Tech Blog

Since 2004

Read Article

OpenIdConnect - Proxy Authentication Required


While working through setup and configuration of Identity Server 4, I came across this authentication proxy issue. Maybe this will help you out.

- April 9, 2020

Rest of the Story:

While setting up ASP.NET Core with OpenID Connect I am getting the following exception on the web server (hosting via IIS).

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://child.mydomain.com/Idp/.well-known/openid-configuration'. ---> 
System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://child.mydomain.com/Idp/.well-known/openid-configuration'. 
HttpResponseMessage: 'StatusCode: 407, ReasonPhrase: 'Proxy Authorization Required', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, 
Headers: { Proxy-Authenticate: NTLM Date: Wed, 08 Apr 2020 14:13:30 GMT Pragma: no-cache Cache-Control: no-cache Via: 1.1 ws5001.ch2m.com:8080 Proxy-Connection: keep-alive Content-Type: text/html; charset="UTF-8" Content-Length: 415 }', HttpResponseMessage.Content: 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>
    407 Proxy Authentication Required</title> </head><body> 
    Proxy Authentication Required 

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
</body></html>
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at
Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- 
End of inner exception stack trace --- at
Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler
.HandleChallengeAsyncInternal(AuthenticationProperties properties) at
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties) at
Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at
Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|(ExceptionHandlerMiddleware middleware, HttpContext context,

Solution

Adding the following (for now solved this issue)

.AddOpenIdConnect("oidc", options =>  { 
    options.BackchannelHttpHandler = new HttpClientHandler { 
    UseProxy = false, 
    UseDefaultCredentials = true 
 };

authentication netcore openid
Your connection is not private–Google Chrome GitHub Desktop ‘husky’ pre commit Exception