Invalid non-ASCII or control character in header: 0x000D exception
zemien opened this issue · 5 comments
Tested on: Visual Studio 2017 for Mac
The sample runs fine out of the box with the pre-configured settings. I can create accounts, call the API path, forget password, and sign out.
I then tried to configure my own app. The sign up page worked fine, my custom policy was picked up. However, I encounter the following exception when it tries to go back to http://localhost:5000/signin-oidc
System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x000D
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(StringValues headerValues)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameResponseHeaders.SetValueFast(String key, StringValues value)
at WebApp_OpenIDConnect_DotNet.OpenIdConnectOptionsSetup.OnRemoteFailure(FailureContext context) in /Users/zemien/Projects/active-directory-b2c-dotnetcore-webapp/WebApp-OpenIDConnect-DotNet/OpenIdConnectOptionsSetup.cs:line 76
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRemoteCallbackAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.<HandleRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRequestAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Session.SessionMiddleware.<Invoke>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Session.SessionMiddleware.<Invoke>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
Any advice? Thank you!
Some further testing: After the exception occurs, I tried navigating directly to http://localhost:5000/Session/EditProfile and it pops up with the Edit Profile page with my user details populated. I click Continue and I return to the app as the fully authenticated user. No exception.
This post indicates it may have to do with you calling an http url. Perhaps try the https version?
I had this exception - but it was masking the real error returned by the API.
I changed the error handling code to look like this, using some RegEx to strip out the non-displayable characters:
// Handle sign-in errors differently than generic errors.
private Task RemoteFailure(FailureContext context)
{
context.HandleResponse();
var message = Regex.Replace(context.Failure.Message, @"[^\u001F-\u007F]+", string.Empty);
context.Response.Redirect("/Home/Error?message=" + message);
return Task.FromResult(0);
}
It turned out (in my case) that the real error had been:
Message contains error: 'unauthorized_client', error_description: 'AADSTS70001: Application '[GUID]' is not supported for this API version.
AADSTS70001 The STS means you are hitting the Azure AD endpoint, not Azure AD B2C. Is that intended?
Closing this issue as this sample is being archived and replaced by a newer ASP.NET Core 3.1 sample.
See Readme.md