IdentityServer4 with Asp.Net Identity and External Authentication fails to sign out - asp.net-core-1.0

Steps to reproduce:
Download the asp.net identity quickstart:
https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev/Quickstarts/6_AspNetIdentity
2.Add google authentication nuget package
Configure Google Authentication:
3a. In Startup.cs, ConfigureServices method:
services.AddIdentity<ApplicationUser, IdentityRole>(x=> { x.Cookies.ExternalCookie.AuthenticationScheme = "Google"; })
3b. In Startup.cs, Configure method:
app.UseIdentity();
app.UseIdentityServer();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
AutomaticAuthenticate = false,
AutomaticChallenge = false
});
app.UseGoogleAuthentication(new GoogleOptions
{
AuthenticationScheme = "Google",
SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
ClientId = "your client id",
ClientSecret = "your client secret"
});
Launch identity server and the mvc client. You should be able to login with google and register. Click the Logout button and you get the below error:
Specified method is not supported.
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleSignOutAsync(SignOutContext context) at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.d__63.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.d__14.MoveNext()
Any ideas on what could be wrong? Github issue here: https://github.com/IdentityServer/IdentityServer4/issues/530

Related

Net Core application not reading ASPNETCORE_ENVIRONMENT value?

I deployed an ASP.NET Core 7 application to Linux Web Application in Azure.
When I access the URL I get an Application Error and the Logs shows:
System.IO.FileNotFoundException:
The configuration file 'settings..json' was not found and is not optional.
It seems it is missing the Environment value so it should be:
settings.production.json
In the Azure Application Service Configuration I have:
[
{
"name": "ASPNETCORE_ENVIRONMENT",
"value": "production",
"slotSetting": false
}
]
And the application Program.cs code is:
Serilog.Log.Logger = new
Serilog.LoggerConfiguration()
.WriteTo.Console(LogEventLevel.Verbose)
.CreateBootstrapLogger();
try {
Serilog.Log.Information("Starting up");
WebApplicationBuilder builder = WebApplication.CreateBuilder(new WebApplicationOptions {
Args = args,
WebRootPath = "webroot"
});
builder.Configuration
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json", false, true)
.AddJsonFile($"settings.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json", false, true)
.AddEnvironmentVariables();
// Remaining code
Am I doing something wrong or something change in Net 7?
In short, this problem occurs because the settings.production.json file was not included at the time of release.
We can verify this by uploading the 'settings.production.json' file to the scm site. The URL is https://your_appname_azurewebsites.net/newui .
Solution:
Official doc : Include files
Sample: Use ResolvedFileToPublish in ItemGroup

Net7 JWT Null Reference when publishing Blazor WASM Project?

so I've been working in the Net7 preview and have been trying to deploy a WASM project with identity and authentication which works fine locally. When I deploy the website 500s and digging into some of the logs, I get:
2022-11-07T13:42:28.854805951Z fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3]
2022-11-07T13:42:28.854856853Z Exception occurred while processing message.
2022-11-07T13:42:28.854865053Z System.NullReferenceException: Object reference not set to an instance of an object.
2022-11-07T13:42:28.856255318Z at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(MessageReceivedContext messageReceivedContext)
2022-11-07T13:42:28.856286120Z at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
In my Program.cs I have
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
builder.Services.AddAuthentication()
.AddIdentityServerJwt()
.AddJwtBearer()
.AddGoogle(googleOptions =>
{
googleOptions.ClientId = builder.Configuration["Authentication:Google:ClientId"];
googleOptions.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
});
builder.Services.AddControllersWithViews();
builder.Services.AddRazorPages();
builder.Services.AddHttpContextAccessor();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseMigrationsEndPoint();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapControllers();
app.MapFallbackToFile("index.html");
app.Run();
I've been trying to follow different Duende guides but even when I eventually get it to run locally, I still get the same error. I've tried removing the JWT lines in AddAuthentication() and that also did not seem to help.
You need to have on your appsettings.json
"IdentityServer": {
"Key": {
"Type": "Development"
} },
Change the type to the correct one.

