|
| 1 | +--- |
| 2 | +title: Troubleshoot ASP.NET OWIN and ASP.NET Core authentication sign-in failures |
| 3 | +description: Helps you expose hidden error messages that can guide you toward resolving ASP.NET OWIN and ASP.NET Core authentication sign-in failures with Microsoft Entra ID. |
| 4 | +ms.reviewer: willfid, v-weizhu |
| 5 | +ms.service: entra-id |
| 6 | +ms.date: 06/25/2025 |
| 7 | +ms.custom: sap:Developing or Registering apps with Microsoft identity platform |
| 8 | +--- |
| 9 | +# Troubleshoot ASP.NET OWIN and ASP.NET Core authentication sign-in failures with Microsoft Entra ID |
| 10 | + |
| 11 | +When you develop an ASP.NET Open Web Interface for .NET (OWIN) or ASP.NET Core Authentication web application and integrate it with Microsoft Entra ID, you encounter some issues during the sign-in process without any error messages or hint about what the problem might be. This article doesn't focus on direct solutions to sign-in failures but aims to help you expose hidden error messages that can guide you toward resolving the issue. |
| 12 | + |
| 13 | +> [!NOTE] |
| 14 | +> This article assumes you use your own code to perform the authentication to Microsoft Entra ID. If you use the Azure App Services or Azure Function Apps authentication and authorization feature, this article doesn't apply to your scenario. |
| 15 | +
|
| 16 | +## Symptoms |
| 17 | + |
| 18 | +You might see some common sign-in failure behaviors as follows: |
| 19 | + |
| 20 | +- Infinite loop between your web application and Microsoft Entra ID. |
| 21 | +- After signing into Microsoft Entra ID, you're redirected to your web application like it never signed in. |
| 22 | +- You land on your error page, but it doesn't provide useful error messages. |
| 23 | + |
| 24 | +## Expose hidden errors by using the OnAuthenticationFailed event |
| 25 | + |
| 26 | +To expose hidden errors during the sign-in process, use the `OnAuthenticationFailed` event. |
| 27 | + |
| 28 | +### For ASP.NET OWIN |
| 29 | + |
| 30 | +Ensure your code for handling the `AuthenticationFailed` event in the *Startup.Auth.cs* file follows a structure similar to the following: |
| 31 | + |
| 32 | +[ASPNET\_OWIN\_OnAuthenticationFailed.cs](https://gist.github.com/ms-willfid/813dd19091dfa8650895182cb45d5d1c) |
| 33 | + |
| 34 | +### For ASP.NET Core |
| 35 | + |
| 36 | +Ensure your code for handling the `AuthenticationFailed` event in the *Startup.cs* file follows a structure similar to the following: |
| 37 | + |
| 38 | +[ASPNETCore\_Auth\_OnAuthenticationFailed.cs](https://gist.github.com/ms-willfid/813dd19091dfa8650895182cb45d5d1c) |
| 39 | + |
| 40 | +You can modify this to send the error message to your logs or send it to a custom error page. At a minimum, the error message should be displayed in the browser's address bar. |
| 41 | + |
| 42 | +:::image type="content" source="media/asp-dot-net-owin-core-authentication-sign-in-failures/error-message-in-address-bar.png" alt-text="Screenshot that shows the error message in the browser address bar."::: |
| 43 | + |
| 44 | +If there's an infinite loop, the error message should be visible in the Fiddler capture. |
| 45 | + |
| 46 | +:::image type="content" source="media/asp-dot-net-owin-core-authentication-sign-in-failures/error-message-in-fiddler-capture.png" alt-text="Screenshot that shows the error message in the Fiddler capture."::: |
| 47 | + |
| 48 | +For more information about using Fiddler, see [Collect HTTPS traffic using Fiddler for Microsoft Entra ID apps](capture-https-traffic-fiddler-entra-id-app.md). |
| 49 | + |
| 50 | +## Microsoft Entra authentication and authorization error codes |
| 51 | + |
| 52 | +For a list of Microsoft Entra authentication and authorization errors, see [Microsoft Entra authentication and authorization error codes](/entra/identity-platform/reference-error-codes). |
0 commit comments