Invalid non-ASCII or control character in header: 0x000D exception

Question

Invalid non-ASCII or control character in header: 0x000D exception

zemien opened this issue 7 years ago · 5 comments

Tested on: Visual Studio 2017 for Mac

The sample runs fine out of the box with the pre-configured settings. I can create accounts, call the API path, forget password, and sign out.

I then tried to configure my own app. The sign up page worked fine, my custom policy was picked up. However, I encounter the following exception when it tries to go back to http://localhost:5000/signin-oidc

System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x000D
   at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch)
   at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters)
   at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(StringValues headerValues)
   at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameResponseHeaders.SetValueFast(String key, StringValues value)
   at WebApp_OpenIDConnect_DotNet.OpenIdConnectOptionsSetup.OnRemoteFailure(FailureContext context) in /Users/zemien/Projects/active-directory-b2c-dotnetcore-webapp/WebApp-OpenIDConnect-DotNet/OpenIdConnectOptionsSetup.cs:line 76
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRemoteCallbackAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Session.SessionMiddleware.<Invoke>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Session.SessionMiddleware.<Invoke>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()

Any advice? Thank you!

Answer 1 · 2017-07-09T05:04:33.000Z

Some further testing: After the exception occurs, I tried navigating directly to http://localhost:5000/Session/EditProfile and it pops up with the Edit Profile page with my user details populated. I click Continue and I return to the app as the fully authenticated user. No exception.

Answer 2 · 2017-07-10T22:44:14.000Z

This post indicates it may have to do with you calling an http url. Perhaps try the https version?

Answer 3 · 2017-07-28T09:23:28.000Z

I had this exception - but it was masking the real error returned by the API.

I changed the error handling code to look like this, using some RegEx to strip out the non-displayable characters:

    // Handle sign-in errors differently than generic errors.
    private Task RemoteFailure(FailureContext context)
    {
        context.HandleResponse();
        var message = Regex.Replace(context.Failure.Message, @"[^\u001F-\u007F]+", string.Empty);
        context.Response.Redirect("/Home/Error?message=" + message);
        return Task.FromResult(0);
    }

It turned out (in my case) that the real error had been:

Message contains error: 'unauthorized_client', error_description: 'AADSTS70001: Application '[GUID]' is not supported for this API version.

Answer 4 · 2017-07-28T18:30:15.000Z

AADSTS70001 The STS means you are hitting the Azure AD endpoint, not Azure AD B2C. Is that intended?

Answer 5 · 2020-05-11T11:32:00.000Z

Closing this issue as this sample is being archived and replaced by a newer ASP.NET Core 3.1 sample.
See Readme.md