Azure 500 error on a Blazor Wasm Hosted with Authentication

I am at a complete loss here. I have a Blazor WASM Hosted running .net5 which has been deployed to Azure App Services. When there was no Database there was no problem deploying to Azure. It loaded and ran as expected. I have since installed Identity and a DBContext. Everything builds locally and runs properly with a local SQL instance.
On Azure, I have created a new SQLServer as well as a SQL database. On the SQL Database Firewall Settings i have "Allow Azure Services and resources to access this server" as well as a Rule for my client IP (not the IP for the Azure App).
For the App Service in Configuration i have a ConnectionString named DefaultConnection (same as in appsettings.json) with the same connection string as the SQLDatabase provides, source AppConfig, Type SqlAzure
I am publishing to Azure using the VS2019 Publish on the Server project (the startup project). I chose Target to be Azure -> Azure App Sevices (Windows) and my instance name. Configuration is Release, Target Framework net5.0, DeploymentMode Framework-dependent, Target runtime Portable.
The Service Dependencies is set to AzureSqlDatabase which uses the ConnectionName DefaultConnection, Username and Password are the Admin UserPassword setup for the SQL Server created on Azure and the SaveConnectionStringValue is Azure App Settings. (This auto populates the App Services Configuration ConnectionString described above.
When I click publish I see in the output that all publishes correctly:
Publish Succeeded.
Web App was published successfully http://bbqfriend.azurewebsites.net/
========== Build: 1 succeeded, 0 failed, 6 up-to-date, 0 skipped ==========
========== Publish: 1 succeeded, 0 failed, 0 skipped ==========
Installation of Web App Site extension Microsoft.AspNetCore.AzureAppServices.SiteExtension is in progress...
Restarting the Web App...
Successfully installed Web App extension Microsoft.AspNetCore.AzureAppServices.SiteExtension
Successfully restarted Web App.
However when the page launches, It shows a 500 Error.
If I go back to the Publish and Edit the settings - Database - DefaultConnection and Check the Use this Connection string at runtime selecting the connectionstring configured in the ServiceDependencies as well as the EntityFrameworkMigrations DataContext Apply This Migrations on publish. When I publish that profile it will do the migrations as well as the Seeds I have defined within the DataContext OnModelCreating override
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
#region Identity Seed
modelBuilder.ApplyConfiguration(new ApplicationUserConfiguration());
modelBuilder.ApplyConfiguration(new IdentityRoleConfiguration());
modelBuilder.ApplyConfiguration(new IdentityUserRoleConfiguration());
#endregion
//modelBuilder.ApplyConfiguration(new CountryConfiguration());
}
So I know the connection string is correct and there is a Database with the proper model and seeded data. Why am I getting a 500?!?
Here is my appsettings.json in the Server project
{
"ConnectionStrings": {
"DefaultConnection": "Server=.;Database={DatabaseName};Trusted_Connection=True;MultipleActiveResultSets=true"
},
"IdentityServer": {
"Clients": {
"XXXX.Client": {
"Profile": "IdentityServerSPA"
}
}
},
"Serilog": {
"Using": [ "Serilog.Sinks.MSSqlServer" ],
"MinimumLevel": {
"Default": "Information",
"Override": {
"Microsoft": "Warning",
"Microsoft.AspNetCore": "Warning",
"Microsoft.AspNetCore.Authorization.DefaultAuthorizationService": "Warning",
"Microsoft.EntityFrameworkCore": "Warning",
"System": "Warning",
"System.Net.Http.HttpClient*": "Warning",
"IdentityServer4": "Warning",
"Serilog.AspNetCore": "Warning"
}
},
"WriteTo": [
{
"Name": "MSSqlServer",
"Args": {
"connectionString": "DefaultConnection",
"sinkOptionsSection": {
"tableName": "Logs"
},
"columnOptionsSection": {
"additionalColumns": [
{
"ColumnName": "InstanceId"
},
{
"ColumnName": "Origin"
},
{
"ColumnName": "SourceContext"
},
{
"ColumnName": "UserId"
},
{
"ColumnName": "Username"
}
],
"excludeAdditionalProperties": true
}
}
}
]
},
"AllowedHosts": "*"
}
Here is the Startup.cs for the Server project
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
//Register the Datacontext and Connection String
services.AddDbContext<DataContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDatabaseDeveloperPageExceptionFilter();
//Sets up the default Asp.net core Identity Screens - Use Identity Scaffolding to override defaults
services.AddDefaultIdentity<ApplicationUser>( options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireUppercase = true;
options.Password.RequiredUniqueChars = 0;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequiredLength = 8;
options.User.RequireUniqueEmail = true;
})
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<DataContext>();
//Associates the User to Context with Identity
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, DataContext>( options =>
{
options.IdentityResources["openid"].UserClaims.Add(JwtClaimTypes.Role);
