-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] NullReferenceException when using Microsoft Graph (AppOnly) within IHostedService or anonymous web app controllers #1372
Comments
I am getting the same exception and stack trace. In my case, this is happening in a console app. Excerpt from Main method of the console app:
Method that calls Azure using GraphServiceClient
|
@paolovalladolid do you have a working repo or link to code that i can download and run locally? |
@jennyf19 I have created a repo for a simple console app that demonstrates the issue with using GraphServiceClient with the IoC framework. Plug in your Azure settings into the appsettings.json of course. https://github.com/paolovalladolid/PVSimpleMSGraphConsole |
|
@jennyf19 I tried to make the suggested code changes but am having a hard time pushing my changes to GitHub because I can't get my new token to work with GitHub. I modified the classes as follows. I still get the same stack trace: class Program
{
public static async Task Main(string[] args)
{
Console.WriteLine("Hello World!");
var services = Startup.ConfigureServices();
var serviceProvider = services.BuildServiceProvider();
Console.WriteLine("My MSGraph app configuration loaded. Begin call to Azure...");
var msapp = await GetServiceFromAzureAsync(serviceProvider);
}
public static async Task<Microsoft.Graph.Application> GetServiceFromAzureAsync(IServiceProvider injectedProvider)
{
var serviceId = 2555417833004;
var filterString = $"tags/any(c:c eq 'ThreescaleServiceId:{serviceId}')";
using IServiceScope serviceScope = injectedProvider.CreateScope();
IServiceProvider provider = serviceScope.ServiceProvider;
var graphClient = provider.GetRequiredService<GraphServiceClient>();
var results = await graphClient.Applications.Request()
.WithAppOnly()
.Filter(filterString)
.GetAsync();
return results.First();
}
}
public static class Startup
{
public static IServiceCollection ConfigureServices()
{
var services = new ServiceCollection();
var config = new ConfigurationBuilder()
.AddJsonFile($"appsettings.json", optional: true, reloadOnChange: true)
.Build();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(config.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(config.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
return services;
}
public static void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseAuthentication();
app.UseAuthorization();
}
} |
Was getting something similar with a hosted service, workaround for me was to use Seems the merged options aren't initialised until the first web request comes in, thereby breaking daemon scenarios? |
Thanks @mrfrankbell |
Mine is, but has a background process that launches on startup to sync data from another protected web API.
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Jean-Marc Prieur ***@***.***>
Sent: Friday, August 20, 2021 11:07:16 PM
To: AzureAD/microsoft-identity-web ***@***.***>
Cc: Frank Bell ***@***.***>; Mention ***@***.***>
Subject: Re: [AzureAD/microsoft-identity-web] [Bug] NullReferenceException when using Microsoft Graph (AppOnly) within IHostedService (#1372)
Thanks @mrfrankbell<https://github.com/mrfrankbell>
I see, so it's not really a protected web API, @paolovalladolid<https://github.com/paolovalladolid> ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1372 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APNQKPGPWVPYJ4C2E34FDPTT53GZJANCNFSM5BUBENLA>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>.
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.
|
I am also experiencing this issue in 1.16.0. Stack Trace when using ITokenAcquisition.GetAccessTokenForAppAsync
If I try adding Stack Trace when using WithAppOnly
|
@MaxxDelusional |
@jmprieur I was just able to reproduce this new Web Api project. I think the issue occurs because my API endpoint doesn't require an authenticated user. The API I am creating is hosted privately, and cannot be accessed from outside of my network. I want the API to be able to pull user photos from the graph api, without a user. appsettings.json
TestController.cs
Startup.cs
|
@MaxxDelusional. Use .AddMicrosoftGraphAppOnly() instead of .AddMicrosoftGraph(defaultScopes: "User.Read User.Read.All") in the startup.cs file |
Some of the endpoints in my API do require an authenticated user, is it possible to use both extension methods at the same time? I did a quick test with both, and I still got the Maybe I am misunderstanding something, but why does |
@MaxxDelusional. Let's check for this scenario of anonymous web app controllers wanting to access app only graph scopes |
@jennyf19: Changing to a bug for the case of anonymous controllers that want to call Microsoft Graph app only scopes |
I tried to repro this with an anonymous controller and a GRPC service, but could not get the same error. @MaxxDelusional could you provide a repro? |
I suspect that I am probably doing something wrong. In any case, here is a simplified repo. You'll need to modify https://github.com/MaxxDelusional/IdentityWebTest |
Thanks for the repro @MaxxDelusional, was very helpful. We have a bug when using an anonymous controller, but as a work around, you can specify the auth scheme in the TestController and things should work: var request = await _graphServiceClient.Users[userId].Photo.Content
.Request()
.WithAppOnly()
.WithAuthenticationScheme(JwtBearerDefaults.AuthenticationScheme)
.GetAsync(); also, in Startup.cs, you need to include: app.UseAuthentication(); to set up all the middleware correctly. @jmprieur we need to do something better here for when we don't have the token but it is a web API. |
Thanks @jennyf19. We were having this same issue using Adding
|
Thanks for the investigation and the heads-up @jennyf19 |
@MaxxDelusional @paolovalladolid @Trancesphere the fix is in master if you want to try it out. will be in next release, possibly next week or week after (1st/2nd week of sept). |
Included in 1.16.1 release |
Which version of Microsoft Identity Web are you using?
1.15.2
Where is the issue?
Is this a new or an existing app?
The app is in production (using 1.10.0) and I have upgraded to a new version of Microsoft Identity Web.
Repro
Debug Launch is set to Project.
Launch Browser is unticked.
The below code works fine with 1.10.0.
Anything above 1.10.0 (1.11-1.15.2) throws a NullReferenceException.
Startup.cs
Shortened code from IHostedService:
Expected behavior
Return the list of users within Azure AD using Graph App Only
Actual behavior
Possible solution
Additional context / logs / screenshots
The text was updated successfully, but these errors were encountered: