Share via

Azure B2C: Unable to retrieve document from v2.0 .well-known openid-configuration

Manuel Mourato 1 Reputation point
2021-09-24T15:58:43.213+00:00

I am trying to use Azure B2C in my dotnet core web app in order to use a sign-in flow I created.

These are my appsettings.json: 

"AzureAdB2C": {  
    "Instance": "https://XXXX.b2clogin.com/tfp/",  
    "Domain": "XXXX.onmicrosoft.com",  
    "ClientId": "<CLIENT_ID>",  
    "TenantId": "<TENANT_ID>",  
    "CallbackPath": "/signin-oidc",  
    "SignInPolicyId": "B2C_1_SignFlow"  
 }

This is my Startup.cs: 

 public void ConfigureServices(  
        IServiceCollection services)  
    {  
        IdentityModelEventSource.ShowPII = true;  
        services.AddRepositories(this.Configuration);  
        services.AddDbContext<ApplicationDbContext>();  
        services.AddServices();  

        services.Configure<CookiePolicyOptions>(options =>  
        {  
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.  
            options.CheckConsentNeeded = context => true;  
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;  
            // Handling SameSite cookie according to https://learn.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1  
            options.HandleSameSiteCookieCompatibility();  
        });  

        // Configuration to sign-in users with Azure AD B2C  
        services.AddMicrosoftIdentityWebAppAuthentication(this.Configuration, Constants.AzureAdB2C);  

        services.AddRazorPages();  

        services.AddControllersWithViews().AddMicrosoftIdentityUI();  
        services.AddOptions();  
        services.Configure<OpenIdConnectOptions> (this.Configuration.GetSection("AzureAdB2C"));  

    }  

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.  
    public void Configure(  
        IApplicationBuilder app,  
        IWebHostEnvironment env,  
        ILogger<Startup> logger)  
    {  

        if (env.IsDevelopment())  
        {  
            app.UseDeveloperExceptionPage();  
            app.UseDatabaseErrorPage();  
        }  
        else  
        {  
            app.UseExceptionHandler("/Home/Error");  
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.  
            app.UseHsts();  
        }  

        using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())  
        {  
            logger.LogInformation("Starting Migration");  
            using var context = serviceScope.ServiceProvider.GetRequiredService<ApplicationDbContext>();  
            context.Database.Migrate();  
            logger.LogInformation("Finished Migration");  
        }  
        app.UseHttpsRedirection();  
        app.UseStaticFiles();  
        app.UseCookiePolicy();  

        app.UseRouting();  
        app.UseAuthentication();  
        app.UseAuthorization();  

        app.UseEndpoints(endpoints =>  
        {  
            endpoints.MapControllerRoute(  
                "default",  
                "{controller=Home}/{action=Index}/{id?}");  
                endpoints.MapRazorPages();  
        }  

        );  
    }

The issue: Everytime I start my application, I get the following error: 

System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://XXXX.b2clogin.com/<TENANT_ID>/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:  
{  
  X-Frame-Options: DENY  
  ...  
  Content-Type: text/html  
  Content-Length: 103  
 }', HttpResponseMessage.Content: 'The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.'.

If I simply want to use Microsoft authentication, and set my instance name to https://login.microsoftonline.com/, everything works as expected. This only happens when I attempt to use user flows.

If I try to remove the TenantId from the appsettings.json, I get a message saying it is required : The 'TenantId' option must be provided.

Any ideas?

Thank you!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,876 Reputation points Moderator
    2021-09-29T10:01:45.66+00:00

    Hi @Manuel Mourato • The problem is with SignInPolicyId parameter in your AppSettings.json file, which needs to be replaced with SignUpSignInPolicyId. Even though you are using sign-in only policy but the key name must be SignUpSignInPolicyId. When SignUpSignInPolicyId is present in the appsettings.json file, you are not required to input the TenantID.

    The OIDC metadata resulting in your case is https://XXXX.b2clogin.com/<TENANT_ID>/v2.0/.well-known/openid-configuration, which is missing the policy name and resulting in HTTP 404 - 'The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.' error. It must look like https://xxxx.b2clogin.com/tfp/xxxx.onmicrosoft.com/B2C_1_SignFlow/v2.0/.well-known/openid-configuration to work.

    Also, in "Instance": "https://XXXX.b2clogin.com/tfp/", /tfp is optional and works with/without it.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    6 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.