We recently converted an application to use AzureAD for single sign on and discovered in our logs that we were seeing a number of Nonce related errors such as the one below.
We haven’t fully fleshed out this issue, but we were able to reproduce it with the following steps:
1) Browse to the site
2) Get redirected to the AzureAD SSO login page.
3) Wait 1 hour
4) Attempt to complete the login
Here is an article I found that discusses the same issue (with a slightly different error) along with some code for catching the exception and changing the nonce timeout.
The error we are getting:
Session state is not available in this context.
Error method: Void ValidateNonce(System.IdentityModel.Tokens.JwtSecurityToken, Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidationContext)
IDX10311: RequireNonce is ‘true’ (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.
Stack: at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.ValidateNonce(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)
at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.Validate(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext)
[BadImageFormatException: Could not load file or assembly ‘Interop.SHDocVw’ or one of its dependencies. An attempt was made to load a program with an incorrect format.]
If you are getting an exception like that, it could mean that your App Pool is not setup to work with 32 bit applications. Try enabling it:
1) Highlight the code you want formatted (Ctrl-A if you want it all)
2) Hit Alt+Shift+F
When trying to setup distributed transactions (MSDTC) there are essentially 2 things you need to do.
First, you need to enable connections by running Component Services MMC
Second you need to allow access through the firewall
But if you are doing this on a “client OS” like Windows 7, 8, or 10, trying to get your dev machine to talk to your SQL Server on the network for example, you might run into additional problems.
If you run the DTCPing ( https://www.microsoft.com/en-us/download/details.aspx?id=2868 ) MSDTC trouble shooting tool and you get “Access is denied”, like this:
Invoking RPC method on (compname)
Problem:fail to invoke remote RPC method
Error(0x5) at dtcping.cpp @303
–>RPC pinging exception
–>5(Access is denied.)
RPC test failed
To fix this issue follow these steps (https://blogs.msdn.microsoft.com/puneetgupta/2008/11/12/troubleshooting-msdtc-issues-with-the-dtcping-tool/)
- Click Start, click Run, type Regedit, and then click OK.
- Locate and then click the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
- On the Edit menu, point to New, and then click Key.
- Note If the RPC registry key already exists, go to step 5.
- Type RPC, and then press ENTER. Click RPC.
- On the Edit menu, point to New, and then click DWORD Value.
- Type RestrictRemoteClients, and then press ENTER.
- Click RestrictRemoteClients.
- On the Edit menu, click Modify.
- In the Value data box, type 0, and then click OK.
- Note To enable the RestrictRemoteClients setting, type1.
- Close Registry Editor and restart the computer.
Recently I’ve been working on an issue where a query was being blocked. In order to get the specifics on this it’s possible to use the Blocked progress report in the SQL Profiler.
To do this you need to first enable advanced options by running:
SP_CONFIGURE’show advanced options’,1 ;
After turning that one, you need to set the blocked process threshold. This is the number of seconds between checks to see if there is blocking going on.
SP_CONFIGURE’blocked process threshold’,10 ;
This will set it for 10 seconds. You could change it to something lower if you want. When you are done testing you should change it back to 0 (disabled).
After setting the threshold you need to reconfigure again:
Then pick the Blocked process report from SQL Profiler:
The possible values of the Mode value are:
If you are googling for this error:
“Procedure or function (name) expects parameter (@parameter) which was not supplied.”
and you are SURE that you are providing the parameter to your stored procedure call, remember that for this to work properly with ADO.NET you need to set the IDdCommand or SqlCommand CommandType to be CommandType.StoredProcedure.
I’m not sure of the reason, but I couldn’t find anyone else posting about this so I figured I’d put it out there incase another puzzled developer goes looking. In an application I’m working on (that happens to use Telerik radAjaxManager for this postback) I would consistently get this error, which as many will know is something you can get if you start adding controls to the tree in a page event that happens after Init, but I wasn’t adding any controls. Turns out that this error completely goes away if I disable my break points. Even if I’m still debugging, but my break points are disabled, I never see this error.
I don’t know what’s going on but maybe someone else will see this same post and know that they are not alone.