Error IDX21323 - RequireNonce is '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.] RRS feed

  • Question

  • Hello, 
    We ’re having some problems with a WebApp hosted in Azure.
    When the users attempt to log in, the error 'IDX21323: RequireNonce' is displayed.
    Looking for the error on the internet, one of the solutions point out that it could be the 'katana bug # 197'.
    According to the searches, We just had to add the Kentor.OwinCookieSaver package and change the 'Startup.Auth.cs' by adding 'app.UseKentorOwinCookieSaver ();' before the cookie settings.
    The Kentor version. OwinCookieSaver is the '1.1.1'
    We set the code for 'Startup.Auth.cs' as follows:

                app.UseCookieAuthentication(new CookieAuthenticationOptions());
                    new OpenIdConnectAuthenticationOptions
                        ClientId = clientId,
                        Authority = Authority,
                        PostLogoutRedirectUri = postLogoutRedirectUri,
                        //UseTokenLifetime = false,

                        Notifications = new OpenIdConnectAuthenticationNotifications()
                            // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                            AuthorizationCodeReceived = (context) =>
                                var code = context.Code;
                                ClientCredential credential = new ClientCredential(clientId, appKey);
                                string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                                AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
                                AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                                code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);

                                return Task.FromResult(0);
                            AuthenticationFailed = (context) =>
                                if (context.Exception.Message.StartsWith("OICE_20004") || context.Exception.Message.Contains("IDX10311"))
                                    return Task.FromResult(0);
                                return Task.FromResult(0);

    But the problem still occurs, can you help us?

    Monday, September 24, 2018 6:47 PM

All replies

  • Hi Vanessa,

    Where you able to solve this issue? We are experiencing the same situation. Any help is appreciated!



    • Proposed as answer by thomasnss51 Wednesday, December 5, 2018 10:46 PM
    • Unproposed as answer by thomasnss51 Wednesday, December 5, 2018 10:47 PM
    Tuesday, December 4, 2018 6:51 PM

  • It encountered with me as well. I think it's bug called "Katana bug #197".

    The workaround for this is a nuget package called Kentor.OwinCookieSaver.

    After installing the nuget package add app.UseKentorOwinCookieSaver(); if not already there, before app.UseCookieAuthentication(cookieOptions);.

    For more info, checkout the Kentor.OwinCookieSaver repo on GitHub.

    It resolved my issue.

    Arvind Gehlot

    • Edited by Arvindt Friday, May 3, 2019 5:33 AM format
    Friday, May 3, 2019 5:32 AM