Bearer token authentication is not permitted for non TLS protected endpoints (MS Graph) C#
Hello,
I am having trouble pulling a user’s photo from MS Graph. In my app, I have configured ASP.net Core Identity to use Microsoft as an external login / registration choice. Locally, it pulls the picture fine, which leads me to believe it has something to do with IIS or some other underlying technology in the server environment.
When I try to register the user in production, I get the following error:
----------
Error loading external login information (Graph). System.InvalidOperationException: Bearer token authentication is not permitted for non TLS protected (https) endpoints. at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory1 pipeline, Boolean async) at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpMessage message, ReadOnlyMemory
1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory
1 pipeline, Boolean async) at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task) at Azure.Core.Pipeline.RedirectPolicy.Process(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory
1 pipeline, Boolean async) at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory1 pipeline, Boolean async) at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task) at Azure.Core.Pipeline.RetryPolicy.Process(HttpMessage message, ReadOnlyMemory
1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory
1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory
1 pipeline) at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory
1 pipeline) at Azure.Core.Pipeline.HttpPipeline.Send(HttpMessage message, CancellationToken cancellationToken) at Azure.Core.Pipeline.HttpPipeline.SendRequest(Request request, CancellationToken cancellationToken) at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest(Request request, CancellationToken cancellationToken) at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestTResult at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificate(String certificateName, CancellationToken cancellationToken) at OfficialBlogProject.Helpers.Helper.GetCertificateAsync(CertificateClient certificateClient, SecretClient secretClient, String certificateName) at OfficialBlogProject.Helpers.Helper.LoadCertificate(IConfiguration config, String certificateName) at OfficialBlogProject.Services.BasicExternalLoginService.GetMicrosoftGraphPhotoAsync(String token) at OfficialBlogProject.Areas.Identity.Pages.Account.ExternalLoginModel.OnGetCallbackAsync(String returnUrl, String remoteError).
----------
My first thought was enabling TLS 1.2 for IIS 10 might fix the issue, but it has not. I enabled HSTS settings and HTTPS redirect in IIS and the code. I am not sure where to look in terms of a solution for this. I would appreciate any help. If you need additional information, please let me know. I will be happy to provide it. Thanks for all that reply.
Regards,
Mike