IdentityServer4 and .netcore WebApp/WebAPI cookie authentication/authorization
up vote
0
down vote
favorite
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
);
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
OnRedirectToLogin = redirectContext =>
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
;
)
.AddIdentityServerAuthentication(options =>
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
);
also I have app.UseAuthentication() method in Configure method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
asked Nov 10 at 14:17
C For Code
216
add a comment |
up vote
0
down vote
favorite
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
);
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
OnRedirectToLogin = redirectContext =>
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
;
)
.AddIdentityServerAuthentication(options =>
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
);
also I have app.UseAuthentication() method in Configure method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
asked Nov 10 at 14:17
C For Code
216
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
);
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
OnRedirectToLogin = redirectContext =>
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
;
)
.AddIdentityServerAuthentication(options =>
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
);
also I have app.UseAuthentication() method in Configure method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
asked Nov 10 at 14:17
C For Code
216
I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)
When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.
Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.
Code sample in webapp:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = Config.ClientId;
options.SaveTokens = true;
);
And Code sample used in WebAPI in configure service method ConfigureServices:
services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
o.Cookie.Name = Config.CookieName;
o.Cookie.SameSite = SameSiteMode.None;
o.Events = new CookieAuthenticationEvents()
OnRedirectToLogin = redirectContext =>
redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return Task.CompletedTask;
;
)
.AddIdentityServerAuthentication(options =>
options.Authority = Config.IdentityUrl;
options.RequireHttpsMetadata = false;
options.ApiName = Config.ApiName;
);
also I have app.UseAuthentication() method in Configure method
What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.
I traced log it shows just following thing in there:
Cookie was not authenticated. Failure Message: Unprotect ticket failed.
Authentication Cookie was chanllenged.
Any help would be appreciated.
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4
asked Nov 10 at 14:17
C For Code
216
asked Nov 10 at 14:17
C For Code
216
asked Nov 10 at 14:17
C For Code
216
asked Nov 10 at 14:17
C For Code
216
asked Nov 10 at 14:17
C For Code
216
216
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
add a comment |
up vote
0
down vote
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
add a comment |
up vote
0
down vote
up vote
0
down vote
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
Here is the magical line of code.Added in
ConfigureServices
method before
services.AddAuthentication
This was reason because of which cookie was not getting validated.
services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
.SetApplicationName(Config.ApplicationName);
answered Nov 10 at 15:04
C For Code
216
answered Nov 10 at 15:04
C For Code
216
answered Nov 10 at 15:04
C For Code
216
answered Nov 10 at 15:04
C For Code
216
216
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
