0

I almost tried every solution so far for getting out of the problem of following exception.

Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidNonceException: IDX21323: RequireNonce is '[PII is hidden]'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.
                              at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateNonce(OpenIdConnectProtocolValidationContext validationContext)
                              at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateAuthenticationResponse(OpenIdConnectProtocolValidationContext validationContext)
                              at Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler.<AuthenticateCoreAsync>d__11.MoveNext()

But I am not able to get rid of the above exception.

If I try second time, it works. But for very first time ( at very first attempt ), this does not work at all.

I have Microsoft.Owin.Security.OpenIdConnect latest package installed into .NET application. Mostly using default implementation of Owin middleware hooked up for IIS normal HTTP call.

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
                app.UseCookieAuthentication(new CookieAuthenticationOptions());                   

                app.UseOpenIdConnectAuthentication(
                    new OpenIdConnectAuthenticationOptions
                    {
                        AuthenticationMode = AuthenticationMode.Passive,
                        ClientId = lClientId.ToString(),
                        Authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], lTenantId),
                        RedirectUri = "https://1001apvdp1012.forest7.dom/AHPOneFrontend/ExtAz/",

                        PostLogoutRedirectUri = string.Format(postLogoutRedirectUri, HttpContext.Current.Request.Url.DnsSafeHost),

                        Scope = OpenIdConnectScope.OpenIdProfile,
                        ResponseType = OpenIdConnectResponseType.IdToken,
                        TokenValidationParameters = new TokenValidationParameters()
                        {
                            ValidateIssuer = true // This is a simplification
                        },
                        Notifications = new OpenIdConnectAuthenticationNotifications
                        {
                            AuthenticationFailed = OnAuthenticationFailed,
                            SecurityTokenValidated = OnSecurityTokenValidated,
                            RedirectToIdentityProvider = OnRedirectToIdentityProvider
                        }
                    }

rest of other values are coming from configuration file.

I am attaching fiddler request flow to demonstrate about the request

enter image description here

enter image description here

enter image description here

The nonce cookie appended in the result response. Now If I try from this point own ward (again an attempt ), it will be successful. This time following URL would be posted to application server.

enter image description here

I really have no idea how to solve this.

I already saw the posts :

https://blogs.aaddevsup.xyz/2019/07/receiving-error-idx21323-or-dx10311-requirenonce/ IDX21323 OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocolValidatedIdToken.Paylocad.Nonce was not null

.......

But these didnt solve my issue.

Usman
  • 2,742
  • 4
  • 44
  • 82

0 Answers0