options.ApiResources.Single().UserClaims.Add(JwtClaimTypes.Role);
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove(JwtClaimTypes.Role);
//Adds authentication handler
services.AddAuthentication().AddIdentityServerJwt();
//Register Repositories for Dependency Injection
services.AddScoped<ICountryRepository, CountryRepository>();
services.AddControllersWithViews();
services.AddRazorPages();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, DataContext dataContext)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseMigrationsEndPoint();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
//AutoMigrates data
//dataContext.Database.Migrate();
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseSerilogIngestion();
app.UseSerilogRequestLogging();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapFallbackToFile("index.html");
});
}
}
Here is the Program.cs for the Server project
public class Program
{
public static void Main(string[] args)
{
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json")
.Build();
Log.Logger = new LoggerConfiguration()
.ReadFrom.Configuration(configuration)
.Enrich.WithProperty("InstanceId", Guid.NewGuid())
.Enrich.WithProperty("Origin", "Server")
.CreateLogger();
try
{
Log.Information("Starting up");
CreateHostBuilder(args).Build().Run();
}
catch (Exception ex)
{
Log.Fatal(ex, "Application start-up failed");
}
finally
{
Log.CloseAndFlush();
}
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.UseSerilog()
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
Here is the Program.cs for the Client project
public static async Task Main(string[] args)
{
//Serilog
var levelSwitch = new LoggingLevelSwitch();
Log.Logger = new LoggerConfiguration()
.MinimumLevel.ControlledBy(levelSwitch)
.Enrich.WithProperty("InstanceId", Guid.NewGuid())
.Enrich.FromLogContext()
.WriteTo.BrowserHttp(controlLevelSwitch: levelSwitch)
.CreateLogger();
Log.ForContext<Program>().Information("Client has started");
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("#app");
builder.Services.AddLogging(logging =>
{
logging.ClearProviders();
logging.AddSerilog(dispose: true);
});
builder.Services.AddHttpClient("XXX.ServerAPI", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
// Supply HttpClient instances that include access tokens when making requests to the server project
builder.Services.AddTransient(sp =>
sp.GetRequiredService<IHttpClientFactory>()
.CreateClient("XXXX.ServerAPI"));
builder.Services.AddApiAuthorization()
.AddAccountClaimsPrincipalFactory<RolesClaimsPrincipalFactory>();
//Register Services
var baseAddress = new Uri($"{builder.HostEnvironment.BaseAddress}api/");
void RegisterTypedClient<TClient, TImplementation>(Uri apiBaseUrl)
where TClient : class where TImplementation : class, TClient
{
builder.Services.AddHttpClient<TClient, TImplementation>(client => client.BaseAddress = apiBaseUrl)
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
}
RegisterTypedClient<ICountryService, CountryService>(baseAddress);
await builder.Build().RunAsync();
}
I do have Serilog configured and it looks to be working as well. Here are the error messages I am seeing during the Server Launch
System.InvalidOperationException: Startup assembly Microsoft.ApplicationInsights.StartupBootstrapper failed to execute. See the inner exception for more details.
---> System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.ApplicationInsights.StartupBootstrapper, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.
File name: 'Microsoft.ApplicationInsights.StartupBootstrapper, Culture=neutral, PublicKeyToken=null'
at System.Reflection.RuntimeAssembly.InternalLoad(ObjectHandleOnStack assemblyName, ObjectHandleOnStack requestingAssembly, StackCrawlMarkHandle stackMark, Boolean throwOnFileNotFound, ObjectHandleOnStack assemblyLoadContext, ObjectHandleOnStack retAssembly)
at System.Reflection.RuntimeAssembly.InternalLoad(AssemblyName assemblyName, RuntimeAssembly requestingAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, AssemblyLoadContext assemblyLoadContext)
at System.Reflection.Assembly.Load(AssemblyName assemblyRef)
at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.ExecuteHostingStartups()
--- End of inner exception stack trace ---
and
System.InvalidOperationException: Startup assembly DiagnosticServices.HostingStartup failed to execute. See the inner exception for more details.
---> System.IO.FileNotFoundException: Could not load file or assembly 'DiagnosticServices.HostingStartup, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.
File name: 'DiagnosticServices.HostingStartup, Culture=neutral, PublicKeyToken=null'
at System.Reflection.RuntimeAssembly.InternalLoad(ObjectHandleOnStack assemblyName, ObjectHandleOnStack requestingAssembly, StackCrawlMarkHandle stackMark, Boolean throwOnFileNotFound, ObjectHandleOnStack assemblyLoadContext, ObjectHandleOnStack retAssembly)
at System.Reflection.RuntimeAssembly.InternalLoad(AssemblyName assemblyName, RuntimeAssembly requestingAssembly, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, AssemblyLoadContext assemblyLoadContext)
