Unable to obtain OpenID Configuration when running ver 1.1 of the OpenIdConnect/Kestrel libraries

[snickler]

When I'm running version 1.1 of the Microsoft.AspNetCore.Authentication.OpenIdConnect and Microsoft.AspNetCore.Kestrel libraries, I'm unable to kick off the auth flow when hitting a WebAPI endpoint that uses the Authorization attribute. I can continually reproduce this. Downgrading to 1.0.2/1.0.1 of the libraries and dependencies allows the redirection to the OpenID provider to occur, and the full auth flow to work.

Here's the error I'm receiving (with urls replaced):

Microsoft.AspNetCore.Server.Kestrel: Error: Connection id "0HL2EL99HNV9A": An unhandled exception was thrown by the application.

System.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://myserver.domain/realm/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'https://myserver.domain/realm/.well-known/openid-configuration'. ---> System.IO.FileLoadException: Could not load file or assembly 'System.Diagnostics.DiagnosticSource, Version=4.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
at System.Net.Http.WinHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClientHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpMessageInvoker.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.GetAsync(Uri requestUri, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__24.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.<ChallengeAsync>d__72.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.d__72.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.ChallengeResult.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__30.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext()
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request finished in 748.4304ms 500
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request starting HTTP/1.1 GET http://localhost:21744/favicon.ico
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request finished in 11.2054ms 404
The program '[26032] chrome.exe: WebKit' has exited with code -1 (0xffffffff).
The program '[8268] iisexpress.exe: Program Trace' has exited with code 0 (0x0).
The program '[24528] WebAPIOAuth.exe' has exited with code 0 (0x0).
The program '[24528] WebAPIOAuth.exe: Program Trace' has exited with code 0 (0x0).
The program '[8268] iisexpress.exe' has exited with code 0 (0x0).

[snickler]

If I upgrade all AspNetCore libraries to 1.1, but leave Kestrel to version 1.0.2, I get the following:

System.IO.FileLoadException: Could not load file or assembly 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.SimpleActivator.CreateInstance(Type expectedBaseType, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.ActivatorExtensions.CreateInstance[T](IActivator activator, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)

=== Pre-bind state information ===
LOG: DisplayName = Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
(Fully-specified)
LOG: Appbase = file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/
LOG: Initial PrivatePath = NULL
Calling assembly : Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60.

LOG: This bind starts in default load context.
LOG: Using application configuration file: C:\Users\Jeremy\Documents\Visual Studio 2015\Projects\WebAPIOAuth\src\WebAPIOAuth\bin\x64\Debug\net462\WebAPIOAuth.exe.Config
LOG: Using host configuration file:
LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
LOG: Attempting download of new URL file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/Microsoft.AspNetCore.DataProtection.DLL.
WRN: Comparing the assembly name resulted in the mismatch: Minor Version
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.

Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver: Warning: Key {202ee535-372b-4c59-859a-bb976d2b76aa} is ineligible to be the default key because its CreateEncryptorInstance method failed.

System.IO.FileLoadException: Could not load file or assembly 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.SimpleActivator.CreateInstance(Type expectedBaseType, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.ActivatorExtensions.CreateInstance[T](IActivator activator, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.b__0()
at System.Lazy1.CreateValue() at System.Lazy1.LazyInitValue()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key)

=== Pre-bind state information ===
LOG: DisplayName = Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
(Fully-specified)
LOG: Appbase = file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/
LOG: Initial PrivatePath = NULL
Calling assembly : Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60.

LOG: This bind starts in default load context.
LOG: Using application configuration file: C:\Users\Jeremy\Documents\Visual Studio 2015\Projects\WebAPIOAuth\src\WebAPIOAuth\bin\x64\Debug\net462\WebAPIOAuth.exe.Config
LOG: Using host configuration file:
LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
LOG: Attempting download of new URL file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/Microsoft.AspNetCore.DataProtection.DLL.
WRN: Comparing the assembly name resulted in the mismatch: Minor Version
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.

Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver: Warning: Key {202ee535-372b-4c59-859a-bb976d2b76aa} is ineligible to be the default key because its CreateEncryptorInstance method failed.

System.IO.FileLoadException: Could not load file or assembly 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.SimpleActivator.CreateInstance(Type expectedBaseType, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.ActivatorExtensions.CreateInstance[T](IActivator activator, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.b__0()
at System.Lazy1.CreateValue() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Lazy1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key)

=== Pre-bind state information ===
LOG: DisplayName = Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
(Fully-specified)
LOG: Appbase = file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/
LOG: Initial PrivatePath = NULL
Calling assembly : Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60.

