IdentityServer4 and .netcore WebApp/WebAPI cookie authentication/authorization












0














I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



Code sample in webapp:




services.AddAuthentication(options =>

   {

      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;

  })

  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>

        {

            o.Cookie.Name = Config.CookieName;

            o.Cookie.SameSite = SameSiteMode.None;

        })

  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>

        {

            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;



            options.Authority = Config.IdentityUrl;

            options.RequireHttpsMetadata = false;

            options.ClientId = Config.ClientId;

            options.SaveTokens = true;

        });



And Code sample used in WebAPI in configure service method ConfigureServices:



services.AddAuthentication(options =>

{

    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;

})

.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {

    o.Cookie.Name = Config.CookieName;

    o.Cookie.SameSite = SameSiteMode.None;

    o.Events = new CookieAuthenticationEvents()

    {

        OnRedirectToLogin = redirectContext =>

        {

            redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;

            return Task.CompletedTask;

        }

    };

})

.AddIdentityServerAuthentication(options =>

{

    options.Authority = Config.IdentityUrl;

    options.RequireHttpsMetadata = false;

    options.ApiName = Config.ApiName;

});


also I have app.UseAuthentication() method in Configure method



What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



I traced log it shows just following thing in there:



Cookie was not authenticated. Failure Message: Unprotect ticket failed.



Authentication Cookie was chanllenged.



Any help would be appreciated.






ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







share|improve this question



























    0














    I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



    When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



    Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



    Code sample in webapp:




    services.AddAuthentication(options =>
    
   {
    
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    
  })
    
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
    
        {
    
            o.Cookie.Name = Config.CookieName;
    
            o.Cookie.SameSite = SameSiteMode.None;
    
        })
    
  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
    
        {
    
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    

    
            options.Authority = Config.IdentityUrl;
    
            options.RequireHttpsMetadata = false;
    
            options.ClientId = Config.ClientId;
    
            options.SaveTokens = true;
    
        });



    And Code sample used in WebAPI in configure service method ConfigureServices:



    services.AddAuthentication(options =>
    
{
    
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
})
    
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
    
    o.Cookie.Name = Config.CookieName;
    
    o.Cookie.SameSite = SameSiteMode.None;
    
    o.Events = new CookieAuthenticationEvents()
    
    {
    
        OnRedirectToLogin = redirectContext =>
    
        {
    
            redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
    
            return Task.CompletedTask;
    
        }
    
    };
    
})
    
.AddIdentityServerAuthentication(options =>
    
{
    
    options.Authority = Config.IdentityUrl;
    
    options.RequireHttpsMetadata = false;
    
    options.ApiName = Config.ApiName;
    
});


    also I have app.UseAuthentication() method in Configure method



    What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



    I traced log it shows just following thing in there:



    Cookie was not authenticated. Failure Message: Unprotect ticket failed.



    Authentication Cookie was chanllenged.



    Any help would be appreciated.






    ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







    share|improve this question

























      0












      0








      0







      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
      
   {
      
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      
  })
      
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
      
        {
      
            o.Cookie.Name = Config.CookieName;
      
            o.Cookie.SameSite = SameSiteMode.None;
      
        })
      
  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
      
        {
      
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      

      
            options.Authority = Config.IdentityUrl;
      
            options.RequireHttpsMetadata = false;
      
            options.ClientId = Config.ClientId;
      
            options.SaveTokens = true;
      
        });



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>
      
{
      
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
})
      
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
      
    o.Cookie.Name = Config.CookieName;
      
    o.Cookie.SameSite = SameSiteMode.None;
      
    o.Events = new CookieAuthenticationEvents()
      
    {
      
        OnRedirectToLogin = redirectContext =>
      
        {
      
            redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
      
            return Task.CompletedTask;
      
        }
      
    };
      
})
      
.AddIdentityServerAuthentication(options =>
      
{
      
    options.Authority = Config.IdentityUrl;
      
    options.RequireHttpsMetadata = false;
      
    options.ApiName = Config.ApiName;
      
});


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.






      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







      share|improve this question













      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
      
   {
      
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      
  })
      
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
      
        {
      
            o.Cookie.Name = Config.CookieName;
      
            o.Cookie.SameSite = SameSiteMode.None;
      
        })
      
  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
      
        {
      
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      

      
            options.Authority = Config.IdentityUrl;
      
            options.RequireHttpsMetadata = false;
      
            options.ClientId = Config.ClientId;
      
            options.SaveTokens = true;
      
        });



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>
      
{
      
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
})
      
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
      
    o.Cookie.Name = Config.CookieName;
      
    o.Cookie.SameSite = SameSiteMode.None;
      
    o.Events = new CookieAuthenticationEvents()
      
    {
      
        OnRedirectToLogin = redirectContext =>
      
        {
      
            redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
      
            return Task.CompletedTask;
      
        }
      
    };
      
})
      
.AddIdentityServerAuthentication(options =>
      
{
      
    options.Authority = Config.IdentityUrl;
      
    options.RequireHttpsMetadata = false;
      
    options.ApiName = Config.ApiName;
      
});


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.






