ADAL.Net TokenCache throwing server timeout error with 500 error code

主宰稳场 提交于 2019-12-12 02:18:14

问题


I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected.

Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error.

string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;    
var authContext1 = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new NaiveSessionCache(userObjectID));
    var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, appKey);
    var tokenResult = await authContext1.AcquireTokenAsync(todoListResourceId, credential);

I copied NaiveSessionCache from one of the azure samples on github. Then I pass this tokenResult.AccessToken to webApi call using HttpClient. This gives me 500 server timeout error.

However, if I don't use NaiveSessionCache in authContext1 and replace it with false in its constructor (no cache), code works fine.

What am I missing here? Thanks!


回答1:


The issue seems to relative to the specific version of ADAL. I am able to reproduce this issue using the latest version of ADAL(3.13.8). What's the version of ADAL you were developing?

However when I downgrade the ADAL to the version 3.9.304210845(from the code sample using the NaiveSessionCache class), the code works well for me.

You can refer this specific version by following steps below:

  1. Replace the version in project file which refer ADAL(*.csproj)

 <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
      <Private>True</Private>
    </Reference>
    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
      <Private>True</Private>
    </Reference>
  1. Replace the version info about ADAL in package.config

<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.9.304210845" targetFramework="net45" />
  1. Delete the packages folder

  2. Rebuild the solution to restore the 3.9.304210845 version ADAL

Please let me whether it works for you. And to fix the issue, I suggest that you reopen a new issue from here.

Update

After the investigation, the high version of ADAL acquire the token using Task.ConfigureAwait(false) which will break the original context of thread. Then we are not able to access the HttpContext.Current.Session which used to store the token after using the ADAL to acquire the token.



来源:https://stackoverflow.com/questions/41644067/adal-net-tokencache-throwing-server-timeout-error-with-500-error-code

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!