With seting up asp.net core with AddOpenIdConnect
it creates by defualt /signin-oidc
page which works fine when accessed from opeind provider.
User is logged in and everything works fine.
Though user can still try to access mypage.com/signin-oidc
directly and get as a result Correlation failed
failed error.
How can I properly handle access to this page so that it still works for openid flow, but doesn't produce error (redirects) when accessed directly? (tried overwrite Route with HttpGet already)
EDIT
To elaborate, going to /signin-oidc
is giving 500 status with base startup like
```
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = "test";
options.ClientSecret = Environment.GetEnvironmentVariable("ClientSecret");
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://test.net";
options.ResponseType = "code";
options.Scope.Add("openid");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async ctx =>
{
var claims = new List<Claim>();
claims.Add(new Claim("jwt", ctx.SecurityToken.ToString()));
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
}
};
}).AddJwtBearer(options =>
{
options.Authority = "https://test.net";
options.Audience = "authorization.sample.api";
options.IncludeErrorDetails = true;
});
services.AddMvc();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "Test API"
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(
Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "wwwroot")),
RequestPath = "/dist"
});
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.Use(async (context, next) =>
{
if (context.Request.Host.Host.ToLower() != "localhost")
context.Request.Scheme = "https";
await next.Invoke();
});
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=LandingPage}/{id?}");
routes.MapRoute("Spa", "{*url}", defaults: new { controller = "Home", action = "Index" });
});
var swaggerJsonEndpoint = "api-docs/{0}/swagger.json";
app.UseSwagger(so => so.RouteTemplate = string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "{documentName}"));
app.UseSwaggerUI(c =>
{
c.RoutePrefix = "api-docs";
c.SwaggerEndpoint("/" + string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "v1"), "Test API v1");
c.OAuthClientId("admin.implicit");
});
}
```
This happened to me previously as well, and I think this is just an artefact of how the OpenId system works in ASP.NET Core. I believe there was a Github issue for this but I can't seem to find it ATM. I'll have a look around and post it if I can find it.
In any case, I was able to fix this by adding an event to the the OpenId options events that just redirects to "Home" on any remote failures:
options.Events = new OpenIdConnectEvents {
// Your events here
OnRemoteFailure = ctx => {
ctx.HandleResponse();
ctx.Response.Redirect("Home");
return Task.FromResult(0);
}
};
See if that works for you...
EDIT: This is the issue and comment with suggested fix for your reference https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827