LOG: This bind starts in default load context.
LOG: Using application configuration file: C:\Users\Jeremy\Documents\Visual Studio 2015\Projects\WebAPIOAuth\src\WebAPIOAuth\bin\x64\Debug\net462\WebAPIOAuth.exe.Config
LOG: Using host configuration file:
LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
LOG: Attempting download of new URL file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/Microsoft.AspNetCore.DataProtection.DLL.
WRN: Comparing the assembly name resulted in the mismatch: Minor Version
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.

Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver: Warning: Key {202ee535-372b-4c59-859a-bb976d2b76aa} is ineligible to be the default key because its CreateEncryptorInstance method failed.

System.IO.FileLoadException: Could not load file or assembly 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
File name: 'Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean loadTypeFromPartialName)
at System.RuntimeType.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark)
at System.Type.GetType(String typeName, Boolean throwOnError)
at Microsoft.AspNetCore.DataProtection.SimpleActivator.CreateInstance(Type expectedBaseType, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.ActivatorExtensions.CreateInstance[T](IActivator activator, String implementationTypeName)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.b__0()
at System.Lazy1.CreateValue() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Lazy1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key)

=== Pre-bind state information ===
LOG: DisplayName = Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
(Fully-specified)
LOG: Appbase = file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/
LOG: Initial PrivatePath = NULL
Calling assembly : Microsoft.AspNetCore.DataProtection, Version=1.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60.

LOG: This bind starts in default load context.
LOG: Using application configuration file: C:\Users\Jeremy\Documents\Visual Studio 2015\Projects\WebAPIOAuth\src\WebAPIOAuth\bin\x64\Debug\net462\WebAPIOAuth.exe.Config
LOG: Using host configuration file:
LOG: Using machine configuration file from C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: Microsoft.AspNetCore.DataProtection, Version=1.0.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60
LOG: Attempting download of new URL file:///C:/Users/Jeremy/Documents/Visual Studio 2015/Projects/WebAPIOAuth/src/WebAPIOAuth/bin/x64/Debug/net462/Microsoft.AspNetCore.DataProtection.DLL.
WRN: Comparing the assembly name resulted in the mismatch: Minor Version
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.

Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager: Information: Creating key {096d9559-fd7d-49ea-9317-f0a263e67853} with creation date 2017-02-06 16:21:12Z, activation date 2017-02-06 16:21:12Z, and expiration date 2017-05-07 16:21:12Z.
Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository: Information: Writing data to file 'C:\Users\Jeremy\AppData\Local\ASP.NET\DataProtection-Keys\key-096d9559-fd7d-49ea-9317-f0a263e67853.xml'.
'WebAPIOAuth.exe' (CLR v4.0.30319: WebAPIOAuth.exe): Loaded 'C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Text.Encoding\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Text.Encoding.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
'WebAPIOAuth.exe' (CLR v4.0.30319: WebAPIOAuth.exe): Loaded 'C:\Users\Jeremy\Documents\Visual Studio 2015\Projects\WebAPIOAuth\src\WebAPIOAuth\bin\x64\Debug\net462\System.Runtime.CompilerServices.Unsafe.dll'. Module was built without symbols.
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware: Information: AuthenticationScheme: OpenIdConnect was challenged.
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware: Information: AuthenticationScheme: Cookies was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Information: Executed action WebAPIOAuth.Controllers.ValuesController.Get (WebAPIOAuth) in 1497.4322ms
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request finished in 1972.5147ms 401
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request starting HTTP/1.1 GET http://localhost:21744/favicon.ico
Microsoft.AspNetCore.Hosting.Internal.WebHost: Information: Request finished in 7.4236ms 404

[blowdart]

@pakrym

[snickler]

