How do I debug / track ADAL authentication?
I tried to use one of the Azure Active Directory examples that Microsoft has posted here: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
I was able to corrupt the audience value in the web.config for TodoListService and received a 401 Unauthorized response when calling the service.
The problem is, it took me too long to figure out what happened. Running it in the debugger did not generate any useful trace instructions in the output window. There were no events in the event viewer either.
Is it possible to include any config that would help me find it faster? Is there any middleware with logging or diagnostic capabilities that I could use to debug this?
I suppose I could grab the sources from GitHub and try to debug the problem, but this is hardly convenient. Is there something I am missing?
source to share
You can enable the logger using
Trace.Listeners.Add(new ConsoleTraceListener());
AdalTrace.LegacyTraceSwitch.Level = TraceLevel.Verbose;
Details here https://github.com/AzureAD/azure-activedirectory-library-for-dotnet#logs
source to share
In ADAL v3, you create a class that implements IAdalLogCallback:
public class AdalLoggerCallback : IAdalLogCallback
{
public void Log(LogLevel level, string message)
{
Console.Write(message);
}
}
Then set the Callback property of the static LoggerCallbackHandler object:
LoggerCallbackHandler.Callback = new AdalLoggerCallback();
source to share
While the accepted answer includes tracing for ADAL (client library), I ran into an issue where I needed tracing for OWIN authentication middleware.
My code was just getting authorization denied by my service when I inserted this middleware:
public void Configuration(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Audience = ConfigurationManager.AppSettings["Audience"],
Tenant = ConfigurationManager.AppSettings["Tenant"]
}
}
Enabling logging can be done by adding the following section to your project's web.config:
<configuration>
<system.diagnostics>
<switches>
<add name="Microsoft.Owin" value="Verbose" />
</switches>
</system.diagnostics>
</configuration>
The default output appears in the debug console window, but you can change this by adding trace listeners. I found a very informative article here .
It turned out that I had forgotten to turn off issuer checking for the multi-tenant service.
source to share