[Bug] Using RequiredScope Attribute on APIController Causes 500 Response #1223

DigitalPZ · 2021-05-27T15:12:27Z

Which version of Microsoft Identity Web are you using?
1.10.0
Note that to get help, you need to run the latest version.

Where is the issue?

Web app
- Sign-in users
- Sign-in users and call web APIs
Web API
- Protected web APIs (validating tokens)
- [ x] Protected web APIs (validating scopes)
- Protected web APIs call downstream web APIs
Token cache serialization
- In-memory caches
- Session caches
- Distributed caches
Other (please describe)

Is this a new or an existing app?
App in development, not in production yet, upgraded to new version of Microsoft Identity Web.

Repro
I have the following in appsettings.json:

"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxxxxxxxx",
"TenantId": "xxxxxxxxxxxx",
"ClientId": "xxxxxxxxxxxx",
"Scopes": "user_impersonation",
"CallbackPath": "/signin-oidc"
}

I am trying to use the following attribute at the controller level:
[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]

Expected behavior
Expected that the scope is verified for all methods in the controller and the API methods are reached.

Actual behavior
When the UI calls this API it first gets a token successfully then calls the API. I put a breakpoint on the controller method that gets called. The breakpoint is not reached but a 500 status with a message of Internal Server Error is returned to the UI.

If I revert to the following code, everything works properly:
static readonly string[] scopeRequiredByApi = new string[] { "user_impersonation" }; HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);

Possible solution

Additional context / logs / screenshots
Add any other context about the problem here, such as logs and screenshots.

The text was updated successfully, but these errors were encountered:

jmprieur · 2021-05-30T19:37:49Z

@jennyf19 I could repro it easily by replacing in

 [RequiredScope("access_as_user")]

by

    [RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]

in the TodoListController.cs file of the TodoListService web API in the WebAppCallsWebApiCallsGraph devapp

The call stack is:

System.Net.Http.HttpRequestException
HResult=0x80131500
Message=500 InternalServerError System.InvalidOperationException: A suitable constructor for type 'Microsoft.Identity.Web.Resource.RequiredScopeFilter' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor.
at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.FindApplicableConstructor(Type instanceType, Type[] argumentTypes, ConstructorInfo& matchingConstructor, Nullable1[]& matchingParameterMap) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateFactory(Type instanceType, Type[] argumentTypes) at Microsoft.AspNetCore.Mvc.TypeFilterAttribute.CreateInstance(IServiceProvider serviceProvider) at Microsoft.AspNetCore.Mvc.Filters.DefaultFilterProvider.ProvideFilter(FilterProviderContext context, FilterItem filterItem) at Microsoft.AspNetCore.Mvc.Filters.DefaultFilterProvider.OnProvidersExecuting(FilterProviderContext context) at Microsoft.AspNetCore.Mvc.Filters.FilterFactory.CreateUncachedFiltersCore(IFilterProvider[] filterProviders, ActionContext actionContext, List1 filterItems)
at Microsoft.AspNetCore.Mvc.Filters.FilterFactory.GetAllFilters(IFilterProvider[] filterProviders, ActionContext actionContext)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvokerCache.GetCachedResult(ControllerContext controllerContext)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvokerProvider.OnProvidersExecuting(ActionInvokerProviderContext context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionInvokerFactory.CreateInvoker(ActionContext actionContext)
at Microsoft.AspNetCore.Mvc.Routing.ActionEndpointFactory.<>c__DisplayClass7_0.b__0(HttpContext context)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Source=Microsoft.Identity.Web
StackTrace:
at Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.d__7`1.MoveNext() in C:\gh\microsoft-identity-web\src\Microsoft.Identity.Web\DownstreamWebApiSupport\DownstreamWebApiGenericExtensions.cs:line 297

jmprieur · 2021-05-30T19:42:04Z

It's also a duplicate of #1036

jmprieur added regression regression between Microsoft Identity Web versions bug Something isn't working labels May 28, 2021

jmprieur added this to the 1.12.0 milestone May 28, 2021

jmprieur added the duplicate This issue or pull request already exists label May 30, 2021

This was referenced May 31, 2021

fix scope attribute #1230

Merged

[Bug] Microsoft.Identity.Web.Resource.RequiredScopeFilter 's constructor could not be located when read config from appsettings #1197

Closed

jennyf19 closed this as completed in #1230 May 31, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Using RequiredScope Attribute on APIController Causes 500 Response #1223

[Bug] Using RequiredScope Attribute on APIController Causes 500 Response #1223

DigitalPZ commented May 27, 2021

jmprieur commented May 30, 2021 •

edited

Loading

jmprieur commented May 30, 2021

[Bug] Using RequiredScope Attribute on APIController Causes 500 Response #1223

[Bug] Using RequiredScope Attribute on APIController Causes 500 Response #1223

Comments

DigitalPZ commented May 27, 2021

jmprieur commented May 30, 2021 • edited Loading

jmprieur commented May 30, 2021

jmprieur commented May 30, 2021 •

edited

Loading