IDA code works perfect on local but not on server

Question

IDA code works perfect on local but not on server

Suchita jain 0

Hello Team,

we have written a code for linking our asp.net application through ad account by OpenIdConnect .

This works perfectly on local environment but while deploying on server it throws task canceled error .

A task was canceled.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Threading.Tasks.TaskCanceledException: A task was canceled.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below

with stack trace -

[IOException: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com/xxxxxxxxxxxxxxxxx/.well-known/openid-configuration'.]

Microsoft.IdentityModel.Protocols.

AgaveJoe 30,206 Reputation points

2025-02-18T14:13:54.4733333+00:00

Seem like the host can't reach login.microsoftonline.com. Remote into the server and verify you can reach login.microsoftonline.com. It could also be a proxy blocking access.

1 answer

Your answer

AgaveJoe 30,206 Reputation points

2025-02-18T14:13:54.4733333+00:00

Seem like the host can't reach login.microsoftonline.com. Remote into the server and verify you can reach login.microsoftonline.com. It could also be a proxy blocking access.

Answer 1

Hi Suchita Jain,

From what I've seen, the error indicated that the OpenID Connect middleware couldn't download the OpenID configuration document from Microsoft's discovery endpoint (/.well-known/openid-configuration).

This may happen because:

Network connectivity issues (firewall, proxy, no internet access)
Timeout - the request took too long to complete
DNS resolution problems
SSL/TLS certificate validation failures

Since the task is cancelled, I suspect it means either:

Timeout - The HTTP request exceeded the allowed time limit
Network blocking - Outbound connections to Microsoft endpoints are restricted
Cancellation token - The operation was explicitly cancelled due to application shutdown or timeout

Here's how you can troubleshoot this issue:

Network and Firewall Issues

Outbound Connection Restrictions: Your server likely can't reach https://login.microsoftonline.com. Check if:

The server has internet access
Corporate firewall is blocking outbound HTTPS connections
Network security policies restrict access to Microsoft endpoints

Solution: Whitelist these Microsoft endpoints in your firewall:

*.login.microsoftonline.com
*.windows.net
*.microsoftonline.com

Timeout Configuration

The default timeout might be too short for your server environment.

Solution: Increase the timeout in your OpenID Connect configuration:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddOpenIdConnect(options =>
    {
        // Your existing configuration
        options.Authority = "https://login.microsoftonline.com/{tenant-id}";
        options.ClientId = "your-client-id";
        
        // Add timeout configuration
        options.BackchannelTimeout = TimeSpan.FromSeconds(60);
        options.BackchannelHttpHandler = new HttpClientHandler()
        {
            ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true // Only for testing
        };
    });

SSL/TLS Certificate Issues

Server environments often have stricter certificate validation.

Solution: Configure HttpClient to handle certificates properly:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddOpenIdConnect(options =>
    {
        // Your configuration
        options.BackchannelHttpHandler = new HttpClientHandler()
        {
            ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator // Only for testing
        };
    });

Proxy Configuration

If your server uses a proxy:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddOpenIdConnect(options =>
    {
        var handler = new HttpClientHandler();
        handler.Proxy = new WebProxy("your-proxy-address:port");
        handler.UseProxy = true;
        
        options.BackchannelHttpHandler = handler;
    });

DNS Resolution Issues

Solution: Try using IP addresses temporarily or check DNS resolution:

nslookup login.microsoftonline.com

Async Configuration Issue

Ensure your Startup.cs doesn't have blocking async calls:

// Avoid this pattern
public void ConfigureServices(IServiceCollection services)
{
    // Don't use .Result or .Wait() in startup
    services.AddAuthentication()...
}

Danny Nguyen (WICLOUD CORPORATION) 725 Reputation points Microsoft External Staff

2025-07-21T09:00:54.8333333+00:00

Hi, was wondering if this works out for you
Danny Nguyen (WICLOUD CORPORATION) 725 Reputation points Microsoft External Staff

2025-08-12T03:11:08.0233333+00:00

Just checking in — I haven’t heard back from you for a while,

I hope everything works out as you expected. I understand things can get busy or priorities may shift. If you’re still experiencing the issue or need further support, feel free to jump back in at any time — I will always be here and happy to help.

Wishing you all the best with your work!

Share via

IDA code works perfect on local but not on server

1 answer

Your answer