Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Logs error about cache serialization even though one is provided?

See original GitHub issue

Logs and network traces 12:58 [Error] [] : False MSAL 4.37.0.0 MSAL.NetCore .NET 5.0.11 Microsoft Windows 10.0.19043 [11-04 11:58:00.33 - 9c02650f-5821-42a0-97c6-a8a7f269e513] The default token cache provided by MSAL is not designed to be performant when used in confidential client applications. Please use token cache serialization. See https://aka.ms/msal-net-cca-token-cache-serialization.

Which version of MSAL.NET are you using? MSAL 4.37.0.0 MSAL.NetCore .NET 5.0.11 Microsoft Windows 10.0.19043

Platform .NET Core 5

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Authentication
    • Username Password
    • Device code flow (browserless)
  • Web app
    • Authorization code
    • On-Behalf-Of
  • Daemon app
    • Service to Service calls

Other? We are using MSAL-angular to sign in to azure ad and the token is sent from the client to a web api endpoint that is protected by that. We are using msal for some endpoints and cookies for the rest.

Is this a new or existing app? c. This is a new app or experiment.

Repro

 var authBuilder = services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme);

            authBuilder.AddMicrosoftIdentityWebApi(Configuration)
                    .EnableTokenAcquisitionToCallDownstreamApi()
                        .AddMicrosoftGraph(Configuration.GetSection("DownstreamAPI"))
                        .AddInMemoryTokenCaches();

            authBuilder.AddCookie("Samla", options =>
            {
                options.Cookie.Name = "auth_cookie";
                options.Cookie.HttpOnly = true;
                options.Cookie.SameSite = SameSiteMode.None;
                options.SlidingExpiration = true;
                options.ExpireTimeSpan = TimeSpan.FromDays(14);
                options.Events = new CookieAuthenticationEvents
                {
                    OnRedirectToLogin = redirectContext =>
                    {
                        redirectContext.HttpContext.Response.StatusCode = 401;
                        return Task.CompletedTask;
                    },

                };
            });

Expected behavior No errors is expected in the log if we add .AddInMemoryTokenCaches()

Actual behavior Getting errors in the log saying that a cache serialization has not been provided

Additional context / logs / screenshots Add any other context about the problem here, such as logs and screenshots.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

4reactions
bgavrilMScommented, Nov 11, 2021

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs#L358

Having looked at this in more detail, it looks like we are logging this error in the correct place:

  • confidential client flows except client_credentials
  • if cache serialization is not enabled.

But the error message is not good:

It should say:

  • “Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web api, where the number of users can grow large. Production apps should use distributed caching. See https://aka.ms/msal-net-cca-token-cache-serialization”.

And as per feedback, this should be a warning, not an error.

3reactions
Abrissirbacommented, Nov 9, 2021

I would prefer to be aware of all potentiall errors in development and not being suprised by it when I go to production.

I am using 1.20.0 of Microsoft Identity Web

Read more comments on GitHub >

github_iconTop Results From Across the Web

Token Cache Troubleshooting · AzureAD/microsoft-identity ...
I configured a distributed (L2) cache but nothings gets written to it. This is most likely a configuration issue. When the L2 cache...
Read more >
laravel Unable to prepare route ... for serialization. Uses ...
When I clear caches in my Laravel 5.2 project, I see this error message: [LogicException] Unable to prepare route [panel] for serialization.
Read more >
Session Replication Failing With The Exception java.io. ...
Issue. The following error appears in the logs. What is the implication for session replication and how can it be resolved? Raw.
Read more >
Caching challenges and strategies
One is that the cached data will be inconsistent from server to server across its fleet, manifesting a cache coherence problem. If a...
Read more >
Handle errors and exceptions in MSAL.NET
Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL.NET.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

WwwAuthenticateParameters fails to create response from headers

Next page

[Feature Request] Expose the region or error used by MSAL