"ArgumentNull" response in Azure web app

[ggroves]

Describe the bug

We were asked to open this issue by Microsoft support. We have three identically configured Azure web apps (development, test, production). On development and production, calls to MS Graph fail.
The same code works on the test instance, and multiple development machines. We have verified that test is set up the same as development and production.

We originally logged an issue with MSAL (4989), but they said it would be a Graph issue since they have already created the token but Graph is not validating it.

Expected behavior

This is what is logged from the same call on localhost:
info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0]
MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers:
{
Accept: application/json
Authorization: Bearer ****
FeatureFlag: 00000003
Cache-Control: no-store, no-cache
User-Agent: kiota-dotnet/1.3.4
SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.22631.0; hostArch=X64; runtimeEnvironment=.NET 8.0.10;)
client-request-id: 5f1ff492-4dfc-4077-8a59-37804945e114
}
MSAL Response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Cache-Control: max-age=0, private
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
request-id: 3c5ddd01-1b4e-4dcb-8325-7727160e8aba
client-request-id: 5f1ff492-4dfc-4077-8a59-37804945e114
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US","Slice":"E","Ring":"4","ScaleUnit":"005","RoleInstance":"SJ1PEPF00001C68"}}
x-ms-resource-unit: 1
OData-Version: 4.0
Date: Wed, 06 Nov 2024 13:17:10 GMT
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
}

{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName)/$entity","companyName":"CP AHS VIRTUAL","department":"IT Clinical System Architectur","displayName":"Groves, Greg","employeeType":null,"givenName":"Greg","jobTitle":"IT-EMR Data Engineer Senior I","mail":"**@AdventHealth.com","officeLocation":"ALTAMONTE SPRINGS","userPrincipalName":"@multihosp.net","preferredName":""}

How to reproduce

private static readonly string[] UserProps = new string[] { "companyName", "department", "displayName", "employeeType",
"givenName", "jobTitle", "mail", "manager", "officeLocation", "preferredName", "userPrincipalName" };

...
_logger.LogDebug("[CallMicrosoftGraph] Calling Microsoft Graph...");
userInfo = await _graphServiceClient.Me
.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = UserProps;
});
}

As noted, this works locally and in one Azure web app instance, but not in two others.

SDK Version

Microsoft.Identity.Web.GraphServiceClient 3.31

Latest version known to work for scenario above?

Microsoft.Identity.Web.GraphServiceClient 3.31

Known Workarounds

No response

Debug output

Click to expand log

``` dbug: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] Calling Microsoft Graph... info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0] MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers: { Accept: application/json Authorization: Bearer FeatureFlag: 00000003 Cache-Control: no-store, no-cache User-Agent: kiota-dotnet/1.3.4 SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.20348.0; hostArch=X64; runtimeEnvironment=.NET 8.0.8;) client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d }

MSAL Response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
request-id: 5fd97559-d114-4ae3-b81b-9049ca68083c
client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"East US","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"BL02EPF0002E9D5"}}
WWW-Authenticate: Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000"
WWW-Authenticate: PoP realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000", nonce="****"
Date: Wed, 06 Nov 2024 16:35:40 GMT
Content-Type: application/json
}

{"error":{"code":"InvalidAuthenticationToken","message":"ArgumentNull","innerError":{"date":"2024-11-06T16:35:40","request-id":"5fd97559-d114-4ae3-b81b-9049ca68083c","client-request-id":"48a0999b-d24a-49ee-ae01-bb62021e097d"}}}
warn: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] MSGraph is unavailable - ArgumentNull

</details>


### Configuration

Packages: Microsoft.Identity.Web 3.3.1, Microsoft.Identity.Web.GraphServiceClient 3.31, Microsoft.Kiota.Authentication.Azure 1.14.0
.Net 8.0.10
Azure web app is Windows
Development machines are Windows 11

### Other information

I am not really sure this is a Graph library issue, but Microsoft Support asked us to log it here as apparently it will facilitate them working with you on it.

thanks for your help,
Greg Groves
AdventHealth