0

I have an asp.net MVC application and I have registered application in azure directory for Microsoft Identity Platform and same details were configured in web.config, Startup.cs file and tried few approaches to resolve the error but no luck.

Below i have pasted the code which i am using in my application please let me know what changes are required to resolve the issue

Below are web.config file changes

ClientId: XXXXX-XXXXX-XXXX-3b59
TenantID: XXXX-XXXX-XXXX-d086
Authority: https://login.microsoftonline.com/{0}/v2.0
redirectUri: http://localhost/XXXX

  <system.web>
    <sessionState cookieSameSite="None"/>
    <httpCookies requireSSL="true"/>
  </system.web>

Startup.cs file changes

// The Client ID is used by the application to uniquely identify itself to Azure AD.
string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];

// RedirectUri is the URL where the user will be redirected to after they sign in.
string redirectUri = System.Configuration.ConfigurationManager.AppSettings["redirectUri"];

// Tenant is the tenant ID (e.g. contoso.onmicrosoft.com, or 'common' for multi-tenant)
static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];

string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant); 


public void Configuration(IAppBuilder app)
        {

            IdentityModelEventSource.ShowPII = true;

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
            

            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                AuthenticationType = "ApplicationCookie",
                CookieSameSite = SameSiteMode.None,
                CookieSecure = CookieSecureOption.Always,
                CookieHttpOnly = true
               
            });

            
           OpenIdConnectProtocolValidator dd = new OpenIdConnectProtocolValidator()
           {
               RequireNonce = false,
           };
           

            app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // Sets the ClientId, authority, RedirectUri as obtained from web.config
                ClientId = clientId,
                Authority = authority,
                RedirectUri = redirectUri,
                // PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
                PostLogoutRedirectUri = redirectUri,
                Scope = OpenIdConnectScope.OpenIdProfile,
                // ResponseType is set to request the code id_token - which contains basic information about the signed-in user
                ResponseType = OpenIdConnectResponseType.CodeIdToken,
               

                TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuer = false
                },

                // OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
                Notifications = new OpenIdConnectAuthenticationNotifications
                {

                    AuthenticationFailed = OnAuthenticationFailed

                }
            }
        );
    }

private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
  context.HandleResponse();
  context.Response.Redirect("/?errormessage=" + context.Exception.Message);
  return Task.FromResult(0);
}

Error Details: IDX21323: RequireNonce is 'True'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

Akshay Bagi
  • 179
  • 1
  • 8

1 Answers1

0

Please check the following:

Startup.cs .It seems to be good.

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    CookieSameSite = SameSiteMode.None,
    CookieSecure = CookieSecureOption.Always,
    CookieHttpOnly = true,
    CookieManager = new Code.SameSiteCookieManager(new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager())
});

In some cases chrome usually doesn’t save cookie when SameSite=None and traffic is over HTTP. So modify vs code to use HTTPS which is secure protocol.

Launchsetting.json:

"webApp": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      "applicationUrl": "http://localhost:44321/"
    }

enter image description here

In App registration portal check if the url is using secure https.

enter image description here

Executed:

enter image description here

Also please check idx21323-openidconnectprotocolvalidationcontext-nonce-was-null-openidconnectpro | StackOverflow

kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • There is no privilege for me to change application url from http tp https. Is there any alternate solution to fix the above issue by making use of http protocol. – Akshay Bagi Apr 26 '23 at 06:58