Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AcquireTokenForClient Stuck when application hosted in IIS #2520

Closed
TejendraPrasad opened this issue Mar 31, 2021 · 7 comments
Closed

AcquireTokenForClient Stuck when application hosted in IIS #2520

TejendraPrasad opened this issue Mar 31, 2021 · 7 comments
Labels
external

Comments

@TejendraPrasad
Copy link

TejendraPrasad commented Mar 31, 2021
edited
Loading

Hi,

I am trying to acquire Token using certificate to connect Graph API. Its works in console application and local IIS express.

However, when hosted same in IIS it get stuck and timed out.

Code Snippet:

           var msalClient = ConfidentialClientApplicationBuilder
            .Create(config.ClientID)
            .WithCertificate(GetCertificateByThumbprint(config.ApplicationThumbprint))
            .WithAuthority(AadAuthorityAudience.AzureAdMyOrg, true)
            .WithTenantId(config.TenantID)
            .Build();

         result = await msalClient.AcquireTokenForClient(scopes).ExecuteAsync(); // **Gets Stuck** - IT DOES NOT EVEN GO TO NEXT STEP

        requestMessage.Headers.Authorization =
            new AuthenticationHeaderValue("bearer", await GetAccessTokenAsync());

        var users = await graphClient.Users.Request().Filter($"mail eq '{emailAddress}'").GetAsync();

I have createD ASP.NET MVC for poc and will convert into Web API.

I do not want to use user login token or such... There is no login page and we want to interact MS Graph API using application specific Client ID.

Please some one help on this.

thank you!
@jmprieur
Copy link
Contributor

jmprieur commented Apr 1, 2021

@TejendraPrasad : did you try to use fiddler to understand if Azure AD is reached at all?
this seems more like a network issue to me

@TejendraPrasad
Copy link
Author

Hi Jean,

thank you for coming back.

Its working with console and IIS express... only when I host the application in IIS it gets stuck.

Console, IIS express all in same server, so i assume network issue ruled out as its everything on same box.

Thank you!
Regards,
Tej

@jmprieur
Copy link
Contributor

jmprieur commented Apr 1, 2021

I meant a port configuration issue in IIS, @TejendraPrasad

@TejendraPrasad
Copy link
Author

TejendraPrasad commented Apr 1, 2021
edited
Loading

Can you please elaborate port configuration please. and where to configure it @jmprieur

In Binding, we use 443 and 80.

Do i need to configure redirect uri in azure ad?

@jmprieur
Copy link
Contributor

jmprieur commented Apr 5, 2021

for AquireTokenForClient, you don't need a redirect URI, @TejendraPrasad

@jmprieur jmprieur mentioned this issue Apr 5, 2021
Closed
@TejendraPrasad
Copy link
Author

TejendraPrasad commented Apr 5, 2021
edited
Loading

@jmprieur thank you for the guidance. And you are right it was IIS Proxy and Port issue

When i executed My Web app with my ID as Application Pool Identity it worked, However, when i tried with default application pool Identity it was not working.

After tracing i found default application pool identity did not know which IP Proxy to use in order to connect.

So, i added below config in web.config

<configuration> <system.net> <defaultProxy> <proxy usesystemdefault="True" proxyaddress="*YOUR PROXY IP*" bypassonlocal="True" /> </defaultProxy> </system.net> </configuration>

@jmprieur
Copy link
Contributor

jmprieur commented Apr 5, 2021

Thanks for sharing the solution, @TejendraPrasad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
external
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TejendraPrasad @jmprieur