I have been trying to get a simple self-hosted OWIN WebAPI running from within a legacy Windows Service app. I got it to work without any issues until I tried adding Microsoft Entra ID authentication to it, using Microsoft.Identity.Web.OWIN.
Unfortunately, I am facing an undocumented bug and no amount of Google Search even mentions anything about it, so I'm hoping someone here has faced a similar issue.
The problem I am getting is in my Startup:
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Exception is thrown on next line
OwinTokenAcquirerFactory factory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
app.AddMicrosoftIdentityWebApi(factory);
factory.Build();
}
}
TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>(); is creating a System.NullReference exception. Looking at the stack trace, it hangs on the DefineConfiguration(IConfigurationBuilder builder) method override of the OwinTokenAcquirerFactory when it tries to access HttpContext.Current.Request.PhysicalApplicationPath:
protected override string DefineConfiguration(IConfigurationBuilder builder)
{
_ = builder.AddInMemoryCollection(new Dictionary<string, string>()
{
["AzureAd:Instance"] = EnsureTrailingSlash(ConfigurationManager.AppSettings["ida:Instance"] ?? ConfigurationManager.AppSettings["ida:AADInstance"] ?? "https://login.microsoftonline.com/"),
["AzureAd:ClientId"] = ConfigurationManager.AppSettings["ida:ClientId"],
["AzureAd:TenantId"] = ConfigurationManager.AppSettings["ida:Tenant"] ?? ConfigurationManager.AppSettings["ida:TenantId"],
["AzureAd:Audience"] = ConfigurationManager.AppSettings["ida:Audience"],
["AzureAd:ClientSecret"] = ConfigurationManager.AppSettings["ida:ClientSecret"],
["AzureAd:SignedOutCallbackPath"] = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"],
["AzureAd:RedirectUri"] = ConfigurationManager.AppSettings["ida:RedirectUri"],
});
return HttpContext.Current.Request.PhysicalApplicationPath; //NullReference exception here
}
Note that the startup code is called during the service initialization phase so there is definitely no HttpContext here. I'm surprised this can even work at all in any OWIN Startup methods so I am very confused as to what is going on. This is all following standard documentation on how to use OWIN and AzureAD.
I tried adding a mock HttpContext and it gets me a bit further down the callstack, but it still fails trying to the get Request.PhysicalApplicationPath from it. Am I missing something in my OWIN Self-host setup?
Thank you all, any help will be greatly appreciated