I was trying one of the Azure Active Directory samples Microsoft has published here: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
I managed to screw up the audience value in the web.config for the TodoListService and got a 401 Unauthorized response when calling the service.
The problem is, it took me way too long to figure out what was wrong. Running it in the debugger did not produce any helpful trace statements in the output window. There were also no events in the event viewer.
Is there any configuration I can turn on which would have helped my find this more quickly? Is there middleware with logging or diagnostic capabilities that I could use to debug this?
I suppose I could have grabbed the sources from GitHub and tried to debug the issue, but that is hardly convenient. Is there anything I'm missing?
You can enable logger using
Trace.Listeners.Add(new ConsoleTraceListener());
AdalTrace.LegacyTraceSwitch.Level = TraceLevel.Verbose;
Fulll details here https://github.com/AzureAD/azure-activedirectory-library-for-dotnet#logs
In ADAL v3, you create a class that implements IAdalLogCallback:
public class AdalLoggerCallback : IAdalLogCallback
{
public void Log(LogLevel level, string message)
{
Console.Write(message);
}
}
Then, set the Callback property of the static LoggerCallbackHandler object:
LoggerCallbackHandler.Callback = new AdalLoggerCallback();
While the accepted answer does turn on the tracing for ADAL (client library), I ran into an issue where I needed tracing enabled for OWIN authentication middleware.
My code was just getting an authorization denied from my service when inserting this middleware:
public void Configuration(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["Audience"],
Tenant = ConfigurationManager.AppSettings["Tenant"]
}
}
Turning on logging can be done by adding the following section to the web.config of your project:
<configuration>
<system.diagnostics>
<switches>
<add name="Microsoft.Owin" value="Verbose" />
</switches>
</system.diagnostics>
</configuration>
The output will by default appear in your debug console window, but you can change this by adding trace listeners. I found a very informative article here.
It turned out I forgot to turn off issuer validation for a multi-tenant service.
来源:https://stackoverflow.com/questions/27364887/how-to-debug-trace-adal-authentication