      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4




      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 10 at 14:17









      C For Code

      216




      216
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Here is the magical line of code.Added in




          ConfigureServices




          method before




          services.AddAuthentication




          This was reason because of which cookie was not getting validated.




          services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
          .SetApplicationName(Config.ApplicationName);







          share|improve this answer





















            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Here is the magical line of code.Added in




            ConfigureServices




            method before




            services.AddAuthentication




            This was reason because of which cookie was not getting validated.




            services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
            .SetApplicationName(Config.ApplicationName);







            share|improve this answer


























              0














              Here is the magical line of code.Added in




              ConfigureServices




              method before




              services.AddAuthentication




              This was reason because of which cookie was not getting validated.




              services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
              .SetApplicationName(Config.ApplicationName);







              share|improve this answer
























                0












                0








                0






                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);







                share|improve this answer












                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 10 at 15:04









                C For Code

                216




                216






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Schultheiß

                    Image
                    Der Titel dieses Artikels ist mehrdeutig. Weitere Bedeutungen sind unter Schultheiß (Begriffsklärung) aufgeführt. Ein Schultheiß. Holzschnitt von Peter Flötner (16. Jahrhundert) Der Schultheiß oder Schuldheiß (von althochdeutsch  sculdheizo ‚Leistung Befehlender‘, vgl. mittelniederdeutsch  schult(h)ēte , latinisiert (mittellat.) sculte(t)us , schwäbisch heute noch Schultes für „Bürgermeister“) bezeichnet einen in vielen westgermanischen Rechtsordnungen vorgesehenen Beamten, der Schuld heischt : Er hatte im Auftrag seines Herren (Landesherrn, Stadtherrn, Grundherrn) die Mitglieder einer Gemeinde zur Leistung ihrer Schuldigkeit anzuhalten, also Abgaben einzuziehen oder für das Beachten anderer Verpflichtungen Sorge zu tragen. Sprachliche Varianten des Schultheißen sind Schulte , Schultes oder Schulze . Früher wurde zwischen dem Stadtschulzen und dem Dorfschulzen unterschieden. In der städtischen Gerichts- und Gemeindeverfassung war er ein vom städtischen Rat oder vom L
                    Read more

                    Liste der Kulturdenkmale in Wilsdruff

                    Image
                    Wappen von Wilsdruff Die Liste der Kulturdenkmale in Wilsdruff enthält die Kulturdenkmale in Wilsdruff. Die Anmerkungen sind zu beachten. Diese Liste ist eine Teilliste der Liste der Kulturdenkmale im Landkreis Sächsische Schweiz-Osterzgebirge. Diese Liste ist eine Teilliste der Liste der Kulturdenkmale in Sachsen. Inhaltsverzeichnis 1 Legende 2 Wilsdruff 3 Birkenhain 4 Blankenstein 5 Braunsdorf 6 Grumbach 7 Grund 8 Helbigsdorf 9 Herzogswalde 10 Kaufbach 11 Kesselsdorf 12 Kleinopitz 13 Limbach 14 Mohorn 15 Oberhermsdorf 16 Anmerkungen 17 Ausführliche Denkmaltexte 18 Quellen 19 Weblinks Legende | Bild: zeigt ein Bild des Kulturdenkmals und gegebenenfalls einen Link zu weiteren Fotos des Kulturdenkmals Bezeichnung: Name, Bezeichnung oder die Art des Kulturdenkmals Lage: Straßenname und wenn vorhanden Hausnummer des Kulturdenkmals; Grundsortierung der Liste erfolgt nach dieser A
                    Read more

                    Android Play Services Check

                    Image
                    up vote 0 down vote favorite Im facing a problem currently im making my app to run on t.v its working fine on mobiles. but the issue is if i run my app on t.v emulator splash screen appears then the app crashes log shows this error. No acceptable module found. Local version is 0 and remote version is 0 i googled this error and came with a solution that my emulator should have latest google play services installed in it.. but in my t.v emulator there is no play store so i cant update my play services to latest version. so is there any way to make a check that if play services version is less then this so run the app instead of crashing, and if the play services version is latest also run the aap... here is my code where im getting the play services version.. int playServicesAvailable = GoogleApiAvailability.g
                    Read more