This project has moved. For the latest updates, please go here.

Help with a OpenIdConnectProtocolInvalidNonceException

Oct 31, 2014 at 3:13 PM
I am creating a website which uses Azure Active Directory Authentication Libraries as authentication provider. I followed this tutorial to establish a working situation in my development environment.

https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet

Everything was working well so far. I am able to authenticate using the tenants users. Because you have to be authenticated for all the pages, I use the [Authorize] attribute for all the controllers. I published the same app to a webserver using different settings in the web.config file. I azure I created 2 applications: 'Apps Test' and 'Apps'.

While the site is now running, multiple users are able log on using their own azure tenant credentials. Now after a while Some users are getting into a loop when they try to log on to the site. The webservers gives the following error in the event log:

Exception type: OpenIdConnectProtocolInvalidNonceException

Exception message: IDX10301: The 'nonce' found in the jwt token did not match the expected nonce.

When I restart the application pool and restart the site, the users are able to log on again. For a while...

I have no idea where to look. Do you know what the cause could be?
Coordinator
Oct 31, 2014 at 3:59 PM
This could be related to http://katanaproject.codeplex.com/workitem/344. Can the clients recover by clearing their own cookies?