identityserver4.samples's People
Forkers
summerv5 karimgarza billpieper karthik25 virajs maxouthi cyberguycn ravivishnubhotla joenicotra-kehe sfoster84 yaronfa wellygee bulletsoft siimv msprada beduardo gustavofonsecadealmeida jewijaya dineshgadeidentityserver4.samples's Issues
Indefinite loop after login in IdentityServer AAD Sample
I've run the sample and experienced indefinite loop after login when using Chrome
According to Fiddler, POST http://localhost:5002/signin-oidc redirects to http://localhost:5002/Home/Secure,
but GET http://localhost:5002/Home/Secure redirects back to
http://localhost:5000/connect/authorize?client_id=mvc&redirect_uri=http%3A%2F%2Flocalhost%3A5002%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636272129147865486.MjZhM2MyMjctMzMyNy00YTA0LThmNmUtODNmN2YxNGM4ZjFlNjQwZDU4YTEtMDk4My00NzZkLTgyZGItMzdkOThkYWQzMGEy&state=CfDJ8D1klo7iHCpKkjerDgZTfv9n27wPkGBFzN6T6e9aOGmDW95rnL7_ojCOHDgDUJrdd26Fp3FYqf2xnRm1woexd4CgM6ZqgG3CybWq_5i7MsRMy2W5SXRYCqYA1jzdVYXy5R5YSuAt_37mcOwsmhk64v5dZlHcvWSOvpe2tEcr9h5a3DR4WSnRrHP80RkRQibhbOrMmqtwhMF6rym0g1xcRAP1SqT8q8xBtom2tS98_eiDDeUXhHT-mAzffHTROT4cP3gNLu958RdrNqCnRnq5gcQOvCUOU9X2ss20ClCff9hDH6xgjEPOR3A-Zj__WjSQsfQXvXJQkPb8oSLciYI-k8Cp--YlSmoER06OdBlJ_SiRzA5FGSjhulUF3dtcR0ozIw
When I opened http://localhost:5002/ in Firefox, after login it successfully ended up on http://localhost:5002/Home/Secure
Debug output includes hundreds of repeated messages:
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware:Information: AuthenticationScheme: Cookies signed in.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 245.2494ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5002/Home/Secure
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: .
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Warning: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware:Information: AuthenticationScheme: oidc was challenged.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 15.2312ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:5002/signin-oidc application/x-www-form-urlencoded 1818
Fiddler logs are attached IdSrv4_AADSample_InvdefiniteLoop.zip
I am not sure is the issue specific to AAD or in general to IdentityServer4, but I prefer to resolve, find workaround or at least understand the cause before implementing IdentityServer4 in production code.
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); breaking the sign in
I just replaced this UseCookieAuthentication
with UseJwtBearerAuthentication
:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseJwtBearerAuthentication(new JwtBearerOptions()
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme,
Authority = ientityServerUrl,
Audience = ientityServerUrl,
AutomaticAuthenticate = true,
AutomaticChallenge = true,
RequireHttpsMetadata = false,
TokenValidationParameters = new TokenValidationParameters()
{
ClockSkew = TimeSpan.Zero,
NameClaimType = ClaimTypes.Name,
RoleClaimType = ClaimTypes.Role
},
});
This way it just redirected me back from Azure to Login page. But discovered if I comment JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
it is working.
However exactly same configuration is working well in case of google login.
Any thoughts why DefaultInboundClaimTypeMap.Clear();
is breaking Azure login?
What is JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();
is actually doing described here:
https://leastprivilege.com/2016/08/21/why-does-my-authorize-attribute-not-work/
Custom claims
Thank you for the example!
How would I Configure custom claims using AD authentication?
Side-by-side I'm also using the Asp.Net identity authentication, and it would be nice to map AD users to entries in the database. Ideally, I should merge AD validation with information from the database.
.NET Core 2.0?
This sample is obsolete now.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.