My Configure Method in Startup.cs;

   public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
      {
          
              loggerFactory.AddConsole(Configuration.GetSection("Logging"));
              loggerFactory.AddDebug();


              app.UseCookieAuthentication(new CookieAuthenticationOptions
              {
                  AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
                  AutomaticAuthenticate = true,
                  AutomaticChallenge = true,
                  // The default setting for cookie expiration is 14 days. SlidingExpiration is set to true by default
                  ExpireTimeSpan = TimeSpan.FromHours(1),
                  SlidingExpiration = true
              });

              app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
              {
                  ClientId = "client",
                  ClientSecret = "secret", // for code flow
                  CallbackPath = "/",
                  Authority = "https://myserver.domain/realm",
                  ResponseType = OpenIdConnectResponseType.Code,
                  SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
                  GetClaimsFromUserInfoEndpoint = true
              });


              app.UseJwtBearerAuthentication(new JwtBearerOptions
              {
                  AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
                  Audience = "https://myserver.domain/realm",
                  AutomaticAuthenticate = true,
                  AutomaticChallenge = true,
                  Authority = "https://myserver.domain/realm"
              });


              app.UseMvc();
          }

[Tratcher]

Not directly related:
Update all dependencies to 1.1.
See #1062 reguarding using JwtBearer and OpenIdConnect together.

[pakrym]

It's the same issues as aspnet/DataProtection#187 we are thinking about a better solution but for now you can try adding a binding redirect from Microsoft.AspNetCore.DataProtection 1.0.0.0 to 1.1.0.0 to make it work

[snickler]

@Tratcher - This happened WHEN I updated everything to 1.1. I was just trying to see what would happen if I just left certain things on 1.1 and left Kestrel on 1.0.2. If I downgrade everything back to 1.0.2/1.0.1, it all works again. I also even tried getting rid of the JwtBearer all together and solely leaving OpenIDConnect. I get the same thing.

[snickler]

@pakrym - I'll try that out and see if it works.

[snickler]

@Tratcher, I see what you mean now after re-reading #1062. I'll try that out. @pakrym, by itself the bindingredirect "worked" as in no more errors, but I think I'm going to have to integrate what @Tratcher directed me to in order for the flow to kick off.

[snickler]

@Tratcher - I went ahead and updated everything to the 1.1, set AutomaticChallenge to false for the Jwt and Cookie middleware and left it default for OpenIDconnect. After doing that, I needed to add in services.AddDataProtection() and services.AddWebEncoders, then the

            services.AddAuthorization(options =>
            {
                options.DefaultPolicy = new AuthorizationPolicyBuilder("Identity.Application").RequireAuthenticatedUser().Build();
            });       

Now I see:

System.InvalidOperationException: No authentication handler is configured to authenticate for the scheme: Identity.Application
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Http.Authentication.AuthenticationManager.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.<Invoke>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext()

If I change the AuthorizationPolicyBuilder to a blank constructor, I'm back to the original error from this issue.

Is there something I'm missing?

[Tratcher]

You're not using Identity, replace "Identity.Application" with CookieAuthenticationDefaults.AuthenticationScheme

[snickler]

@Tratcher - So, I did notice that I set a custom AuthenticationScheme on the CookieAuthenticationOptions that was set to CookieAuthenticationDefaults.AuthenticationScheme. I changed the variable constructor parameter in the AuthorizationPolicyBuilder to be the same scheme. All that did was try to log me in to Forms Auth. I then decided to change it to OpenIdConnectDefaults.AuthenticationScheme and I'm back to the first error.

[snickler]

Yup. I can access it directly in the browser. That's why I thought it was weird I was receiving this error. As I noted above, when everything is on version 1.0.2/1.0.1, it works flawlessly. It's only with the 1.1 libraries that I'm receiving this error.

[Tratcher]

Follow up on aspnet/DataProtection#187

[snickler]

Hmm @Tratcher ..... So I was able to get the flow working with a combination of having everything on the 1.1 libraries, EXCEPT for Kestrel. The first time I tried this, I forgot that I also downgraded the IISIntegration package to 1.0.1 and I downgraded Kestrel to 1.0.2. With both the IISIntegration and Kestel package downgraded to 1.0.2 and 1.0.1 and everything else on 1.1, no flows occur and also no errors. This time, I simply just downgraded Kestrel to 1.0.2 while including the bindingRedirect that @pakrym suggested and adding in the services.AddWebEncoders() and services.AddDataProtection(); lines. Now I get redirected to my OpenID provider when I debug and no policies are needed.

