GraphServiceClient proxy is ignored #421
Comments
ghost
added
the
|
Can you double check what version of Microsoft.Graph.Core was pulled in ? We released a patch of Microsoft.Graph.Core to 1.14.1 today that had a fix for folks who use a custom HttpProvider. |
|
@darrelmiller I explicitly set the version of Microsoft.Graph.Core and still have the same issue. <PackageReference Include="Microsoft.Graph" Version="1.14.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="1.14.1" /> |
|
@gguillen can you verify if the blocked outbound requests hitting your firewall are to login.microsoftonline.com or graph.microsoft.com? |
|
@pwombwa I see denied requests to TCP 23.100.32.136(443) and TCP 23.100.32.138(443) across tests performed 3 minutes apart. |
|
@pwombwa I'll check with another firewall admin in the morning and report back more detailed information. |
|
@gguillen Looks like your authentication requests are not being chanelled to your proxy and you'll need to configure it to Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL) as well. ADAL 4.5 (which you are refrencing) seems to be having an issue with setting a proxy, but they have a fix for it in ADAL 5.0.1-preview. In ADAL 5.0.1-preview, you can pass your httpClientHandler (with proxy setup) as such: // Implement ADAL's IHttpClientFactory
public class MyClientFactory: Microsoft.IdentityModel.Clients.ActiveDirectory.IHttpClientFactory
{
private HttpClient httpClient;
public MyClientFactory(HttpClientHandler httpClientHandler)
{
httpClient = new HttpClient(httpClientHandler);
}
public HttpClient GetHttpClient()
{
return httpClient;
}
}
// Configure your proxy
var httpClientHandler = new HttpClientHandler
{
Proxy = new WebProxy("http://myproxy.mydomain.tld:3128"),
UseDefaultCredentials = true
};
var httpProvider = new HttpProvider(httpClientHandler, false);
var client = new GraphServiceClient(new DelegateAuthenticationProvider(async requestMessage =>
{
// Pass your proxy to ADAL
var authenticationContext = new AuthenticationContext("myauthority", false, null, new MyClientFactory(httpClientHandler));
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com/", clientAssertionCertificate);
// Append the access token to the request
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
}), httpProvider); |
|
@pwombwa That worked! That makes sense because we previously had another chunk of code that did a WebRequest.DefaultWebProxy assignment that must have covered both its function and also indirectly the ADAL authentication and our Graph API requests. Thanks! |
|
@gguillen Great! We are also working on an authentication providers library for Microsoft Graph - Microsoft.Graph.Auth - that will simplify authentication when using our SDKs and handle such kind of issues. |
When creating a new GraphServiceClient in .NET Core 2.2, passing in an HttpProvider that has the HttpClientHandler Proxy property set is not honored for requests. This previously performed as expected in our ASP.NET Core netcoreapp2.1 API, but fails when upgraded to netcoreapp2.2.
Expected behavior
When creating a GraphServiceClient by passing in a HttpProvider composed of a HttpClientHandler with a proxy set, the proxy will be used for requests to resources.
Actual behavior
An OperationCanceledException is thrown when the default request timeout elapses. Troubleshooting with our infrastructure team shows that our requests are hitting our outbound firewall and are being blocked. Our proxy admins do not see any logged connections to the proxy. I have tested the exact same proxy configuration by creating a simple netcoreapp2.2 console application and running it on the server to verify the proxy configuration using an HttpClient - it works. Then I created a File->New ASP.NET netcoreapp2.2 project, also testing the proxy settings using HttpClient - it works. Add the Graph Client with the same proxy settings, the Graph API requests time out.
Steps to recreate the issue
Create a vanilla ASP.NET Core 2.2 API. Add the following nuget packages:
Create a test controller with the following code and execute the controller method with a browser:
Steps to reproduce the behavior
"dotnet publish" with SDK 2.2.104
Run the controller method.
The text was updated successfully, but these errors were encountered: