How to fix "IDX20804: Unable to retrieve document from: '[PII is hidden]'" error in C#

Question

Trying to get an access token to use MS Graph in my WebApi. But keep getting this error,

[TaskCanceledException: A task was canceled.] System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +167 . .

[IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'.] Microsoft.IdentityModel.Protocols.d__8.MoveNext() +662 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 . . [InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'.] Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1586 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99

Tried all the fixes that i could find online.

I am using this repo as a reference for the auth part.

How can i fix this?

Answer 1

I got a similar error when creating a new Blazor App -> Blazor Server App with Individual User Accounts -> Connect to an existing user store in the cloud (Azure AD B2C).

IOException: IDX20807: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. HttpResponseMessage: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', HttpResponseMessage.Content: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)

Make sure domain is set to your Azure AD B2C domain and not the full App ID URI in appsettings.json. For example use <tenant-name>.onmicrosoft.com instead of <tenant-name>.onmicrosoft.com/api. Also look at AzureAdB2C -> Instance in appsettings.json. I had the value https://login.microsoftonline.com/tfp set here as default but it does not work, when I changed it to https://<tenant-name>.b2clogin.com/tfp/ everything started working.

Answer 2

Same here, I have read through the below with no success. My setup was working but then I am trying to load it up on a different machine and am encountering this problem.

Here is the stack trace, I got http status 400 and 404 for the two different applications I was running.

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
   HIDDEN LINE
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.FeaturePolicy.FeaturePolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.ReferrerPolicy.ReferrerPolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XContentTypeOptions.XContentTypeOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XXssProtection.XXssProtectionMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XFrameOptions.XFrameOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.Csp.CspMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
   HIDDEN LINE
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.FeaturePolicy.FeaturePolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.ReferrerPolicy.ReferrerPolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XContentTypeOptions.XContentTypeOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XXssProtection.XXssProtectionMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XFrameOptions.XFrameOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.Csp.CspMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Other articles that discuss this error.

https://github.com/IdentityServer/IdentityServer4/issues/2337

https://github.com/IdentityServer/IdentityServer4/issues/2672

https://github.com/okta/samples-aspnetcore/issues/10

https://github.com/IdentityServer/IdentityServer4/issues/2186

Solution: Turns out I did not have AzureAD configured in appsettings.json. I had forgot to set my User Secrets to configure AzureAD with valid credentials.

You will need to set the below credentials to your own for AzureAd.

{
  "AzureAd": {
    "TenantId": "SOMETHING.onmicrosoft.com",
    "ClientId": "SOMETHING",
    "ClientSecret": "SOMETHING"

  }
}