-05-01T17:51:58.36+00:00

Hi Siegfried,

I apologize for the continued issue. I would suggest an alternative solution.

Instead of relying on the assembly being copied locally, you can manually include the required assembly as a file in your Azure Function project. Here's what you can do:

Right-click on your Azure Function project in Visual Studio and choose "Add" -> "Existing Item" to add an existing file to the project.

Browse to the location where the 'System.IdentityModel.Tokens.Jwt.dll' assembly is located. This could be in the bin folder of a project that already references it or in the packages folder of your solution.

Select the 'System.IdentityModel.Tokens.Jwt.dll' file and click "Add" to include it in your project.

After adding the file, right-click on it in the Solution Explorer and choose "Properties."

In the properties window, set "Copy to Output Directory" to "Copy always" or "Copy if newer."

Rebuild your Azure Function project and republish it.

By manually including the 'System.IdentityModel.Tokens.Jwt.dll' assembly in your project and ensuring it is copied to the output directory, you should no longer encounter the assembly loading error.

If you're still facing issues or have any further questions, please let me know, and I'll be happy to assist you.

Hope this helps?

Siegfried Heintze 1,861 Reputation points

2023-05-01T20:13:20.59+00:00

OK, I did that clever trick of manually including System.IdentityModel.Tokens.Jwt.dll in the output and I still have the same old problem...

So I went the portal to poke around inside the function app function and opened a KUDO session with powershell.

inside %USERPROFILE%\source\repos\CrewTaskManager\CrewTaskMgrAuthenticatedServices\bin\Release\net6.0 I see 77 dlls including System.IdentityModel.Tokens.Jwt.dll

However, inside the KUDO/powershell prompt on the portal.azure.com in the wwwroot/bin I don't see a net6.0 directory. I see CrewTaskMgrAuthenticatedServices.dll but I don't see nearly enough Microsoft.AspNetCore*.dll. And most importantly, I don't see System.IdentityModel.Tokens.Jwt.dll. I only see about 20 dll files.

When I descend into the wwwroot/bin/runtimes/win/lib I see directories netcoreapp2.0, netcoreapp3.0, netstandard2.0 and these are very small directories with on only two or there files each.

So this does not look right at all!

RevelinoB 2,775 Reputation points

2023-05-01T20:35:47.3033333+00:00

Hi Siegfried, Thank you for providing the additional information. It looks like that there might be an issue with the publishing process or the configuration of your Azure Function.

To further investigate and resolve the problem, please try the following:

In Visual Studio, ensure that your Azure Function project is set to the correct target framework (.NET 6.0). You can check and update this in the project properties under the "Application" tab.

Clean your solution by right-clicking on the solution in Visual Studio and selecting "Clean Solution."

Rebuild your solution by right-clicking on the solution and selecting "Rebuild Solution." This step ensures that all necessary dependencies are built and available.

Publish your Azure Function project again. Right-click on the project in Visual Studio and select "Publish." Follow the steps to publish the project to your Azure Function App.

Verify that the published files include the necessary dependencies, including the 'System.IdentityModel.Tokens.Jwt.dll' assembly. You can check this by navigating to the wwwroot/bin directory of your Azure Function App through KUDU or FTP. Ensure that the net6.0 directory exists and contains the required assemblies.

If the required assemblies are missing, it's possible that there may be an issue with the publishing configuration. In this case, you can try changing the publishing method to a self-contained deployment. To do this, right-click on your Azure Function project in Visual Studio, select "Publish," and choose the "Folder" publish target. Then, configure the publish settings to use a self-contained deployment with the appropriate target runtime (e.g., win-x64 for Windows). Publish the project again and verify if the necessary assemblies are included in the output.

If you still encounter issues with missing assemblies after following these steps, I recommend checking your project configuration, including any custom build steps or scripts that may be affecting the publishing process. Additionally, double-check that the 'System.IdentityModel.Tokens.Jwt' package is correctly referenced in your project and that it is compatible with the .NET 6.0 framework.

If the problem persists, please provide any relevant logs, error messages, or additional information you have, and I'll be glad to assist you further.

I hope this helps?

Siegfried Heintze 1,861 Reputation points

2023-05-02T00:07:33.7966667+00:00

FYI: I just update this other post using Docker to solve this problem: https://learn.microsoft.com/en-us/answers/questions/1266333/how-to-deploy-docker-hub-linux-image-to-azure-func

OK, back to RevelinoB's suggestions:

I did everything RevelinoB suggested and found no clues (everything looked fine) until the folder publish step. The resulting directory looks very similar to what was deployed inside the azure function as viewed with KUDU! In other words, we are missing a lot of files including the System.IdentityModel.Tokens.Jwt

Hmmm... why is this? What can I do about it?

