I am creating a website which uses Azure Active Directory Authentication Libraries as authentication provider. I followed this tutorial to establish a working situation in my development environment.
Everything was working well so far. I am able to authenticate using the tenants users. Because you have to be authenticated for all the pages, I use the [Authorize] attribute for all the controllers. I published the same app to a webserver using different settings
in the web.config file. I azure I created 2 applications: 'Apps Test' and 'Apps'.
While the site is now running, multiple users are able log on using their own azure tenant credentials. Now after a while Some users are getting into a loop when they try to log on to the site. The webservers gives the following error in the event log:
Exception type: OpenIdConnectProtocolInvalidNonceException
Exception message: IDX10301: The 'nonce' found in the jwt token did not match the expected nonce.
When I restart the application pool and restart the site, the users are able to log on again. For a while...
I have no idea where to look. Do you know what the cause could be?