Redirect to localhost address when trying to add account using subscription option

[MikaelPorttila]

Storage Explorer Version: 1.19.0
Build Number: 20210414.2
Platform/OS: Windows 10 LTSC
Architecture: x64
Regression From: 1.18.0

Bug Description

Got redirect to localhost:49158 when trying to add an account using the "Add an account..." button and then select Subscription.
I Selected med Azure account and then i got redirected to https://localhost:49310/?code=

Steps to Reproduce

1. Press "Add an account...", the last button before "Open Explorer".
2. Select Subscription
3. You get redirect to a page where you can select your account
4. Now you are redirected to a localhost page with an error saying:

This site can’t provide a secure connectionlocalhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Expected Experience

To have my account added to Azure Storage Explorer.

Actual Experience

An error page saying
"This site can’t provide a secure connectionlocalhost sent an invalid response.
ERR_SSL_PROTOCOL_ERROR"

Additional Context

I had multiple account setup before the update to 1.19.0, after the update I was logged out from one of the accounts and now i'm trying to add the account again.

[MRayermannMSFT]

@MikaelPorttila what browser are you using? Did you try this at least more or once?

[MikaelPorttila]

@MRayermannMSFT
I was using Brave Version 1.23.71 Chromium: 90.0.4430.72 (Official Build) (64-bit)
I tried this three times in total, twice when i tried the first round and one more time to capture the screenshot

[MRayermannMSFT]

@MikaelPorttila could something about your browser or something else be forcing HTTPS to be used always/no matter what?

When we do sign-in with your browser, the sign-in page redirects to a localhost address/port that our auth library is listening on. HTTP has to be used for that local host address though.

[MRayermannMSFT]

If you can't think of anything that would be causing this, then for now you can change to using integrated sign in. Please read this doc/section "Changing where sign in happens" on how to do that: https://docs.microsoft.com/en-us/azure/storage/common/storage-explorer-sign-in#changing-where-sign-in-happens

[MRayermannMSFT]

I downloaded Brave, and unfortunately wasn't able to reproduce. But it does look like it has some settings which could be making this happen?

For example, connections can be force upgraded on a site by site or global basis.


Perhaps try turning off "upgrade connections to https" either for localhost or just the setting in general? Or maybe using "shields down" for localhost?

[MikaelPorttila]

Hi,
Thank you for troubleshooting this issue!

Tried to turn off the HTTPS and shield for the localhost page but still got redirected to HTTPS by something, I just changed the default browser to Firefox, logged in and changed back to Brave again and this solved all my issues for now and I can continue my work. 👍

Thoughts: Lower/turn off security to allow sign in feels like poor practice, maybe the solution for this issue should be to solve the root issue of using HTTP, one of these days other vendors will take after Brave and redirect to HTTPS and HTTPSEverywhere (Popular Chromium extension) users are in theory also affected.

You can close this issue unless you don't want to handle the case "What if HTTP wasn't an option".

Thank you again for all the help!

[MRayermannMSFT]

@MikaelPorttila awesome, glad to hear you are unblocked. I think MSAL (the auth library) is working on HTTPS support for the localhost redirect in the future, but I don't have a timeline on that. An alternative workaround for you in the future if you need to reauthenticate is to use the "Changing where sign in happens" setting I referenced above. I'll put this in our future milestone for now so we can track this scenario being supported/so others can find this issue. Thanks!

[danielle-carr]

I am also having this issue, with authenticating and re-authenticating. I accidentally created a duplicate ticket (4417). Switching to Integrated Sign-In has allowed me to authenticate.

[lukaswinzenried]

Experienced the same issue in Version 1.19.1 / Build: 20210425.1
switch to [Edit] > [Options[ > [Sign In] > [integrated sign] was a successful workaround

[hoppe42]

I had the same issue and used the same workaround. Could this be related to HSTS?

Options were renamed to Settings on my build

[RCTycooner]

Same issue with Chrome v92.0.4515.131. Just re-installed storage explorer (v1.20.1), same thing.

Above work around works.

[YodasMyDad]

Same problem here. Just switched to integrated sign-in and worked fine.

[hoppe42]

I was able to work around this by going to

chrome://net-internals/#hsts

Delete domain security policies

Entering 'localhost' and clicking delete

[unknowndpi]

Adding comments to both issue numbers in case someone searches it.

Disabling following flag is the solution in MS Edge (tested in version 104) - edge://flags/#edge-automatic-https
Note flag was set to 'default' previously

Cache needs to be cleared otherwise HSTS will report 'localhost' domain with flag dynamic_upgrade_mode: FORCE_HTTPS
You can query HSTS by going to edge://net-internals/#hsts

Alternative workaround is as mentioned previously, change Azure Storage sign-in with setting to Integrated Sign-in

[SignorLuigi]

I had the same issue but changing to Integrated Sign-In solved my problem. (Version 1.27.1)
Edit => Settings => Sign In WIth

[Baryczka]

I had the same issue with current Edge browser 121.0.2277.98 (Official build). I couldn't find option to upgrade HTTP to HTTPS but in flags something mentioned.., However I just paste link into Firefox and it worked. But as SignorLuigi wrote I changed for integrated Sign-in and will see

Also I found SO question with some solutions:
https://stackoverflow.com/questions/69402231/authenticating-my-azure-account-opens-a-localhost-webpage-with-invalid-security