IIS Blazor server issue with JWT

Question

i'm trying to access to user roles and guid contains in JTW provided by Azure AD with this code :

in ConfigureService

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));

        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

in my controller i have those functions

    private Guid getUserGuid()
    {
        var httpContext = _HttpContextAccessor.HttpContext;
        var guid = httpContext.User.FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier");
        return guid == null ? new Guid() : Guid.Parse(guid);
    }

    public Result GetUserInformations()
    {
        try
        {
            //Get user GUID
            Guid guid = getUserGuid();

            var httpContext = _HttpContextAccessor.HttpContext;
            string[] roles = httpContext.User.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray();

            return new Result() { Success = true, Object = new UserInformations() { Guid = guid, Roles = roles} };
        }
        catch (Exception e)
        {
            return new Result() { Success = false, Message = $"{e.Message} {e.InnerException}" }; ;
        }
    }

Now i hosted my app on IIS 10 and i have this log :

fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.. ---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.

This work on my VS2022 and my personnal IIS10...

Any ideas

Thanks

Answer 1

Please make sure to use the latest version of your dot-net framework. Certain tasks require the “.NET” framework to be updated to the latest version in order for them to work properly.

• If the application is running on TLS 1.1 or TLS 1.0, this error might occur as they are depreciated. Select the protocol as TLS 1.2 which the application uses.

In application start ,add following before making an api call,

//specify to use TLS 1.2
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Please check this reference.

In startup configure method, add app.UseHttpsRedirection();

Also check (TLS) best practices with the .NET Framework If azure App service is used ,Set the minimum TLS version for your App Service instance to TLS 1.2.

Note:It may be due to firewall issue

References:

1. Authentication errors when client doesn't have TLS 1.2 support - SharePoint | Microsoft Docs
2. Secure a custom DNS with a TLS/SSL binding - Azure App Service | Microsoft Docs
3. Azure AD Connect: TLS 1.2 enforcement for Azure Active Directory Connect | Microsoft Docs

Answer 2

Hi thanks for the answer. After some research it wasn't due to my app but the background request to microsoft.com was lock by the firewall...

Thanks