This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 15%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Hello.
All of a sudden I am no longer able to log into my ASP.NET web api on localhost.
I've been getting this error:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.windows.net/578XXXXXX/v2.0/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://login.windows.net/578XXXXXX/v2.0/.well-known/openid-configuration'.
---> System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 60 seconds elapsing.
---> System.TimeoutException: A task was canceled.
---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at ........
My configuration is correct:
"AzureAd": {
"Instance": "https://login.windows.net",
"ClientId": "2103XXXXXXX",
"TenantId": "57XXXXXXX",
"Audience": "api://21XXXXX"
},
My code in Startup:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));
All this worked perfectly fine until today.
There are no problems in production. The same code works perfectly in the deployed Azure App.
Any ideas why I'm getting this time out issue? Could it be a network issue on my end?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Hi,
We are facing the same issue in our DEV and UAT environments. We have recently updated REDIs cache from 4.0 to 6.0 other than that no changes recently. Is there any solution for this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 42%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Hello,
Did you figure out any solution to this issue?
Hello,
Not really, but I think it was a networking issue on my side.
I've reset my router and called my ISP for new credentials and that seemed to fix the issue, so it was strange.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 15%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
We had the same issue in .NET 7 application. It was fixed by updating Microsoft.Identity.Web package to 2.12.4 (previously was 2.5.0)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 47%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Muchas gracias, su comentario fue de muchísima utilidad en mi proyecto, lo complementamos actualizando la versión de Azure.Identity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Alex D ,
Thanks for your post and sorry to hear that you are facing this issue! I understand that you are seeing the following error:
IDX20803: Unable to obtain configuration from: 'https://login.windows.net/578XXXXXX/v2.0/.well-known/openid-configuration'
If this has happened suddenly with no changes to your network, this might be related to a recent change in Azure that requires apps to use TLS 1.2. If you are still using deprecated TLS protocols and have not updated to TLS 1.2 and .NET framework 4.7 or later, you may face this error.
Otherwise if you have already updated the TLS version, this is normally a network error that is caused by the app being unable to connect to the Azure AD metadata endpoint. This occurs if something is blocking the connection (such as a firewall), the connection is not working for other reasons, or there is an outage (though I checked and did not find an outage report).
If you are using a proxy server or firewall, you also need to make sure that the URLs on this page are safelisted.
-
If the information helped you, please Accept the answer. This will help us and other community members as well.
Hi.
I've increased the timeout and it worked eventually, but took about 2 minutes just to get the OAuth config (compared to a few seconds before).
If I use Postman to request the tokens, it works fine and fast.
Just the ASP.NET apps seem to have issues.
I have TLS 1.2 enabled, no proxy running and Azure URLs are not blocked by firewall or antiviruses.
Any thoughts?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 95%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I am also getting same error when running my .NET 6 API locally, it works fine when running URL of app service where same code has been deployed
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3]
Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/<tenantId>/.well-known/openid-configuration'. Will retry at '7/19/2023 5:12:22 PM +00:00'. Exception: 'System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
In my Windows 10 machine, I have TLS 1.2 enabled and there is no firewall or VPN used.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 9%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETT%3C/text%3E%3C/svg%3E)
Hello,
We got the same issue in environments (DEV and Production) on my side.
So do we have any solution for this?
IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1'. IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1'. An error occurred while sending the request. Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host.. An existing connection was forcibly closed by the remote host.
The app was referencing an expired SSL certificate from the server (VM in azure) and when we removed the expired certificate the issue got resolved.