Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"ArgumentNull" response in Azure web app #2736

Open
ggroves opened this issue Nov 8, 2024 · 2 comments
Open

"ArgumentNull" response in Azure web app #2736

ggroves opened this issue Nov 8, 2024 · 2 comments
Labels

Comments

@ggroves
Copy link

ggroves commented Nov 8, 2024

Describe the bug

We were asked to open this issue by Microsoft support. We have three identically configured Azure web apps (development, test, production). On development and production, calls to MS Graph fail.
The same code works on the test instance, and multiple development machines. We have verified that test is set up the same as development and production.

We originally logged an issue with MSAL (4989), but they said it would be a Graph issue since they have already created the token but Graph is not validating it.

Expected behavior

This is what is logged from the same call on localhost:
info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0]
MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers:
{
Accept: application/json
Authorization: Bearer ****
FeatureFlag: 00000003
Cache-Control: no-store, no-cache
User-Agent: kiota-dotnet/1.3.4
SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.22631.0; hostArch=X64; runtimeEnvironment=.NET 8.0.10;)
client-request-id: 5f1ff492-4dfc-4077-8a59-37804945e114
}
MSAL Response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Cache-Control: max-age=0, private
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
request-id: 3c5ddd01-1b4e-4dcb-8325-7727160e8aba
client-request-id: 5f1ff492-4dfc-4077-8a59-37804945e114
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"E","Ring":"4","ScaleUnit":"005","RoleInstance":"SJ1PEPF00001C68"}}
x-ms-resource-unit: 1
OData-Version: 4.0
Date: Wed, 06 Nov 2024 13:17:10 GMT
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
}

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName)/$entity","companyName":"CP AHS VIRTUAL","department":"IT Clinical System Architectur","displayName":"Groves, Greg","employeeType":null,"givenName":"Greg","jobTitle":"IT-EMR Data Engineer Senior I","mail":"**@AdventHealth.com","officeLocation":"ALTAMONTE SPRINGS","userPrincipalName":"@multihosp.net","preferredName":""}

How to reproduce

private static readonly string[] UserProps = new string[] { "companyName", "department", "displayName", "employeeType",
"givenName", "jobTitle", "mail", "manager", "officeLocation", "preferredName", "userPrincipalName" };

...
_logger.LogDebug("[CallMicrosoftGraph] Calling Microsoft Graph...");
userInfo = await _graphServiceClient.Me
.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = UserProps;
});
}

As noted, this works locally and in one Azure web app instance, but not in two others.

SDK Version

Microsoft.Identity.Web.GraphServiceClient 3.31

Latest version known to work for scenario above?

Microsoft.Identity.Web.GraphServiceClient 3.31

Known Workarounds

No response

Debug output

Click to expand log ``` dbug: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] Calling Microsoft Graph... info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0] MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers: { Accept: application/json Authorization: Bearer FeatureFlag: 00000003 Cache-Control: no-store, no-cache User-Agent: kiota-dotnet/1.3.4 SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.20348.0; hostArch=X64; runtimeEnvironment=.NET 8.0.8;) client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d }

MSAL Response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
request-id: 5fd97559-d114-4ae3-b81b-9049ca68083c
client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East US","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"BL02EPF0002E9D5"}}
WWW-Authenticate: Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000"
WWW-Authenticate: PoP realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000", nonce="****"
Date: Wed, 06 Nov 2024 16:35:40 GMT
Content-Type: application/json
}

{"error":{"code":"InvalidAuthenticationToken","message":"ArgumentNull","innerError":{"date":"2024-11-06T16:35:40","request-id":"5fd97559-d114-4ae3-b81b-9049ca68083c","client-request-id":"48a0999b-d24a-49ee-ae01-bb62021e097d"}}}
warn: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] MSGraph is unavailable - ArgumentNull

</details>


### Configuration

Packages: Microsoft.Identity.Web 3.3.1, Microsoft.Identity.Web.GraphServiceClient 3.31, Microsoft.Kiota.Authentication.Azure 1.14.0
.Net 8.0.10
Azure web app is Windows
Development machines are Windows 11

### Other information

I am not really sure this is a Graph library issue, but Microsoft Support asked us to log it here as apparently it will facilitate them working with you on it.

thanks for your help,
Greg Groves
AdventHealth
@ggroves ggroves added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Nov 8, 2024
@andrueastman
Copy link
Member

Thanks for raising this @ggroves

From the error response, it looks like the error is being thrown due to the authorization token being invalid.

Are you able to grab the Authorization header from the log and paste it at https://jwt.ms and confirm if the token in the header is a valid token?

@andrueastman andrueastman added status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned labels Dec 5, 2024
@ggroves
Copy link
Author

ggroves commented Dec 6, 2024

There is no token in the failing instances, which was why I originally created the issue for MSAL.

dbug: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] Calling Microsoft Graph...
info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0]
MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers:
{
Accept: application/json
Authorization: Bearer
FeatureFlag: 00000003
Cache-Control: no-store, no-cache
User-Agent: kiota-dotnet/1.3.4
SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.20348.0; hostArch=X64; runtimeEnvironment=.NET 8.0.8;)
client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d
}

As you see, where the token should be following 'Bearer', there is nothing.

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 and removed status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close labels Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants