Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Inconsistent exceptions when signing the client assertion #4366

Closed
pmaytak opened this issue Oct 3, 2023 · 0 comments · Fixed by #4365
Closed

[Bug] Inconsistent exceptions when signing the client assertion #4366

pmaytak opened this issue Oct 3, 2023 · 0 comments · Fixed by #4365
Assignees
Labels
Milestone

Comments

@pmaytak
Copy link
Contributor

pmaytak commented Oct 3, 2023

Library version used

4.50.0

.NET version

NetFx, NET 6

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

None

Issue description and reproduction steps

A WindowsCryptographicException is thrown sometimes when an assertion is signed in the crypto manager. The error internally seems to come from the RSA key. Retrying the request doesn't usually help since the key seems to stay in the faulted state.

var signedData = rsa.SignData(Encoding.UTF8.GetBytes(message), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The RPC call contains a handle that differs from the declared handle type.
at System.Security.Cryptography.CngKey.get_KeySize()
at Internal.Cryptography.CngAlgorithmCore.GetOrGenerateKey(Int32 keySize, CngAlgorithm algorithm)
at System.Security.Cryptography.RSACng.get_Key()
at System.Security.Cryptography.RSACng.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at Microsoft.Identity.Client.PlatformsCommon.Shared.CommonCryptographyManager.SignWithCertificate(String message, X509Certificate2 certificate)
at Microsoft.Identity.Client.Internal.JsonWebToken.Sign(X509Certificate2 certificate, String base64EncodedThumbprint, Boolean sendX5C)
at Microsoft.Identity.Client.Internal.ClientCredential.CertificateAndClaimsClientCredential.AddConfidentialClientParametersAsync(OAuth2Client oAuth2Client, ILoggerAdapter logger, ICryptographyManager cryptographyManager, String clientId, String tokenEndpoint, Boolean sendX5C, CancellationToken cancellationToken)
at Microsoft.Identity.Client.OAuth2.TokenClient.AddBodyParamsAndHeadersAsync(IDictionary`2 additionalBodyParameters, String scopes, CancellationToken cancellationToken)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary`2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.FetchNewAccessTokenAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForClientParameters clientParameters, CancellationToken cancellationToken)
WindowsCryptographicException: The remote procedure call failed and did not execute
// same stack trace as above

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

  • Upgrade to newer .NET frameworks (seems to be more stable)
  • Restart the application.
@pmaytak pmaytak added this to the 4.57.0 milestone Oct 3, 2023
@pmaytak pmaytak self-assigned this Oct 3, 2023
@pmaytak pmaytak moved this from Triage to Waiting for Code Review in MSAL Customer Trust / QM Oct 3, 2023
@github-project-automation github-project-automation bot moved this from Waiting for Code Review to Fixed in MSAL Customer Trust / QM Oct 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

1 participant