0

I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected.

Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error. 

string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;    
var authContext1 = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new NaiveSessionCache(userObjectID));
    var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, appKey);
    var tokenResult = await authContext1.AcquireTokenAsync(todoListResourceId, credential);

I copied NaiveSessionCache from one of the azure samples on github. Then I pass this tokenResult.AccessToken to webApi call using HttpClient. This gives me 500 server timeout error.

However, if I don't use NaiveSessionCache in authContext1 and replace it with false in its constructor (no cache), code works fine.

What am I missing here? Thanks!

Sam
  • 519
  • 1
  • 7
  • 32
  • Are you able to get the access token successfully? You can capture the request using Fiddler to check whether the issue caused by acquire token or request the web API. – Fei Xue Jan 16 '17 at 10:09
  • Nope. I removed the WebAPi calling code and have just AcquireToken code and it fails with same server timeout error. Something wrong with AuthenticationContext constructor. As I mentioned originally if I don't create new NaiveSessionCache but just pass false in the constructor then it works like a charm and get back access token. – Sam Jan 17 '17 at 15:22

1 Answers1

1

The issue seems to relative to the specific version of ADAL. I am able to reproduce this issue using the latest version of ADAL(3.13.8). What's the version of ADAL you were developing?

However when I downgrade the ADAL to the version 3.9.304210845(from the code sample using the NaiveSessionCache class), the code works well for me.

You can refer this specific version by following steps below:

  1. Replace the version in project file which refer ADAL(*.csproj)

 <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
      <Private>True</Private>
    </Reference>
    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
      <Private>True</Private>
    </Reference>
  1. Replace the version info about ADAL in package.config

<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.9.304210845" targetFramework="net45" />

  1. Delete the packages folder

  2. Rebuild the solution to restore the 3.9.304210845 version ADAL

Please let me whether it works for you. And to fix the issue, I suggest that you reopen a new issue from here.

Update

After the investigation, the high version of ADAL acquire the token using Task.ConfigureAwait(false) which will break the original context of thread. Then we are not able to access the HttpContext.Current.Session which used to store the token after using the ADAL to acquire the token.

Fei Xue
  • 14,369
  • 1
  • 19
  • 27
  • Downgrading the nuget package worked! Thanks! Logged a new issue as well here: https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/589 – Sam Jan 18 '17 at 23:51