Tag Archives: Azure

DX20807: Unable to retrieve document from: ‘[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.] site:stackoverflow.com

Hi everyone,

I ran into the following error today while implementing Azure AD B2C:

DX20807: Unable to retrieve document from: ‘[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.%5D site:stackoverflow.com

There are a lot of different solutions to this error posted on Stackoverflow, Github, etc but without anything else to go on it’s pretty hard to narrow down the cause. This is where the ShowPII property comes in handy:

….
var resultJson = configuration.GetSection(“AzureAdB2cConfiguration”).Value;
var azureConfig = JsonConvert.DeserializeObject(resultJson);

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; // TODO: This should be removed in production and the authority url changed to https

jwtOptions.RequireHttpsMetadata = false; // TODO: This should be removed in production and the authority url changed to https
jwtOptions.Authority = azureConfig.Authority;
jwtOptions.Audience = azureConfig.AppClientId;
jwtOptions.Events = new JwtBearerEvents {
OnAuthenticationFailed = AuthenticationFailed,
};


static Task AuthenticationFailed(AuthenticationFailedContext arg)
{
// For debugging purposes only!
var s = $”AuthenticationFailed: {arg.Exception.Message}”;
arg.Response.ContentLength = s.Length;

System.Diagnostics.Debugger.Break();
return arg.Response.Body.WriteAsync(Encoding.UTF8.GetBytes(s), 0, s.Length);
}

Simply set Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII to true while configuration your authentication and the full internal error will be shown instead of the vague PII message.

In my case this turned out to be an issue with the construction of my authority url.

Cheers,
Chris

Return URL is missing path – Azure AD B2C

Hi everyone,

Just a small issue I’ve hit while implementing Azure AD B2C. After logging in Azure has been routing me to the base path instead of including the controller.

The solution to this turned out to be pretty straight-forward. All URLS apparently need to be including in the reply URLs of your Azure AD B2C application.

Just add a new row with the entire url to yours and it should start working immediately.

Thanks,
Chris

Azure AD B2C – Unauthorized

Hi everyone,

I’ve been mucking around with Azure AD B2C. It seems like a pretty good substitute for AWS Cognito that I’ve used previously.

While following the Microsoft sample tutorials I ran into an “unauthorized” error. A value was being returned but no access token was provided.

This seems to be indicative of an issue with scopes. In my case, I’d excluded a trailing slash on the ApiIdentifier url in the TaskWebApp web.config.

This seems to be a fairly common configuration issue. The following stackoverflow post pointed me in the right direction:

https://stackoverflow.com/a/49304044/522859

Relevant tutorial article can be found here: https://docs.microsoft.com/en-au/azure/active-directory-b2c/active-directory-b2c-tutorials-web-api?tabs=applications

Unable to add ‘Scripts/services/OrderService.js’ to the Web site. An unknown WinINet error has occurred (code 12113)

Hey everyone,

I ran into the following error while trying to publish via FTP to GoDaddy using Visual Studio 2013:

Unable to add ‘Scripts/services/OrderService.js’ to the Web site. An unknown WinINet error has occurred (code 12113)

While I wasn’t able to work out an exact cause it seems to have been triggered by my alternative Azure/TFS publishing profile. While attempting to publish to GoDaddy the Microsft login popped up. I closed it thinking that it shouldn’t be required. Logging back in seems to have resolved the issue.

The configuration section ‘customErrors’ cannot be read because it is missing a section declaration – Azure

Hey everyone,

The configuration section ‘customErrors’ cannot be read because it is missing a section declaration

I started receiving this error after I added the following elements to my Web.config file:

  
    
      
        
      
    
  

The problem turned out to be that the custom errors entry actually belongs under system.web. All you actually need to add it the <customErrors mode=”Off”/> part – just make sure it’s under system.web.