Recently, I came across an interesting problem. Whenever we run my ASP.NET Core application in Development environment, I get the below exception.
Details about the setup:
The below template was used:
Angular project template with ASP.NET core - https://docs.microsoft.com/en-us/aspnet/core/client-side/spa/angular?view=aspnetcore-2.2&tabs=visual-studio along with AAD integration.
When we publish this application in Azure App Service, it works fine. But when we run the same application in Visual Studio, it fails with the below error.
An unhandled exception occurred while processing the request. |
It took almost a whole day for me to narrow down the problem:
- The AAD auth settings and configurations both in the azure portal as well as the app is correct.
- The auth flow is same between the working and non-working scenarios.
- We compared the headers, cookies, tokens etc. very closely between working and non-working cases and nothing is different.
- We captured the log statement from the .net core and har file and cookie sent and received are all the same.
- The concerning error was misleading “The server returned an invalid or unrecognized response.”, digging further we identified it was actually a HTTP 400 error underneath.
Sample log file:
Host: localhost:44341
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
upgrade-insecure-requests: 1
MS-ASPNETCORE-TOKEN: c34057dc-48b2-408b-ab2d-c4c768ebecc7
X-Forwarded-For: [::1]:54863
X-Forwarded-Proto: https
X-P2P-PeerDist: Version=1.1
X-P2P-PeerDistEx: MinContentInformation=1.0, MaxContentInformation=2.0
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44341/
LoggingConnectionAdapter:Debug: WriteAsync[101] 48 54 54 50 2F 31 2E 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 30 33 20 41 70 72 20 32 30 31 39 20 31 39 3A 35 30 3A 32 37 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 4B 65 73 74 72 65 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 30 0D 0A 0D 0A
HTTP/1.1 400 Bad Request
Date: Wed, 03 Apr 2019 19:50:27 GMT
Server: Kestrel
Content-Length: 0
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 1046.4958ms 400
The actual issue:
We identified that, in development, requests are proxied to the Angular development server that gets started as a background process which is a Node.JS server which has a header limit of ~8kb. Hence, it is failing with 400 error.
Recommendation:
- So, if you want to use AAD auth in development environment you’re going to need to slim down the cookie, likely by filtering out unneeded claims. There’re some related docs here:
- Also, we can install latest Nodejs that supports increasing the header size.
Refer: https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md
Note: This issue impacts any project template that uses the following.
ASP.NET core + Angular + AAD (OAuth)
ASP.NET core + React + AAD (OAuth)
Updated Aug 24, 2019
Version 3.0Praveen_Kumar_M
Microsoft
Joined February 11, 2019
IIS Support Blog
Follow this blog board to get notified when there's new activity