[snickler]

Actually.. The more I'm testing, the whole issue was with both Kestrel and IISIntegration packages downgraded from 1.1. I removed the AddWebEncoders and AddDataProtection methods and it still works. O_o

[mikeesouth]

I'm also having this problem and I'm not sure if and how the above discussions affects me since I'm not using app.UseOpenIdConnectAuthentication(), app.UseCookieAuthentication() or even services.AddAuthorization(). I'm using the auth0 framework for authentication (auth0.com). It has a guide for .NET Core Web API authentication here: ASP.NET Core Web API Authentication. The auth0 framework may internally call OpenIdConnect() and/or services.AddAuthorization() - I haven't checked that yet. The only code auth0 requires according to the .NET Core 1.0.0 guide is this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    var options = new JwtBearerOptions
    {
        Audience = Configuration["auth0:clientId"],
        Authority = $"https://{Configuration["auth0:domain"]}/"
    };
    app.UseJwtBearerAuthentication(options);

    app.UseMvc();
}

When upgrading Kestrel from 1.0.0 to 1.1.0 I get this error 100% of the time:

System.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://mydomain.eu.auth0.com/.well-known/openid
-configuration'.

I've posted an issue about this in the Kestrel repo but since this post targets the same error I thought I would post here as well. aspnet/KestrelHttpServer#1352

[Tratcher]

Are any of you targeting .NET 4.6? We've had several issues with System.Net.Http on 4.6.

Some of the dependency chains involved:
Kestrel -> Hosting -> DiagnosticSource
OIDC -> Authentication -> System.Net.Http -> DiagnosticSource

[snickler]

@Tratcher - Yeah, the DiagnosticSource issue came up on my .NET 4.6.2 targeted project. Kestrel still blows up on .netcoreapp also.

[Eilon]

@snickler we've definitely seen a few issues around this but so far nothing we've seen is exactly the same as what you're running into.

Would it be possible for you to upload a sample repro to GitHub so that we can debug it?

[snickler]

@Eilon @Tratcher - I think my issue was a mix of different ones.

• The Kestrel 1.1 is definitely one that breaks with the OpenId metadata file for me. Downgrading to the latest 1.0.x build fixes that
• The Data protection error was because I also downgraded the Microsoft.AspNetCore.Server.IISIntegration with Kestrel by accident and not realizing it. Upgrading Microsoft.AspNetCore.Server.IISIntegration to the 1.1 build fixes that

Now the big issue I've been seeing lately is one with the CallbackPath in the OpenIdConnectOptions. Before, I had it set to some random controller, but I want the call back to be the root web application path.

Setting CallBackPath="/" results in an unhandled exception;

Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__5.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler+d__15.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__18.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__18.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__18.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__18.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()

The weird thing is that if I set CallBackPath="//" it works without issue. I can consistently make this happen.

[Tratcher]

That's not what CallbackPath is for. CallbackPath should point to a unique address and the middleware will handle those requests, it should not be pointed at an MVC controller or app root. I recommend keeping the default value "/signin-oidc".

[snickler]

Gotcha. That's good to know. So ill have to make some /signin-oidc endpoint then? Or will it automatically deal with it?

[snickler]

Also, what is the reason behind keeping the CallBackPath a relative path instead of allowing for external urls?

[Tratcher]

The CallbackPath is the address where the middleware performs all it's auth work internally. I think the field you're actually looking for is the one used to specify the address to return to after auth is complete, correct? The default return address is the one that initially issued the challenge. If you want to override that you can do it in the challenge call. See https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/OrganizationalAuth/Single/Common/Controllers/AccountController.cs#L19-L20

[snickler]

Yeah. I was essentially looking for modifying the redirecturi that gets passed to the IdP as a query string parameter when a challenge kicks off.

[jjvainav]

I just ran into a similar error (see below), adding the Microsoft.ApplicationInsights.AspNetCore v2.0.0 package fixed it for me. I haven't dug into why this fixed it but hopefully this helps.

FileLoadException: Could not load file or assembly 'System.Diagnostics.DiagnosticSource, Version=4.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
System.Net.Http.WinHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
IOException: IDX10804: Unable to retrieve document from: 'http://localhost:5000/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+d__8.MoveNext()
InvalidOperationException: IDX10803: Unable to obtain configuration from: 'http://localhost:5000/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.ConfigurationManager+d__24.MoveNext()

[snickler]

@jjvainav - Are you using ApplicationInsights? Are you on v1.1 of all libraries?

[Tratcher]

This appears to be an issue caused by the System.Net.Http 4.3.0 package and should be fixed in the System.Net.Http 4.3.1 package. Can you try referencing that directly?

