0

I am trying to get Azure AD connected service working for my dotnet framework applications. I went through the wizard and it added the necessary dependencies and files I need for it to work. The issue I am having is it does not reliably work. So I've rolled back and I am just working locally. If I type in localhost/Athena it does not work, however, it leaves /signin-oidc at the end of the URL. When I manually delete that last part the page works fine. The error I am getting is

IDX21323: RequireNonce is 'System.Boolean'. OpenIdConnectProtocolValidationContext.Nonce was null.

If I type in https://localhost/Athena it works every time. Below is the code from my Startup.Auth.cs file.

public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = "8675309",
                Authority = authority,                    
                CallbackPath = new PathString("/signin-oidc"),
                //Tried with the below redirecturi and I still have the same issues.
                //RedirectUri = "https://localhost/Athena/signin-oidc"
            });
    }
Jayendran
  • 9,638
  • 8
  • 60
  • 103
smuldr
  • 315
  • 1
  • 12

1 Answers1

0

This exception is occured when an OpenIdConnect middleware encounters an invalid nonce or a missing nonce cookie. Try making following configurations.

Configure startup.cs as below

AuthenticationType = “ApplicationCookie”,
CookieSameSite = SameSiteMode.None,
CookieSecure = CookieSecureOption.Always

Check/configure web.config:

<system.web>
<sessionState cookieSameSite=”None”/>
<httpCookies requireSSL=”true” />
</system.web>

note:Make sure all your website traffic is over https.

The initialization code is different depending on the platform. For ASP.NET Core and ASP.NET, signing in users is delegated to the OpenID Connect middleware. Some configuration is required to adapt them to the Microsoft identity platform.

The code related to authentication in an ASP.NET web app and web APIs is located in the App_Start/Startup.Auth.cs file.

     public void ConfigureAuth(IAppBuilder app)
     {
      app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

      app.UseCookieAuthentication(new CookieAuthenticationOptions());

      app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
         // Authority` represents the identity platform endpoint - https://login.microsoftonline.com/common/v2.0.
         // `Scope` describes the initial permissions that your app will need.
         //  See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/.
         ClientId = clientId,
         Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, "common", "/v2.0"),
         RedirectUri = redirectUri,
         Scope = "openid profile",
         PostLogoutRedirectUri = redirectUri,
        });
     }
kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • Thank for your this but one quick question. My Startup.cs file is very basic. public partial class Startup { public void Configuration(IAppBuilder app) { ConfigureAuth(app); } } – smuldr Jun 22 '21 at 16:46
  • The code you provided for the Startup.cs file can I just put that on the Startup.Auth.cs file similiar to: https://learn.microsoft.com/en-us/aspnet/samesite/csmvc – smuldr Jun 22 '21 at 17:23
  • I made these changes and I am still getting the same result – smuldr Jun 22 '21 at 17:30
  • Try referring answer for this similar question here which can be helpful - https://stackoverflow.com/questions/49944071/idx21323-openidconnectprotocolvalidationcontext-nonce-was-null-openidconnectpro – kavyaS Jun 22 '21 at 17:48