Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug][M] Interactive + System Browser fails if listening to localhost is forbidden - better error required

See original GitHub issue

Which Version of MSAL are you using ? Microsoft.Identity.Client 4.22.0

Platform netcore

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Auth
    • Username Password
    • Device code flow (browserless)
  • Web App
    • Authorization code
    • OBO
  • Daemon App
    • Service to Service calls

Other? - please describe;

Is this a new or existing app? Existing app that works on most machines, but fails on others

Repro No special code to reproduce as this appears to be a Windows configuration issue. When I called AcquireTokenInteractive(), everything worked on my development machine. However, I had an end user that it would not work for. He could authenticate using the software on my machine without issue, so I knew it was specific to his machine. He did have VS 2019 on his machine, so I began debugging and it would throw the exception below when AcquireTokenInteractive() was called.

System.Net.HttpListenerException (1214): The format of the specified network name is invalid.
   at System.Net.HttpListener.AddPrefixCore(String registeredPrefix)
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at Microsoft.Identity.Client.Platforms.Shared.DefaultOSBrowser.HttpListenerInterceptor.ListenToSingleRequestAndRespondAsync(Int32 port, Func`2 responseProducer, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.InterceptAuthorizationUriAsync(Uri authorizationUri, Uri redirectUri, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceInternalAsync(IWebUI webUi, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceVerifierAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

I ended up bringing in the source code for Microsoft.Identity.Client and discovered that I got the exception on this line “httpListener.Start();” of HttpListenerInterceptor.cs. I examined the url and it was valid at http://localhost:56874. I then came across this article on stackoverflow for that error message with an HttpListener. https://stackoverflow.com/questions/47969786/c-sharp-httplistener-the-format-of-the-specified-network-name-is-not-valid

Sure enough, when I ran “netsh http show iplisten”, 127.0.0.1 was not in the list. I then ran “netsh http add iplisten 127.0.0.1” and authentication immediately began working on this machine.

Expected behavior Authentication via AcquireTokenInteractive() should work on all machines or give a better error messages.

Actual behavior if netsh iplisten is not properly set up to listen on 127.0.0.1, the call to AcquireTokenInteractive() throws an HttpListenerException().

Possible Solution At the very least, please provide a better error message as this took me hours to figure out. I am not sure why some machines have this netsh enabled and others don’t. It might be helpful to have a method that checks if this is properly configured since AcquireTokenInteractive() depends on it.

Additional context/ Logs / Screenshots 11:13:19.755 MSAL_LOGGING Error True (True) MSAL 4.22.0.0 MSAL.NetCore Microsoft Windows 10.0.19042 [11/19/2020 16:13:19 - 847293f7-d6b6-434e-8830-fb5c67e105ad] System.Net.HttpListenerException (1214): The format of the specified network name is invalid. at System.Net.HttpListener.AddPrefixCore(String registeredPrefix) at System.Net.HttpListener.AddAllPrefixes() at System.Net.HttpListener.Start() at Microsoft.Identity.Client.Platforms.Shared.DefaultOSBrowser.HttpListenerInterceptor.ListenToSingleRequestAndRespondAsync(Int32 port, Func`2 responseProducer, CancellationToken cancellationToken) at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.InterceptAuthorizationUriAsync(Uri authorizationUri, Uri redirectUri, CancellationToken cancellationToken) at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceInternalAsync(IWebUI webUi, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceVerifierAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
Steve0212acommented, Nov 24, 2020

I think the error message approach is good - and also perhaps add a way to override the default value of localhost on the line below. That would give end users the ability to change it to 127.0.0.1 if needed…

string urlToListenTo = "http://localhost:" + port + "/";

0reactions
pmaytakcommented, Apr 22, 2021

This is included in MSAL 4.30.0 release.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Localhost WAMP Forbidden
1 Answer 1 · Changing the Listen 80 to Listen 8080 made the tray icon green, but I still do not have permission...
Read more >
How to Fix a 403 Forbidden Error on Your Site
The 403 Forbidden error indicates that the server understood the request but refuses to authorize it. Find out more about the causes and ......
Read more >
You don't have permission to access / on this server" Error
You may get a "Forbidden - You don't have permission to access / on this server" error on your browser after setting up...
Read more >
What Is the 403 Forbidden Error and How to Fix It (8 ...
You might encounter the 403 forbidden error when you visit an empty website directory or a specific page that has a permission error....
Read more >
Cloud Server Troubleshooting | Enterprise Architect User ...
Errors shown in Enterprise Architect System Output · Check the server name · Check the firewall settings on the client and server ·...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Bug] HoloLens 2 device code flow does not work

Next page

[Bug] ArgumentNullException / "A device attached to the system is not functioning" in RSACryptoServiceProvider under heavy load