Could not load type when using connect-msolservice in an endpoint

I’m trying to set up a dashboard for some O365 data but when I use connect-msolservice from a New-UDInputField Endpoint block I get the following error:

Could not load type ‘System.IdentityModel.Tokens.JwtSecurityToken’ from assembly ‘System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’

I can connect using the credentials normally so i think this is because it’s via the dashboard, it is hosted via IIS 10, .net 4.7.2 is installed.

Any help appreciated but I’m stuck with this one.

Hi @Xinn
Welcom to the UD Forums!

Does the account have MFA enabled?
Could you possibly share the relevant code?

Hi BoSen29,

Code is below for the input field, just outputting some info to a HTML element atm which isn’t complete but you can see the attempt to connect.

No MFA on this account and the import-clixml and connect-msolservice steps work fine outside of the dashboard.

New-UDInputField -Type textbox -Name "UPN" -Placeholder 'Email Address'
    } -Endpoint {

        param($UPN)
        
        $Creds = Import-Clixml -Path 'E:\365Dashboard\PSOffice365Dashboard.Cred'

        Connect-MsolService -Credential $Cred

        $UserDetails = Get-MsolUser -UserPrincipalName $UPN
        #$UserMailboxDetails = Get-Mailbox -Identity $UPN
        #$UserCASMailboxDetails = Get-CASMailbox -Identity $UPN

        $HTML = @"
            <p>Display Name: $($UserDetails.DisplayName)</p>
            <p>User Principal Name: $($UserDetails.UserPrincipalName)</p>
            <p>Account Expiry: </p>
            <p>Password Expiry: </p>
            <p>Assigned Licences: $($UserDetails.Licenses.AccountSkuId -replace ":ENTERPRISEPACK", "Office 365 E3" ` -replace ":EMS", "Office 365 EMS")</p>
            <p>Mailbox Type: </p>
            <p>Mailbox Delegation: $()</p>
            <p>Mailbox Permissions: $()</p>
            <p>Last AD Login: $()</p>
            <p>Last O365 Login: $()</p>
            <p>MFA Status: $($UserDetails.StrongAuthenticationRequirements.State)</p>
            <p>OWA Status: $(if ($UserCASMailboxDetails.OWAEnabled -eq "True"){"Enabled"} Else {"Disabled"})</p>
            <p>Mobile Devices: $()</p>

"@
        Set-UDElement -Id "ELEMENT_USERDETAILS" -Content {New-UDHtml -Markup "$HTML"}
        
    }

This is likely a problem with the O365 module conflicting with the UD module. They both use the JWT assembly that is referenced in the error but one expects a different version that the one that is actually loaded. Are you importing the modules in a specific order at all?

I don’t explicitly import the MSOnline module as it loads when the command is first called (so after the UD module in this instance), I can try importing it explicitly before the UD module though. I’ll give that a try and see if it makes a difference.

Edit: Nope, same issue when importing MSOnline first.

Can you open a GitHub issue for this? I can take a peek at the MSOnline module to see if we can fix this in UD.

The PowerShell team is looking at streamlining how modules assembly loads like this work so hopefully in newer versions of PowerShell this will be handled automatically. Until then, I’ll have to sort out the versions between MSOnline and UD.

1 Like

Thanks Adam, I’ll log it via Github today or tomorrow.

Mapping related GitHub issue - https://github.com/ironmansoftware/universal-dashboard/issues/1356

So, quick update.
I really wanted to get this to work since my helpdesk is begging for an easier way to reset MFA settings for our users.
What I did to test this is remove the System.IdentityModel.Tokens.Jwt.dll from the net472 directory under IIS. The version that comes with UD is 5.5. I let the system use the version that comes with MSOnline, which is 5.2. I did not copy the file from the default location into net472.
So far its working fine. I can use Connect-MSOLService to get to Azure AD.
Keep in mind, that I’m not doing any API stuff, and I’m using only Windows authentication for access to the dashboard, so YMMV.

Hopefully this helps a few people.

V.

1 Like

Thanks for the information, I’ll give that a try. Hopefully this will get us back on track with this dashboard!

Sorry for brining up an older post. I’ve recently discovered universal dashboard (loving it btw) and I’m trying to build something with the MSOnline module.
I came across this post https://stackoverflow.com/a/59837228 with the following,

I managed to get this to work by updating the assembly binding to exclude the version of System.IdentityModel.Tokens.Jwt that the Connect-MsolService was using. This worked. My updated assembly binding is:

<dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="5.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
</dependentAssembly>

I don’t know much about assemblies, bindings, web anything really so this may not work or apply to UD but I was hoping someone more knowledgeable than me would see if something like this would work. Or maybe tell me where to add these lines to test.
I’m guessing they would go to the web.config file, just not sure what versions I would put in there.

My environment is Azure App Service, using AzureADAuth.

So this seeeemmmms to have work for me, I’m able to import the module manually, Connect-MsolService (I’m using a -ADGraphAccessToken and -MsGraphAccessToken to connect). Then run Get-MsolPartnerContract and store that in a Cached variable.

partnercontract

I don’t know if other cmdlets or features will have issues but it’s a start I guess.
This is what my web.config file looks like now, using MSOnline version 1.1.183.57.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="5.0.0.0-5.6.0.0" newVersion="5.5.0.60624" />
    </dependentAssembly>
</assemblyBinding>
 </runtime>
<!--
Configure your application settings in appsettings.json. Learn more at http://go.microsoft.com/fwlink/?LinkId=786380
-->
<system.webServer>
<security>
  <!-- <requestFiltering removeServerHeader ="true" /> -->
</security>
<handlers>
  <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="PowerShell.exe" arguments="-File dashboard.ps1" stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout" forwardWindowsAuthToken="false" />
<httpProtocol>
  <customHeaders>
    <remove name="X-Powered-By" />
  </customHeaders>
</httpProtocol>  
</system.webServer>