[Eilon]

To those affected, please try adding a reference to this fixed NuGet package: https://www.nuget.org/packages/System.Net.Http/4.3.1

We believe that this will fix the issue you are seeing.

Please let us know if you updated to that version and it doesn't work. If you're still seeing issues, please share your CSPROJ or project.json file so that we can investigate further.

[snickler]

I honestly don't know what's changed as I haven't touched the original project I had the issues with, but upgrading Kestrel back to 1.1 doesn't give me the metadata errors anymore.

The only thing I can think of is that I did update my VS2017 and installed .NET Core 1.0.3 at some point after I got this working. I don't know exactly what made it work again and I'm fully grasping at straws for trying to figure out how I blew this up in the beginning. It could have had to do with some weirdness in my applicationhost.config in regards to https endpoints or something. I don't know.

One thing I DO know for sure is that the CallBackPath="/" issue that I encountered ONLY occurs from the root url. If you access any other url that happens to initiate a challenge, it will work. I do remember changing some of the launchSettings so that the launchUrl was the root path, rather than a direct controller path.

For reference, here's both my project.json and Startup.cs

Project.json:

{


  "dependencies": {
    "Microsoft.AspNetCore.Authentication": "1.1.0",
    "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0",
    "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0",
    "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0",
    "Microsoft.AspNetCore.Mvc": "1.1.1",
    "Microsoft.AspNetCore.Routing": "1.1.0",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0",
    "Microsoft.AspNetCore.Server.Kestrel": "1.1.0",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.1.0",
    "Microsoft.Extensions.Configuration.Json": "1.1.0",
    "Microsoft.Extensions.Logging": "1.1.0",
    "Microsoft.Extensions.Logging.Console": "1.1.0",
    "Microsoft.Extensions.Logging.Debug": "1.1.0",
    "Microsoft.Extensions.Options.ConfigurationExtensions": "1.1.0"
  },

  "tools": {
    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.1.0-preview4-final"
  },

  "frameworks": {
    "net462": { }
  },

  "buildOptions": {
    "emitEntryPoint": true,
    "preserveCompilationContext": true
  },

  "publishOptions": {
    "include": [
      "wwwroot",
      "**/*.cshtml",
      "appsettings.json",
      "web.config"
    ]
  },

  "scripts": {
    "prepublish": [ "bower install", "dotnet bundle" ],
    "postpublish": [ "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%" ]
  }
}

Startup.cs

      public Startup(IHostingEnvironment env)
        {
            var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);

            if (env.IsDevelopment())
            {
                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
            
            }

            builder.AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        public IConfigurationRoot Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();
            services.AddAuthentication();

            // Add framework services.
            services.AddAuthorization();
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();


            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
                AutomaticAuthenticate = true,
                AutomaticChallenge = false,
                // The default setting for cookie expiration is 14 days. SlidingExpiration is set to true by default
                ExpireTimeSpan = TimeSpan.FromHours(1),
                SlidingExpiration = true
            });


            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
            {

                ClientId = "XXXXXX",
                ClientSecret = "XXXXXX", // for code flow
                CallbackPath = "/",
                Authority = "XXXXXX",
                AutomaticChallenge = true,
                ResponseType = OpenIdConnectResponseType.Code,
                SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
                GetClaimsFromUserInfoEndpoint = true
            });


            app.UseJwtBearerAuthentication(new JwtBearerOptions
            {
                AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
                Audience = "XXXXXX",
                AutomaticAuthenticate = true,
                AutomaticChallenge = false,
                Authority = "XXXXXX"
            });


            app.UseMvc();
        }

[Tratcher]

That's the wrong value for CallbackPath, see my comments above.

[snickler]

I know. I just happened go figure out the condition in which it works. I wondered what I changed to make that error message appear, and it only occurs when accessing the web root. It won't happen if you're accessing another relative url.

[jjvainav]

@snickler - I am on v1.1 for all the libraries and ran into the issue while removing the ApplicationInsights package as I wasn't using it for the project.

@Eilon - Adding the System.Net.Http v4.3.1 package fixed the issue.

[snickler]

Awesome! That must mean I may have had a package that used an older version of the Http library at some point? Who knows. I think this can be closed if anyone else was able to resolve this problem by using the updated Http library. I know I’m not receiving this issue anymore, at least. Thanks for all the help guys! I truly appreciate it (especially dealing with my 9,000 replies)

[Eilon]

That sounds great, thanks everyone!