RevelinoB 2,775 Reputation points

2023-05-02T04:14:26.07+00:00

Hi Siegfried,

If the published output is missing files, including the System.IdentityModel.Tokens.Jwt.dll, my thoughts are that it suggests that there might be an issue with the build or publish configuration of your Azure Function project. Here are some possible reasons and some check you can do to combat this problem.

Verify the project configuration:

Double-check that your Azure Function project is targeting the correct framework (.NET 6.0) in Visual Studio.

Ensure that the 'System.IdentityModel.Tokens.Jwt' package reference is correctly specified in your project file (csproj).

Clean and rebuild the solution:

Right-click on the solution in Visual Studio and select "Clean Solution" to remove any previously built artifacts.

Then, rebuild the solution by right-clicking on the solution and selecting "Rebuild Solution."

Ensure that the required package is being restored:

Check your NuGet package configuration and verify that the 'System.IdentityModel.Tokens.Jwt' package is listed and being restored correctly during the build process.

Check the build output logs:

Examine the build output logs in Visual Studio for any warning or error messages related to the missing assembly or package.

Pay attention to any warnings or errors related to package restore, unresolved references, or conflicts.

Verify the publish settings:

Review the publish settings in Visual Studio to ensure they are correctly configured for your Azure Function project.

Check that the necessary files and dependencies are included in the publish output.

Check for custom build steps or scripts:

If you have any custom build steps or scripts in your project, review them to ensure they are not interfering with the build or publish process.

Try a different publish method:

If the current publish method is not working as expected, you can try an alternative publish method. For example, you can try using the Azure Functions Core Tools to publish the function from the command line.

Reach out to Azure Functions support:

If you have gone through the above steps and are still experiencing the issue, it may be helpful to contact Azure Functions support for further assistance. They can provide more specific guidance based on the details of your project and environment.

By investigating these potential causes and taking the appropriate steps, you should be able to address the issue with the missing System.IdentityModel.Tokens.Jwt.dll assembly during the publish process.

I hope this helps?

Siegfried Heintze 1,861 Reputation points

2023-05-02T04:19:39.0733333+00:00

Please clarify "contact Azure Functions support". Does that mean posting another query somewhere or does it mean opening a support ticket with azure?

I'm thinking it could be a visual studio or dotnet issue because visual studio is not copying all the files to the publish directory.

RevelinoB 2,775 Reputation points

2023-05-02T04:53:22.93+00:00

Hi Siegfried,

You're right to consider that it could be an issue with Visual Studio or the .NET build process. In some cases, Visual Studio may not copy all the required files to the publish directory due to misconfigurations or other factors.

Here are a few additional steps you can try to address the issue:

Manually delete the bin and obj folders in your project directory to ensure a clean build. Then rebuild the solution and try publishing again.

Check the build output in Visual Studio for any warnings or errors related to file copying. Open the "Output" window (View -> Output) and select "Build" from the "Show output from" dropdown. Look for any relevant messages that might indicate issues with file copying.

Ensure that the necessary files are set to be included in the publish output:

Right-click on the file(s) in Visual Studio's Solution Explorer and select "Properties."

In the properties window, ensure that the "Build Action" is set to "Content" and the "Copy to Output Directory" property is set to "Copy always" or "Copy if newer."

Verify that the publishing settings are configured correctly:

Double-check the publishing settings in the Visual Studio Publish dialog to ensure that the correct target is selected and that the necessary files are included.

Review any publish profiles or deployment settings to ensure they are correctly configured.

Consider updating Visual Studio or .NET SDK versions:

If you're using an older version of Visual Studio or the .NET SDK, try updating to the latest stable version to see if the issue is resolved.

By "contact Azure Functions support," I meant opening a support ticket with Microsoft Azure support. This allows you to get direct assistance from the Azure support team to help investigate and resolve the issue you're facing.

I apologize for the inconvenience caused, and I hope these additional steps help you resolve the issue?
Sign in to comment
Siegfried Heintze 1,861 Reputation points

2023-08-21T23:52:44.4566667+00:00

Sorry for the delay. I was so happy to have resolved this that I forgot to post the solution.

Answer:

Since the ClaimsPrincipal argument does not work for C# script azure http trigger functions (I get claims, but not my claims) and it is necessary to insert the C# code to grab the authorization header and decode the JWT yourself, I assumed I would need to use the same approach for compiled C# azure functions.

However, that does not work for compiled C# azure functions (see my above errors that I never was able to resolve).

The claims principal argument does work for compiled C# azure http trigger functions, however. I get my claims.

It took me a long time to figure this out!

Thanks

Siegfried
Please sign in to rate this answer.
Siegfried Heintze (ARTECH CONSULTING LLC) 0 Reputation points Microsoft Vendor

2024-05-13T22:03:20.1233333+00:00

Typo: that should read

The claims principal argument does work for compiled C# azure http trigger functions, and I get my claims.
Sign in to comment

Share via

Authenticating Azure AD Function fails with "Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.29.0.0, The system cannot find the file specified."

3 answers