X-MS-TOKEN-AAD-ACCESS-TOKEN token is missing in request headers

Denis Minchuk 6 Reputation points
2022-11-10T12:16:09.303+00:00

I have an App Service in Azure with Authentication enabled with Microsoft Identity Provider with the following settings:

259115-image.png

I have code in startup to use custom middleware to process headers with access token and prepare claims for authorization purposes: 

public void ConfigureServices(IServiceCollection services)  
{  
  ....  
  services.AddTransient<CustomAuthenticationMiddleware>();  
  services.AddAuthorization();  
}  
  
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {  
   ...  
   app.UseAuthentication();  
   app.UseCustomAuthenticationMiddleware();  
   app.UseAuthorization();  
}  
  
public static IApplicationBuilder UseCustomAuthenticationMiddleware(this IApplicationBuilder builder)  
{  
   return builder.UseMiddleware<CustomAuthenticationMiddleware>();  
}  


public class CustomAuthenticationMiddleware  
{  
   private readonly RequestDelegate _next;  
  
   public CustomAuthenticationMiddleware(RequestDelegate next)  
   {  
      _next = next;  
   }  
  
   public async Task InvokeAsync(HttpContext context)  
   {  
      const string tokenHeaderName = "X-MS-TOKEN-AAD-ACCESS-TOKEN";  
      if (context.Request.Headers.TryGetValue(tokenHeaderName, out StringValues value))  
      {  
         ... Parse token, and set context.User  
      }  
  
      await _next(context);  
   }

It worked perfectly, but the behavior changed recently, this header is not attached to the request after some after login has passed. If I clear cookie and refresh the page everything is working again for some time. There were no changes in environment related to authentication so it is not obvious to me why it was working before and stopped working as intended.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,907 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Sass 7 Reputation points
    2022-11-23T16:27:31.4+00:00

    We had this exact same issue since 2022/11/02, but it only affected the extra slots of our App Services (plural).

    It looks like the extra slots were set to use the v2 endpoint of Azure AD STS, while the main slots were using the non-v2 endpoint. After we set the slots back to v1 they started to work again.

    Odd.

    I hope this helps!

    0 comments