Assertion failed signature validation

Question

I am receiving the below error on code : var authResult = await authContext.AcquireTokenAsync(Url, appCred, new UserAssertion(accessToken));

Auth code

var clientID = ConfigurationManager.AppSettings["ClientID"];
                var clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
                var tenant = ConfigurationManager.AppSettings["Tenant"];

                var appCred = new ClientCredential(clientID, clientSecret);
                
                var authContext = new AuthenticationContext(
                    "https://login.microsoftonline.com/" + tenant);
                
var authResult = await authContext.AcquireTokenAsync(Url, appCred,
                    new UserAssertion(accessToken));

Error:

Assertion failed signature validation. [Reason - The provided signature value did not match the expected signature value., Thumbprint of key used by client: '', Found key 'Start=**'] Trace ID: 603df266-b9b4-4b27-8216-effc8b879a01 Correlation ID: 9a7990ea-41ae-47a0-97da-ceb7cb07ecf0 Timestamp: 2021-08-09 06:46:28Z at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.d__211.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.<GetResponseAsync>d__201.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.d__67.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.d__64.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenOnBehalfHandler.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.d__55.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d__50.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d__35.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at SpoWebApi.Controllers.AlbathaServicesController.d__13.MoveNext() in .ServicesController.cs:line 378 Microsoft.IdentityModel.Clients.ActiveDirectory

Are you trying any official sample if so please refer that as well — Md Farid Uddin Kiron
@MdFaridUddinKiron, no this is an existing code. The client secret in azure had expired. after creating new secret i am getting this error. — Riya
Could you please try getting token using post man with the same credentials, if you can get it then problem it would be proven that your credentials are fine, since your code seems alright so please test the token on postman first. — Md Farid Uddin Kiron

Md Farid Uddin Kiron Md Farid Uddin Kiron · Accepted Answer · 2021-08-09T10:01:37

I think your code has bit problem, for getting token you could try below way, which is missing within your code, first steps is to get token, but here new UserAssertion(accessToken)); you are passing token how are getting this?

Otherthan this, if this part is for getting token then this part should be like below:

        [HttpPost]
        public async Task<IActionResult> GetAccessToken()
        {
            // Approach 1
            AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/" + "Tenant");
            ClientCredential clientCredential = new ClientCredential("ClientId", "Secret");
            var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential); //Your Scope and App Credentials

            // Approach 2
            var clientID = "";
            var clientSecret = "";
            var tenant = "";

            var appCred = new ClientCredential(clientID, clientSecret);

            var authContext = new AuthenticationContext(
                "https://login.microsoftonline.com/" + tenant);

            var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", appCred);


            return Ok();
        }

As you can see I am getting the token as expected. You could refer to this official document here

Hope it would helps.

Assertion failed signature validation

1 Answers