My app is an MVC that integrates with Openiddict, and I also wanted to add some APIs. The problem is that when I try to send a request from a client, the authenticated client is not recognized. To resolve this issue, I changed the "Authorize" attribute to:
[Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]
After that, requests from MVC pages to APIs are not allowed.
How to fix it? And is there a way to fix this issue without changing the "Authorize" attribute?
Specification:
asp.net core .NET5, Openiddict 3
Console Log(request from an MVC Page to an API with special Authorize attribute):
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/2 GET https://localhost:5001/api/MyApitest - -
dbug: OpenIddict.Server.OpenIddictServerDispatcher[0]
The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferEndpointType.
dbug: OpenIddict.Server.OpenIddictServerDispatcher[0]
The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferIssuerFromHost.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+InferIssuerFromHost.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateToken.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateToken.
dbug: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[9]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was not authenticated.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHostChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+AttachDefaultChallengeError.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=3.1.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=3.1.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=3.1.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The response was successfully returned as a challenge response: {
"error": "missing_token",
"error_description": "The security token is missing.",
"error_uri": "https://documentation.openiddict.com/errors/ID2000"
}.
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=3.1.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
dbug: OpenIddict.Validation.OpenIddictValidationDispatcher[0]
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext was marked as handled by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ProcessChallengeErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+ProcessChallengeContext, OpenIddict.Validation, Version=3.1.1.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
info: OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler[12]
AuthenticationScheme: OpenIddict.Validation.AspNetCore was challenged.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished HTTP/2 GET https://localhost:5001/api/MyApitest - - - 401 0 - 133.4335ms
If you are using Authentication with Asp.Net Core Identity on your API controller and also want to use openiddict for OAuth authentication, You can use both authentication schemes e.g.
[Authorize(AuthenticationSchemes = "Identity.Application," + OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]