Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calling MsGraph API using Graph SDK v5 hitting error 'A security error occurred' #2176

Closed
kyzhangZao opened this issue Oct 23, 2023 · 4 comments
Closed

Calling MsGraph API using Graph SDK v5 hitting error 'A security error occurred' #2176

kyzhangZao opened this issue Oct 23, 2023 · 4 comments
Labels
Question: SDK Status: No recent activity

Comments

@kyzhangZao
Copy link

kyzhangZao commented Oct 23, 2023
edited
Loading

I'm currently working on upgrade our graph sdk from v3 to v5 and graph.core sdk from v1.22 to v3. I created the GraphServiceClient with related bearer token using IAccessTokenProvider and BaseBearerTokenAuthenticationProvider. This creates the GraphServiceClient without any error, however when making MsGraph API call using that GraphServiceClient, always hitting Error 12175 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A security error occurred'.

The full error traces:

[10/20/2023 2:12:37 PM] [Error] [8ebb203e-cd88-45bf-aa3e-b89643eeeae4] [GetGroupAsync] GetGroupAsync failed for group with id '' with exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: Error 12175 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'A security error occurred'.
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.Tasks.RendezvousAwaitable1.GetResult() at System.Net.Http.WinHttpHandler.<StartRequestAsync>d__122.MoveNext() --- End of inner exception stack trace --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Timeout.AsyncTimeoutEngine.<ImplementationAsync>d__01.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Polly.Timeout.AsyncTimeoutEngine.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.AsyncPolicy1.d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Polly.Wrap.AsyncPolicyWrapEngine.<>c__DisplayClass0_01.<<ImplementationAsync>b__0>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Bulkhead.AsyncBulkheadEngine.<ImplementationAsync>d__01.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Polly.AsyncPolicy1.<ExecuteAsync>d__13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Wrap.AsyncPolicyWrapEngine.<ImplementationAsync>d__01.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Polly.AsyncPolicy1.<ExecuteAsync>d__13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.Wrap.AsyncPolicyWrapEngine.<>c__DisplayClass0_01.<b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Polly.Retry.AsyncRetryEngine.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.AsyncPolicy1.d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Polly.Wrap.AsyncPolicyWrapEngine.d__01.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Polly.AsyncPolicy1.d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.HeadersInspectionHandler.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.RetryHandler.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.CompressionHandler.d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.HeadersInspectionHandler.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.RedirectHandler.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.RetryHandler.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.Middleware.CompressionHandler.d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.d__201.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Graph.Groups.Item.GroupItemRequestBuilder.<GetAsync>d__89.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.ConfiguredTaskAwaitable1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.ApplicationProxy.Cloud.Common.Security.MsGraph.MsGraphProvider.d__2.MoveNext() in C:\R\AD-HybridAuth-StagedRollout\src\HIP\HIP.Cloud.Common\Security\MsGraph\MsGraphProvider.cs:line 42

We're seeing this behavior when running integration test. And based on our investigation, when using the new graph sdk, MsGraph mock (using mountebank) is not being triggered, instead, the call seems to try to reach the localhost endpoint that gives this error. This issue only being found when trying to call MsGraph API, other calls reach mountebank.
@andrueastman
Copy link
Member

Thanks for raising this @kyzhangZao

Any chance you can confirm the manner in which you are initialing your graph client and the dotnet runtime as well? Are you able to confirm if you are making requests being a network proxy by any chance?

@kyzhangZao
Copy link
Author

We're using .NET Framework 4.7.2
We initialize graph client by
-> implement IAccessTokenProvider which takes a tokenProvider (for local testing, we just have a mock local value; for prod we use ConfidentialClientApplicationBuilder to acquire a token for our service) as a parameter
-> use BaseBearerTokenAuthenticationProvider that takes the accessTokenProvider as a parameter
-> create a HTTPClient use GraphClientFactory.Create
-> construct GraphServiceClient
public GraphServiceClient(
HttpClient httpClient,
IAuthenticationProvider authenticationProvider,
string baseUrl)

We're a MS 1p service, by any chance I can directly reach out on Teams? That might be easier to solve this issue.

@baywet
Copy link
Member

baywet commented Oct 25, 2023

@kyzhangZao this seems to indicate the client tried to reach out Microsoft Graph through an older version of TLS and got a connection denied. Please make sure another section of your code is not locking TLS to a specific version Transport Layer Security (TLS) best practices with the .NET Framework - .NET Framework | Microsoft Learn

(Microsoft Graph only supports TLS 1.2 and 1.3 for security reasons SSL Server Test: graph.microsoft.com (Powered by Qualys SSL Labs))

@microsoft-github-policy-service
Copy link
Contributor

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

@isPhilo isPhilo mentioned this issue Dec 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Question: SDK Status: No recent activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrueastman @baywet @kyzhangZao