at System.Reflection.Assembly.Load(AssemblyName assemblyRef)
at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.ExecuteHostingStartups()
--- End of inner exception stack trace ---
UPDATE
I am able to replicate the above error messages and they are logged into the Database via Serilog.
So we can see the "Starting up" from the Server Program.cs Main method (above) and the next entry is from the EntityFramework Model Validation. Then comes the errors. I can see the Namespace as Microsoft.AspNetCore.Hosting.Diagnostics as the source of the exception.
I attempted to add a Nuget reference but that did nothing
I attempted to add a reference to added services.AddApplicationInsightsTelemetry(); to the Server Startup.cs ConfigureServices and the ApplicationInsights InstrumentationKey to the appsettings.json (which already existed within Azure as a Variable) but that did nothing
I added a reference to and added
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.UseSerilog()
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>().UseAzureAppServices();
});
as per a workaround found here https://github.com/dotnet/extensions/issues/2566 which did not help
Update Day 2
Adding more information as I am still getting the same exceptions. Im curious if this is a compatibility issue between versions. My application is .net5 and running on Azure using .net5 early access.
Here are my Nuget packages for the Server Project
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="5.0.1" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="5.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="5.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="5.0.1" />
<PackageReference Include="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="5.0.1" />
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="5.0.1" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="5.0.1">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Extensions.Configuration" Version="5.0.0" />
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="5.0.1" />
<PackageReference Include="Serilog.AspNetCore" Version="3.4.0" />
<PackageReference Include="Serilog.AspNetCore.Ingestion" Version="1.0.0-dev-00012" />
<PackageReference Include="Serilog.Settings.Configuration" Version="3.1.0" />
<PackageReference Include="Serilog.Sinks.MSSqlServer" Version="5.6.0" />
</ItemGroup>
Here are the Nuget Packages for the Client project
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="5.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="5.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="5.0.1" />
<PackageReference Include="Microsoft.Extensions.Http" Version="5.0.0" />
<PackageReference Include="Serilog.Extensions.Logging" Version="3.0.1" />
<PackageReference Include="Serilog.Sinks.BrowserHttp" Version="1.0.0-dev-00012" />
<PackageReference Include="System.Net.Http.Json" Version="5.0.0" />
</ItemGroup>
I have tried removing Serilog from both the Client and Server projects. I still received a 500.
With Serilog Removed I tried using .UseAzureAppServices() from https://github.com/dotnet/extensions/issues/2566 with no luck as well.
I did notice an additional error messsage
2021-01-06 19:00:38.322 +00:00 [Error] Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware: An unhandled exception has occurred while executing the request.
System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderConfigurationExtensions.<>c.<AddSigningCredentials>b__10_2(IServiceProvider sp)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at ... (removed for post size)
I have been able to isolate this to becoming an issue when I deployed my site as a Blazor WebAssembly Hosted solution. I was able to get a version of my site which was upgraded to .net5 PRE switching from Blazor WebAssembly to Blazor WebAssembly Hosted. The .net5 version was able to be deployed to Azure without issues. When deploying the WebAssembly Hosted version is when I got 500 Errors. So this has to do with deploying a Blazor WebAssembly Hosted solution to Azure.
I also experimented by creating an out of the box Blazor WebAssembly Hosted solution without Authentication and deployed it to Azure. This works with no issues. HOWEVER, when I create an out of the box Blazor WebAssembly Hosted WITH Authentication (individual user accounts stored in app) and deployed it to Azure it fails with 500!
The easiest way to make it work:
Add/set the env variable ASPNETCORE_ENVIRONMENT to Development
...and your Hosted Blazor WASM with Identity will finally work in Azure App Service
If you don't want the easy way above, do these instead:
Generate a self-signed certificated by following this article:
(in the Generating a Self-Signed Certificate section)
https://gavilan.blog/2020/08/18/blazor-using-a-self-signed-certificate-for-identityserver4-in-azure-app-service/
Remember the password you used for the generated certificate.
Place the certificate in your project (e.g. in the server project)
Append these in the appsettings.json file:
Publish the app once again.

