OpenIdConnect error. Tenant IDs may not be a blank GUID
I am trying to use OWIN Open ID Connect middleware to outsource authentication for my ASP.NET application to Azure Active Directory. The app successfully redirects to the Azure AD sign-in page when accessing a page that requires authorization. However, when logging into Azure AD, I encountered the following error:
AADSTS90002: The requested tenant ID '00000000-0000-0000-0000-000000000000' is not valid. Tenant IDs may not be a blank GUID.
Here's the challenge UseOpenIdConnectAuthentication
. The tenant who is included in the Authority's URL is f82d0e29-6018-43c6-b806-1f46a009ff4a. So why does Azure AD think that I am passing in an empty GUID for the tenant?
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "AzureAd",
Caption = "Office 365",
Scope = "openid email profile",
ClientId = "e34401b2-6a9f-4547-9229-f0d93a33b1a1",
Authority = "https://login.windows.net/f82d0e29-6018-43c6-b806-1f46a009ff4a/",
PostLogoutRedirectUri = "http://localhost:44333",
RedirectUri = "http://localhost:44333",
AuthenticationMode = AuthenticationMode.Passive,
SignInAsAuthenticationType = signInAsType
});
source to share
There might be a bug in AAD right now. Another thread also started around the same time as this one: Empty GUID error while using Azure AD consent flow - According to one comment, the AAD team knows and looks into it.
UPDATE:
See my version of this question for a complete diagnosis and solution:
Azure Active Directory passes empty GUID for tenantId with default template
source to share