DEVHIDE
Login Or Sign up

YARP using OIDC fails to authenticate users, never returns from GetConfigurationAsync

118 Views Asked by At

We are using a .NET proxy based on YARP, to provide OIDC authentication to a backend server (against AzureAD / Entra). We are experiencing issues where after a period (days) the proxy stops authenticating requests, and never returns (ultimately the request is cancelled). Requests to anonymous URLs are always successful.

The output of YARP is always as follows, indicating a hang in GetConfigurationAsync(), which is ultimately aborted by the cancellation token.

      Connection id "0HN0MLLSKT3I6", Request id "0HN0MLLSKT3I6:00000001": An unhandled exception was thrown by the
application.
      System.OperationCanceledException: The operation was canceled.
         at System.Threading.CancellationToken.ThrowOperationCanceledException()
         at System.Threading.SemaphoreSlim.WaitUntilCountOrTimeoutAsync(TaskNode asyncWaiter, Int32 millisecondsTim
eout, CancellationToken cancellationToken)
         at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel
)
         at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(Aut
henticationProperties properties)
         at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(Authenticat
ionProperties properties)
         at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties pro
perties)
         at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String sc
heme, AuthenticationProperties properties)
         at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.c__DisplayClass0_0.g__Handle|0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpAppl
ication`1 application)

This issue is resolved immediately by restarting the proxy.

I have found this somewhat related issue https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2030 which indicates a possible deadlock situation in ConfigurationManager, but with no resolution.

I have also seen GetConfigurationAsync for OpenIdConnectConfiguration returns Object reference not set exception which talks about a possible TLS issue, but that sounds unlikely as it does work initially.

Does anyone have any ideas on what the issue could be, or how to diagnose further?

c# azure-active-directory openid-connect ms-yarp
Original Q&A
0

There are 0 best solutions below

Related Questions in C#

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in OPENID-CONNECT

Related Questions in MS-YARP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.