IdentityServer4 error when using WindowsAuthentication
I successfully followed the Deblokt tutorial on IdentityServer4 (https://deblokt.com/2020/01/24/01-identityserver4-quickstart-net-core-3-1/). This tutorial uses the IdentityServer4 QuickstartUI. Userid/password authentication using the AspNet Identity database is working.
I'm using the latest .Net Core (3.1), which differs slightly from the tutorial, but it is working.
Now I'm attempting to add Windows Authentication and hitting a runtime error. What befuddles me is that the error is occurring after the user is successfully authenticated by windows. I'm running locally on a Windows 10 machine inside Visual Studio 2019 in debug mode, using Google Chrome.
Per the IdentityServer4 documentation (https://identityserver4.readthedocs.io/en/latest/topics/windows.html#using-kestrel) I added this to my Startup.cs:
services.Configure<IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
I then right-clicked the project, chose "Properties", chose the "Debug" tab, and checked "Windows Authentication":
This makes the "Windows" button visible when I navigate to /Account/Login:
When the "Windows" button is clicked the postback is handled inside the ExternalController "Challenge" method, with "Windows" as the provider argument and "~/" for the returnUrl argument. Since the provider argument is "Windows" this method calls ProcessWindowsLoginAsync, passing the returnUrl argument.
The first time, ProcessWindowsLoginAsync calls HttpContext.AuthenticateAsync("Windows"), which returns a null Principal, which causes the method to re-call /External/Challenge("Windows"), which calls ProcessWindowsLoginAsync a second time, which in turn calls HttpContext.AuthenticateAsync("Windows"), and this 2nd call is successful--HttpContext.AuthenticateAsync returns a windows principal (which is me) and I can view it in the debugger and see that it has all of my particulars correct.
ProcessWindowsLoginAsync then makes this call:
await HttpContext.SignInAsync(
IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme,
new ClaimsPrincipal(id),
props
);
This executes without error. The "id" argument is a ClaimsIdentity with 2 claims pulled from my windows identity, Subject and Name.
At this point all appears to be well. The method ProcessWindowsLoginAsync ends with a Redirect to /External/Callback. This is where the error occurs. The method /External/Callback method contains this bit of code at the top, and is throwing the exception you see. For reasons unknown HttpContext.AuthenticateAsync is not succeeding.
var result = await HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
The "result" object has a "Succeeded" value of false and a "None" value of true, the other properties (Principal, Properties, and Ticket) are all null.
Any advice is appreciated.
The fix is to change this, on ExternalController.cs line 173:
await HttpContext.SignInAsync(
IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme,
new ClaimsPrincipal(id),
props);
To this:
await HttpContext.SignInAsync(
IdentityConstants.ExternalScheme,
new ClaimsPrincipal(id),
props);
This seems obvious in hindsight: AuthenticateAsync and SignInAsync should reference the same scheme.
After bumbling across the solution I notice that the IdentityServer4 github already has a closed bug report from March 2018, I don't know why this bug is still part of the Quickstart though: https://github.com/IdentityServer/IdentityServer4/issues/2166
- How to run stored procedures in Entity Framework Core?
- How do resolve this exception about an ambiguous constructor in ASP.NET Core?
- Unable to resolve service for type 'System.Net.Http.HttpClient'
- Why is Razor Pages the recommended approach to create a Web UI in Asp.net Core?
- Why is the parameter value in Razor Pages named page handler null?
- Pass Data From One Razor Page to Another Razor Page
- Publish to IIS, setting Environment Variable
- My ASP project can't access classes from a NuGet package I created
- How to add new record in a table with a value for primary key?
- How to prevent clients from overriding your service in C# using a public interface?
- How to indicate a method in a controller is not an action method?
- Does AJAX call reload my entire page in Razor Pages?
- How to submit an ASP.NET Core Razor Pages form without reloading the page
- Are you still supposed to use controllers when using Razor Pages?
- Font awesome icons not showing up in ASP.NET CORE MVC Project
- Asp.Net Core - simplest possible forms authentication
- Routing in ASP.NET Core MVC with controllers and views
- Login Page with ASP.NET Core (MVC)
- How can I use both UseDeveloperExceptionPage() and custom logging?
- How to get a server exception to display on a Razor Pages error page
- Adding Admins using Seed data Asp.net core
- Displaying an HTML error page in ASP.NET Core
- HTTP Error 500.19 - Internal Server Error (0x8007000d)
- How to resolve open generic service without registering type object?
- How can i see which code is setting my components parameter property
- Certificate based authentication failed with ERR_BAD_SSL_CLIENT_AUTH_CERT
- Get license information for all used NuGet packages in .NET Core outside of Visual Studio
- How to properly use Azure Function Build and Deploy in Azure DevOps with multiple projects
- Why blazor select/inputselect is not working in a new app?
- How to send multipart/form-data to ASP.NET Core Web API?