问题
I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected.
Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error.
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authContext1 = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, new NaiveSessionCache(userObjectID));
var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(clientId, appKey);
var tokenResult = await authContext1.AcquireTokenAsync(todoListResourceId, credential);
I copied NaiveSessionCache from one of the azure samples on github. Then I pass this tokenResult.AccessToken to webApi call using HttpClient. This gives me 500 server timeout error.
However, if I don't use NaiveSessionCache in authContext1 and replace it with false in its constructor (no cache), code works fine.
What am I missing here? Thanks!
回答1:
The issue seems to relative to the specific version of ADAL. I am able to reproduce this issue using the latest version of ADAL(3.13.8
). What's the version of ADAL you were developing?
However when I downgrade the ADAL to the version 3.9.304210845
(from the code sample using the NaiveSessionCache
class), the code works well for me.
You can refer this specific version by following steps below:
- Replace the version in project file which refer ADAL(*.csproj)
<Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
<Private>True</Private>
</Reference>
<Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.9.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.9.304210845\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
<Private>True</Private>
</Reference>
- Replace the version info about ADAL in package.config
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.9.304210845" targetFramework="net45" />
Delete the packages folder
Rebuild the solution to restore the
3.9.304210845
version ADAL
Please let me whether it works for you. And to fix the issue, I suggest that you reopen a new issue from here.
Update
After the investigation, the high version of ADAL acquire the token using Task.ConfigureAwait(false)
which will break the original context of thread. Then we are not able to access the HttpContext.Current.Session
which used to store the token after using the ADAL to acquire the token.
来源:https://stackoverflow.com/questions/41644067/adal-net-tokencache-throwing-server-timeout-error-with-500-error-code