IdentityServer4 and .netcore WebApp/WebAPI cookie authentication/authorization
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
});
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = redirectContext =>
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
};
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
});
also I have app.UseAuthentication()
method in Configure
method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
add a comment |
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
});
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = redirectContext =>
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
};
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
});
also I have app.UseAuthentication()
method in Configure
method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
add a comment |
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
});
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = redirectContext =>
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
};
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
});
also I have app.UseAuthentication()
method in Configure
method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
});
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = redirectContext =>
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
};
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
});
also I have app.UseAuthentication()
method in Configure
method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
asked Nov 10 at 14:17
C For Code
216
216
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
add a comment |
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
add a comment |
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
216
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown