Azure B2C: Unable to retrieve document from v2.0 .well-known openid-configuration

Manuel Mourato 1 Reputation point
2021-09-24T15:58:43.213+00:00

I am trying to use Azure B2C in my dotnet core web app in order to use a sign-in flow I created.

These are my appsettings.json:

"AzureAdB2C": {  
    "Instance": "https://XXXX.b2clogin.com/tfp/",  
    "Domain": "XXXX.onmicrosoft.com",  
    "ClientId": "<CLIENT_ID>",  
    "TenantId": "<TENANT_ID>",  
    "CallbackPath": "/signin-oidc",  
    "SignInPolicyId": "B2C_1_SignFlow"  
 }  

This is my Startup.cs:

 public void ConfigureServices(  
        IServiceCollection services)  
    {  
        IdentityModelEventSource.ShowPII = true;  
        services.AddRepositories(this.Configuration);  
        services.AddDbContext<ApplicationDbContext>();  
        services.AddServices();  

        services.Configure<CookiePolicyOptions>(options =>  
        {  
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.  
            options.CheckConsentNeeded = context => true;  
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;  
            // Handling SameSite cookie according to https://learn.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1  
            options.HandleSameSiteCookieCompatibility();  
        });  

        // Configuration to sign-in users with Azure AD B2C  
        services.AddMicrosoftIdentityWebAppAuthentication(this.Configuration, Constants.AzureAdB2C);  

        services.AddRazorPages();  

        services.AddControllersWithViews().AddMicrosoftIdentityUI();  
        services.AddOptions();  
        services.Configure<OpenIdConnectOptions> (this.Configuration.GetSection("AzureAdB2C"));  

    }  

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.  
    public void Configure(  
        IApplicationBuilder app,  
        IWebHostEnvironment env,  
        ILogger<Startup> logger)  
    {  

        if (env.IsDevelopment())  
        {  
            app.UseDeveloperExceptionPage();  
            app.UseDatabaseErrorPage();  
        }  
        else  
        {  
            app.UseExceptionHandler("/Home/Error");  
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.  
            app.UseHsts();  
        }  

        using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())  
        {  
            logger.LogInformation("Starting Migration");  
            using var context = serviceScope.ServiceProvider.GetRequiredService<ApplicationDbContext>();  
            context.Database.Migrate();  
            logger.LogInformation("Finished Migration");  
        }  
        app.UseHttpsRedirection();  
        app.UseStaticFiles();  
        app.UseCookiePolicy();  

        app.UseRouting();  
        app.UseAuthentication();  
        app.UseAuthorization();  

        app.UseEndpoints(endpoints =>  
        {  
            endpoints.MapControllerRoute(  
                "default",  
                "{controller=Home}/{action=Index}/{id?}");  
                endpoints.MapRazorPages();  
        }  

        );  
    }  

The issue: Everytime I start my application, I get the following error:

System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://XXXX.b2clogin.com/<TENANT_ID>/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:  
{  
  X-Frame-Options: DENY  
  ...  
  Content-Type: text/html  
  Content-Length: 103  
 }', HttpResponseMessage.Content: 'The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.'.  

If I simply want to use Microsoft authentication, and set my instance name to https://login.microsoftonline.com/, everything works as expected. This only happens when I attempt to use user flows.

If I try to remove the TenantId from the appsettings.json, I get a message saying it is required : The 'TenantId' option must be provided.

Any ideas?

Thank you!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,548 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,501 Reputation points
    2021-09-29T10:01:45.66+00:00

    Hi @Manuel Mourato • The problem is with SignInPolicyId parameter in your AppSettings.json file, which needs to be replaced with SignUpSignInPolicyId. Even though you are using sign-in only policy but the key name must be SignUpSignInPolicyId. When SignUpSignInPolicyId is present in the appsettings.json file, you are not required to input the TenantID.

    The OIDC metadata resulting in your case is https://XXXX.b2clogin.com/<TENANT_ID>/v2.0/.well-known/openid-configuration, which is missing the policy name and resulting in HTTP 404 - 'The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.' error. It must look like https://xxxx.b2clogin.com/tfp/xxxx.onmicrosoft.com/B2C_1_SignFlow/v2.0/.well-known/openid-configuration to work.

    Also, in "Instance": "https://XXXX.b2clogin.com/tfp/", /tfp is optional and works with/without it.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    5 people found this answer helpful.