IdentityServer4 and .netcore WebApp/WebAPI cookie authentication/authorization












0














I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



Code sample in webapp:




services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
{
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
});



And Code sample used in WebAPI in configure service method ConfigureServices:



services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
{
OnRedirectToLogin = redirectContext =>
{
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
}
};
})
.AddIdentityServerAuthentication(options =>
{
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
});


also I have app.UseAuthentication() method in Configure method



What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



I traced log it shows just following thing in there:



Cookie was not authenticated. Failure Message: Unprotect ticket failed.



Authentication Cookie was chanllenged.



Any help would be appreciated.










share|improve this question



























    0














    I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



    When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



    Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



    Code sample in webapp:




    services.AddAuthentication(options =>
    {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    })
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
    {
    o.Cookie.Name = Config.CookieName;
    o.Cookie.SameSite = SameSiteMode.None;
    })
    .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
    {
    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    options.Authority = Config.IdentityUrl;
    options.RequireHttpsMetadata = false;
    options.ClientId = Config.ClientId;
    options.SaveTokens = true;
    });



    And Code sample used in WebAPI in configure service method ConfigureServices:



    services.AddAuthentication(options =>
    {
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    })
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
    o.Cookie.Name = Config.CookieName;
    o.Cookie.SameSite = SameSiteMode.None;
    o.Events = new CookieAuthenticationEvents()
    {
    OnRedirectToLogin = redirectContext =>
    {
    redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
    return Task.CompletedTask;
    }
    };
    })
    .AddIdentityServerAuthentication(options =>
    {
    options.Authority = Config.IdentityUrl;
    options.RequireHttpsMetadata = false;
    options.ApiName = Config.ApiName;
    });


    also I have app.UseAuthentication() method in Configure method



    What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



    I traced log it shows just following thing in there:



    Cookie was not authenticated. Failure Message: Unprotect ticket failed.



    Authentication Cookie was chanllenged.



    Any help would be appreciated.










    share|improve this question

























      0












      0








      0







      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
      {
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      })
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
      {
      o.Cookie.Name = Config.CookieName;
      o.Cookie.SameSite = SameSiteMode.None;
      })
      .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
      {
      options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

      options.Authority = Config.IdentityUrl;
      options.RequireHttpsMetadata = false;
      options.ClientId = Config.ClientId;
      options.SaveTokens = true;
      });



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>
      {
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      })
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
      o.Cookie.Name = Config.CookieName;
      o.Cookie.SameSite = SameSiteMode.None;
      o.Events = new CookieAuthenticationEvents()
      {
      OnRedirectToLogin = redirectContext =>
      {
      redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
      return Task.CompletedTask;
      }
      };
      })
      .AddIdentityServerAuthentication(options =>
      {
      options.Authority = Config.IdentityUrl;
      options.RequireHttpsMetadata = false;
      options.ApiName = Config.ApiName;
      });


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.










      share|improve this question













      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
      {
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      })
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
      {
      o.Cookie.Name = Config.CookieName;
      o.Cookie.SameSite = SameSiteMode.None;
      })
      .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
      {
      options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

      options.Authority = Config.IdentityUrl;
      options.RequireHttpsMetadata = false;
      options.ClientId = Config.ClientId;
      options.SaveTokens = true;
      });



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>
      {
      options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      })
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => {
      o.Cookie.Name = Config.CookieName;
      o.Cookie.SameSite = SameSiteMode.None;
      o.Events = new CookieAuthenticationEvents()
      {
      OnRedirectToLogin = redirectContext =>
      {
      redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
      return Task.CompletedTask;
      }
      };
      })
      .AddIdentityServerAuthentication(options =>
      {
      options.Authority = Config.IdentityUrl;
      options.RequireHttpsMetadata = false;
      options.ApiName = Config.ApiName;
      });


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.







      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 10 at 14:17









      C For Code

      216




      216
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Here is the magical line of code.Added in




          ConfigureServices




          method before




          services.AddAuthentication




          This was reason because of which cookie was not getting validated.




          services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
          .SetApplicationName(Config.ApplicationName);







          share|improve this answer





















            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Here is the magical line of code.Added in




            ConfigureServices




            method before




            services.AddAuthentication




            This was reason because of which cookie was not getting validated.




            services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
            .SetApplicationName(Config.ApplicationName);







            share|improve this answer


























              0














              Here is the magical line of code.Added in




              ConfigureServices




              method before




              services.AddAuthentication




              This was reason because of which cookie was not getting validated.




              services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
              .SetApplicationName(Config.ApplicationName);







              share|improve this answer
























                0












                0








                0






                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);







                share|improve this answer












                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 10 at 15:04









                C For Code

                216




                216






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Schultheiß

                    Verwaltungsgliederung Dänemarks

                    Liste der Kulturdenkmale in Wilsdruff