Troubleshooting 'Cookie Not Found...Correlation Failed' Issues in Azure AD B2C

02/11/2020

Troubleshooting 'Cookie Not Found...Correlation Failed' Issues in Azure AD B2C

If you ever find yourself running into this problem, chances are it's a much more simple fix than you think it is...

Title: "Troubleshooting 'Cookie Not Found...Correlation Failed' Issues in Azure AD B2C" Description: "If you ever find yourself running into this problem, chances are it's a much more simple fix than you think it is..." Published: 02/11/2020 Updated: 5/07/2020 Keywords: AspNetCore.Correlation.AzureADB2COpenID, cookies, Azure AD B2C, correlation failed, ticket expired Image: https://res.cloudinary.com/endpoint-systems/image/upload/c_scale,q_auto,w_596/v1581475634/eps/azure-ad-b2c.png Categories: - Azure AD B2C

TL;DR: Make sure you use your https://localhost:[port] path instead of https://127.0.0.1 . Yes, I'm serious.

I've been in the process of moving a web app that originally started as an ASP.NET Core 2.2 MVC app into an ASP.NET Core 3.1 Razor Pages app. While that transition deserves its own blog post about some of the nuances and challenges that come with Razor Pages (ultimately, the verdict is very good but not without some gotchas), the biggest challenge I've had has centered around getting my Azure AD B2C authentication to work.

I moved all of my B2C settings and Startup configuration methods as-is, upgraded my Microsoft.AspNetCore.Authentication.AzureADB2C.UI NuGet package (which I mostly use, but not completely) and went to work testing the authentication/onboarding process for site users, which I currently do manually because my B2C unit testing is quite lagging.

For my application, I created two SignUp/SignIn policies, one for each user role, which I have looking like this:

SignUp/SignIn

This is fed into a custom controller that assigns the appropriate policies that feed the appropriate group. Note that I am doing this mainly so I can evaluate which one they used after the fact, with its own logic for handling scenarios where they use both etc..

When I click on one of these to start the sign up/sign in process, I immediately get an error:

Generic development error

Looking into the back end (on Rider, in case the format looks funny) I see this:

Request starting HTTP/2 POST https://localhost:6701/signin-oidc application/x-www-form-urlencoded 652
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]
      '.AspNetCore.Correlation.AzureADB2COpenID.4qcyLqxMatuDNwk5sqHEJtuVCuJGH-plbyrBu5tHCpE' cookie not found.
info: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[4]
      Error from RemoteAuthentication: Correlation failed..
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished in 25.0402ms 302 
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/2 GET https://localhost:6701/AzureADB2C/Account/Error  
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[7]
      AzureADB2CCookie was not authenticated. Failure message: Ticket expired
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint '/Account/Error'
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[3]
      Route matched with {page = "/Account/Error", area = "AzureADB2C", action = "", controller = ""}. Executing page /Account/Error
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[101]
      Executing handler method Microsoft.AspNetCore.Authentication.AzureADB2C.UI.Internal.ErrorModel.OnGet - ModelState is Valid

Now if I click on the Sign Up/Sign In button again, I get to the B2C authentication page:

B2C authentication page

When I click on the Google button for sign in, I get prompted to select my account. And that's where I get stuck - it just keeps looping there. At least, that's what it did for several hours, until I realized what I was doing wrong.

I had been clicking on the https://127.0.0.1:6701 link to my site, instead of using https://localhost:6701 . When I stopped doing that, my problem literally went away.

I hope this helps somebody out there. I won't even tell you how long it took me to realize this was the issue, but I'll tell you it was quite some time.

Looking for help building or integrating your web application with Azure AD B2C? Contact us for a quote - not only is it free, but we can help you find what you're looking for at a better price than most consulting firms!