"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable" with

admin管理员组

文章数量:1386700

I am trying to login via an external provider on my Duende Asp.Net Identity Project. The project is hosted on Azure App Services. However when doing so, I get this error.

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

and its stuck on this url
https://{App service name}.azurewebsites/signin-microsoft?code={randomcode}

This only happens on Azure App Services and not on my local machine.

This is my authentication code.

builder.Services.AddAuthentication(options =>
    {
        options.DefaultScheme = IdentityConstants.ApplicationScheme;
        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    })
    .AddMicrosoftAccount(options =>
    {
        options.ClientId = aadConfig.ClientId;
        options.ClientSecret = aadConfig.ClientSecret;
        options.AuthorizationEndpoint = aadConfig.AuthorityEndpoint;
        options.TokenEndpoint = aadConfig.TokenEndpoint;
    })
    .AddJwtBearer(options =>
    {
        options.Authority = addressConfig.AuthorityAddress;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuers = validIssuers,
            ValidateAudience = false
        };
    })
    .AddIdentityCookies(options =>
    {
        options.ApplicationCookie.PostConfigure(identityCookieOptions =>
        {
            identityCookieOptions.ExpireTimeSpan = TimeSpan.FromDays(30);
        });

        options.TwoFactorRememberMeCookie.PostConfigure(twoFactorCookieOptions =>
        {
            twoFactorCookieOptions.ExpireTimeSpan = TimeSpan.FromDays(30);
        });
    });

In the Azure App Registration, I have added the redirect URI for the web platform like the following

I have tried debugging the issue. It seems that it does go through the Account/PerformExternalLogin but it does not go through the ExternalLogin.razor page. It seems to me that after logging in, it does not redirect to the expected page.

I am trying to login via an external provider on my Duende Asp.Net Identity Project. The project is hosted on Azure App Services. However when doing so, I get this error.

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

and its stuck on this url
https://{App service name}.azurewebsites/signin-microsoft?code={randomcode}

This only happens on Azure App Services and not on my local machine.

This is my authentication code.

builder.Services.AddAuthentication(options =>
    {
        options.DefaultScheme = IdentityConstants.ApplicationScheme;
        options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    })
    .AddMicrosoftAccount(options =>
    {
        options.ClientId = aadConfig.ClientId;
        options.ClientSecret = aadConfig.ClientSecret;
        options.AuthorizationEndpoint = aadConfig.AuthorityEndpoint;
        options.TokenEndpoint = aadConfig.TokenEndpoint;
    })
    .AddJwtBearer(options =>
    {
        options.Authority = addressConfig.AuthorityAddress;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuers = validIssuers,
            ValidateAudience = false
        };
    })
    .AddIdentityCookies(options =>
    {
        options.ApplicationCookie.PostConfigure(identityCookieOptions =>
        {
            identityCookieOptions.ExpireTimeSpan = TimeSpan.FromDays(30);
        });

        options.TwoFactorRememberMeCookie.PostConfigure(twoFactorCookieOptions =>
        {
            twoFactorCookieOptions.ExpireTimeSpan = TimeSpan.FromDays(30);
        });
    });

In the Azure App Registration, I have added the redirect URI for the web platform like the following
https://memberportalidp20241224203416.azurewebsites/signin-microsoft

I have tried debugging the issue. It seems that it does go through the Account/PerformExternalLogin but it does not go through the ExternalLogin.razor page. It seems to me that after logging in, it does not redirect to the expected page.

• azure
• azure-web-app-service
• asp-core-identity
• duende-identity-server

Share Improve this question Follow edited Mar 18 at 8:30 Jason 22.5k22 gold badges2222 silver badges4545 bronze badges asked Mar 18 at 6:19 Richard VoRichard Vo 111 bronze badge 5

• How are you deploying your app to Azure? – Aslesha Kantamsetti Commented Mar 18 at 6:28
• @AsleshaKantamsetti I can tell you what I have configured to the best of my ability. In the Azure App Services, I'm using the Windows environment. The app uses Azure Key Vault and Blob Storage. They are accessed via the Virtual Network. In the configuration, I have enabled web sockets for Blazor Interactive Server to work. I'm using 8.0. I do not have anything set yet in the CORS settings. – Richard Vo Commented Mar 18 at 7:32
• Could you kindly check the Application logs in Diagnose and solve problems ? – Jason Commented Mar 18 at 7:58
• One more thing, you also can capture the .har files from local and azure app service, then compare the difference. – Jason Commented Mar 18 at 8:42
• @JasonPan unfortunately, looking at the Application Logs didn't reveal anything that useful to me. When replicating the bug, nothing seemed to appear. However, I just added an answer where replacing AddMicrosoftAccount with AddOpenIdConnect seemed to fix the issue. It's not a satisfactory resolution, but it does seem to work. I am wondering though what changes can I make to the .AddMicrosoftAccount that would make it work like .AddOpenIdConnect – Richard Vo Commented Mar 18 at 18:53

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

I am able to resolve it, but not in a manner that I'm extremely satisfied with. I am curious to what changes to AddMicrosoftAccount would make it behave more similarly to the AddOpenIdConnect.

I've replaced the following

.AddMicrosoftAccount(options =>
    {
        options.ClientId = aadConfig.ClientId;
        options.ClientSecret = aadConfig.ClientSecret;
        options.AuthorizationEndpoint = aadConfig.AuthorityEndpoint;
        options.TokenEndpoint = aadConfig.TokenEndpoint;
    })

With this

AddOpenIdConnect("Microsoft", options =>
    {
        options.Authority = aadConfig.Authority;
        options.ClientId = aadConfig.ClientId;
        options.ClientSecret = aadConfig.ClientSecret;
        options.ResponseType = OpenIdConnectResponseType.Code;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.MapInboundClaims = false;
        options.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
    })

Somehow, the AddOpenIdConnect doesn't have the same issues.

本文标签：