question

BhatuPatil-9514 avatar image
0 Votes"
BhatuPatil-9514 asked ·

Unable to sign in to Azure AD (SSO) protected ASP. net MVC app

I have developed a ASP.net MVC web app with Azure AD authentication (SSO) using OpenID token based authentication.
I developed and tested in on local machine and I was able to login aswell as get User details using Graph API.
But when I uploaded the same project to the production server it started giving signin errors.
I am able to sign in initially but when i try using other browser with other credentials it responds with 'We are unable to sign you in'
Sometimes it keeps bouncing between authentication page. Sometimes it gives Error 400: Bad header.
I don't understand why the same code runs fine at times and gets error rest of the time.!

8081-aad-auth-error.png


7986-login-error.png



Features used:
OpenId, MS Owin package, MS Graph API.

azure-active-directory
aad-auth-error.png (85.0 KiB)
login-error.png (69.8 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered ·

@BhatuPatil-9514, If the issues are coming up after moving it to the production server, then it would be interesting to note down if there are any type of difference between the production and the dev environment, in terms of the versions of the libraries or dependencies being used there.

If using old OWIN middleware version, likely it is hitting the Katana bug for OWIN middleware. You can read more on that here.

https://github.com/aspnet/AspNetKatana/wiki/System.Web-response-cookie-integration-issues

Also you can try referencing to the following link for more details:

"https://blogs.aaddevsup.xyz/2019/11/infinite-sign-in-loop-between-mvc-application-and-azure-ad/"

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

Do let us know if that helps.

If there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.


· 4 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Firstly thankyou so much for looking at it promptly.
I'hv gone through the links you mentioned, but let me make my issue a bit more clear.
Whenever I open a browser for the first time and navigate to the Url where I have deployed the web app, it works perfectly fine, after that no matter if I logout / close the browser and reopen it/ try it in another broswer / or any such thing it just wont work. And most annoying thing is it dosent reply with specific error, there are few issues and it keeps on giving them every time, randomly.
Following are the issues I face:
1. Object reference not set to an instance.
2. We cannot sign you in (On Signin page).
3. Infinite sign in loop.
4. Bad header/ Header too long.
5. OpenIdConnectProtocolValidationContext.Nonce was null.

So my point is if I am able to sign in and execute all the functionalities of the app with same login credentials and same code is being executed and why it is throwing these errors/exceptions rest of the time



0 Votes 0 · ·
soumi-MSFT avatar image soumi-MSFT BhatuPatil-9514 ·

@BhatuPatil-9514, Thank you for sharing the details. It looks like it would be difficult to troubleshoot the issue over the forum since the errors are random and with each try on the browser, it is changing. This would need deeper troubleshooting.

I would suggest involving the Microsoft's support team to so that they can get on a call and look into the issue. It would be great if you can share the following details on the email id: azcommunity[at]microsoft[dot]com

  • Tenant ID/Tenant Name:

  • Subscription ID:

  • Application ID:

  • Application Name:

Do share the following details and do not forget mentioning this thread there, since it would help me in identifying the issue.

0 Votes 0 · ·

I've mailed you all the information about my query. Awaiting your reply over e-mail.

0 Votes 0 · ·

@BhatuPatil-9514, tried looking into you backend but looks like issue would need deeper troubleshooting. I would recommend you opening a case with Microsoft Support to help you further.
See how to open a support ticket with Microsoft.


0 Votes 0 · ·