Home > Software design >  Randomly occurring Unable to retrieve document from: '[PII is hidden]'
Randomly occurring Unable to retrieve document from: '[PII is hidden]'

Time:08-03

I came along with so many questions and answers but could not understand or find solution as my case is bit different. I am using Azure with openIdconnect for Active directory authentication (ASP.Net framework 4.6.1)

it has been years it was working fine but a day before yesterday this error occurred for only about 1 hour. error was occurring when trying to do AD authentication.

"

Exception Message: IDX20803: Unable to obtain configuration from: '[PII is hidden]'.
Inner Exception: System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

StackTrace: System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request)."

during this local authentication and remaining whole application was working fine. After 1 hour this issue was automatically resolved. same happened yesterday. issue occurred for 1 hour and resolved automatically.

Other solution are suggesting to modify IdentityModelEventSource.ShowPII = true; But I dont think so it requires code modification. Please guide what can be reason that this happens for only short time. Note: this is happening on only one server all applications on other servers are working fine

CodePudding user response:

Please check if below are causes.

  1. The error usually appears when application's configuration is not able to retrieve the OIDC metadata properly. Please make sure Instance,Domain,TenantId,ClientId are correct.
  2. And Please make sure to use the latest version (or to 4.7.2) of your dot-net framework as few tasks may get to require updated / latest version of “.NET” framework in order for them to work properly.

This error might occur if the application is running on TLS 1.1 or TLS 1.0,as they are depreciated. Use the protocol - TLS 1.2 for application.

In some cases packages maybe defaulting to TLS 1.1 even after that when loading that metadata and may take time to check for the correct one.

To resolve, try to add the following in Global.asax.cs which will allow the openid-configuration to be obtained as it is pointed to tls1.2 or above. Make sure to change the tls to 1.2 in portal also.

protected void Application_Start()
    {
     ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3; //  allow TLSV1.2 and SSL3 only

     //other code 
    }

References:

  1. azure ad enable-support-tls-environment | microsoft docs
  2. Error: Unable to retrieve document from: 'https://login.microsoftonline.com/.well-known/openid-configuration'- Microsoft Q&A

CodePudding user response:

Thank you friend I applied two things IdentityModelEventSource.ShowPII = true and other System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; and it worked

  • Related