Microsoft Chatbot -"There was an error sending this message to your bot: HTTP status code Forbidden" after deploying on Azure

I am building a chatbot on Bot Framework 4 on .NetCore2.2. The chatbot has LUIS, QnA Maker integrated in it and it works perfectly fine locally in Emulator with and without security (Microsoft APP ID/ Password). After I deploy it on Azure using Azure DevOps it gives me the error below:
I have followed the instructions here. It works fine locally but not after deployment on Azure.
Here is my appsetting.json.
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"botFilePath": "nlp-with-dispatch.bot",
"botFileSecret": "",
"MicrosoftAppId": "a8402bb0-3a7a-4727-a2b1-e8012b009732",
"MicrosoftAppPassword": "<password here>",
"QnAKnowledgebaseId": "55c79164-f0f1-4b4e-ab7e-1a5481227683",
"QnAEndpointKey": "<key here>",
"QnAEndpointHostName":
"https://<name>.azurewebsites.net/qnamaker",
"LuisAppId": "44d2cf32-153d-4d57-b5ac-30e34be7faa3",
"LuisAPIKey": "<key here>",
"LuisAPIHostName": "westus",
"AllowedHosts": "*"
}
EDIT 1: I am getting the following in browser console when I try to test from Test in Web Chat.
EDIT 2:
When I add Microsoft APP ID and Password in Emulator when working on localhost, my bot gets Authentication error in Emulator.
EDIT 3: This is the exception I am getting
POST to CivicTheBot failed: POST to the bot's endpoint failed with HTTP status 403 System.Exception at Microsoft.Bot.ChannelConnector.BotAPI.ThrowOnFailedStatusCode
EDIT 4:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Bot.Builder;
using Microsoft.Bot.Builder.BotFramework;
using Microsoft.Bot.Builder.Integration.AspNet.Core;
using Microsoft.Bot.Connector.Authentication;
using Microsoft.Extensions.DependencyInjection;
using IntermediatorBotSample.Middleware;
using Microsoft.Extensions.Configuration;
using Microsoft.Bot.Builder.Core.Extensions;
using System;
using Microsoft.Bot.Builder.TraceExtensions;
namespace Microsoft.BotBuilderSamples
{
public class Startup
{
public IConfiguration Configuration
{
get;
}
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true,
reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json",
optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion
(CompatibilityVersion.Version_2_1);
// Create the Bot Framework Adapter with error handling enabled.
services.AddSingleton<IBotFrameworkHttpAdapter,
AdapterWithErrorHandler>();
// Create the bot services (LUIS, QnA) as a singleton.
services.AddSingleton<IBotServices, BotServices>();
// Create the bot as a transient.
services.AddTransient<IBot, DispatchBot>();
// Create the User state.
services.AddSingleton<UserState>();
services.AddMvc().AddControllersAsServices();
services.AddSingleton(_ => Configuration);
services.AddBot<DispatchBot>(options =>
{
// options.CredentialProvider = new
ConfigurationCredentialProvider(Configuration);
options.Middleware.Add(new CatchExceptionMiddleware<Exception>(async
(context, exception) =>
{
await context.TraceActivityAsync("Bot Exception",
exception);
await context.SendActivityAsync($"Sorry, it looks like
something went wrong: {exception.Message}");
}));
// Handoff middleware
options.Middleware.Add(new HandoffMiddleware(Configuration));
});
services.AddMvc(); // Required Razor pages
}
// This method gets called by the runtime. Use this method to
configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment
env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseBotFramework();
//app.UseHttpsRedirection();
app.UseMvc();
}
}
}

Authentication error using new Pulumi azuread module

I've installed the latest Pulumi azuread module and I have this error when I try a pulumi preview:
Previewing update (int):
Type Name Plan Info
pulumi:pulumi:Stack test-int
└─ azuread:index:Application test 1 error
Diagnostics:
azuread:index:Application (test):
error: Error obtaining Authorization Token from the Azure CLI: Error waiting for the Azure CLI: exit status 1
my index.ts is very basic:
import * as pulumi from "#pulumi/pulumi";
import * as azure from "#pulumi/azure";
import * as azuread from "#pulumi/azuread";
const projectName = pulumi.getProject();
const stack = pulumi.getStack();
const config = new pulumi.Config(projectName);
const baseName = `${projectName}-${stack}`;
const testRg = new azure.core.ResourceGroup(baseName, {
name: baseName
});
const test = new azuread.Application("test", {
availableToOtherTenants: false,
homepage: "https://homepage",
identifierUris: ["https://uri"],
oauth2AllowImplicitFlow: true,
replyUrls: ["https://replyurl"],
type: "webapp/api",
});
Creating resources and AD application with the old module azure.ad works fine.
I have no clue what I am missing now....
EDIT:
index.ts the old way
import * as pulumi from "#pulumi/pulumi";
import * as azure from "#pulumi/azure";
const projectName = pulumi.getProject();
const stack = pulumi.getStack();
const config = new pulumi.Config(projectName);
const baseName = `${projectName}-${stack}`;
const testRg = new azure.core.ResourceGroup(baseName, {
name: baseName
});
const test = new azure.ad.Application("test", {
homepage: "https://homepage",
availableToOtherTenants: false,
identifierUris: ["https://uri"],
oauth2AllowImplicitFlow: true,
replyUrls: ["https://replyurl"]
});
Result of pulumi preview:
Previewing update (int):
Type Name Plan Info
pulumi:pulumi:Stack test-int
+ └─ azure:ad:Application test create 1 warning
Diagnostics:
azure:ad:Application (test):
warning: urn:pulumi:int::test::azure:ad/application:Application::test verification warning: The Azure Active Directory resources have been split out into their own Provider.
Information on migrating to the new AzureAD Provider can be found here: https://terraform.io/docs/providers/azurerm/guides/migrating-to-azuread.html
As such the Azure Active Directory resources within the AzureRM Provider are now deprecated and will be removed in v2.0 of the AzureRM Provider.
Resources:
+ 1 to create
2 unchanged
EDIT 2:
I'm running this on Windows 10:
az cli = 2.0.68
pulumi cli = 0.17.22
#pulumi/azure = 0.19.2
#pulumi/azuread = 0.18.2
#pulumi/pulumi = 0.17.21
Here are my principal permissions for Azure Active Directory Graph:
And the permissions for Microsoft Graph:
I ran into this issue and after hours I realized Fiddler was somehow interfering with the Az CLI running

Resources