Identity Server 4 is not redirecting to Angular app after login2019 Community Moderator ElectionIdentity Server 4 and dockerIdentityserver implicit flow unauthorized_clientIdentityServer Hybrid Flow - Access Token is null after user successful loginIdentity Server to MVC client : Page Redirect After loginLogin with Steam OpenId(oidc-client-js)Identity Server 4+.NET Core 2.0 + IdentityIdentityServer4 post-login redirect not working in Edge browserCall to IdentityServer4 generates System.NullReferenceException: Object reference not set to an instance of an objectIdentityServer4 without HTTPS not workingHow to get Authorization code from identity server without login form
How to make healing in an exploration game interesting
What's the meaning of “spike” in the context of “adrenaline spike”?
Welcoming 2019 Pi day: How to draw the letter π?
Do I need life insurance if I can cover my own funeral costs?
What do Xenomorphs eat in the Alien series?
Python if-else code style for reduced code for rounding floats
My adviser wants to be the first author
Do I need to get involved in office politics to get ahead?
Why one should not leave fingerprints on bulbs and plugs?
How to change two letters closest to a string and one letter immediately after a string using notepad++
Why doesn't the EU now just force the UK to choose between referendum and no-deal?
How to deal with taxi scam when on vacation?
Recruiter wants very extensive technical details about all of my previous work
What is the least resource intensive way to generate the luatex font cache for a new font?
How Could an Airship Be Repaired Mid-Flight
Why did it take so long to abandon sail after steamships were demonstrated?
PTIJ: Who should I vote for? (21st Knesset Edition)
Do the common programs (for example: "ls", "cat") in Linux and BSD come from the same source code?
Gravity magic - How does it work?
Can I use USB data pins as power source
Error in Twin Prime Conjecture
how to write formula in word in latex
How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?
Bach's Toccata and Fugue in D minor breaks the "no parallel octaves" rule?
Identity Server 4 is not redirecting to Angular app after login
2019 Community Moderator ElectionIdentity Server 4 and dockerIdentityserver implicit flow unauthorized_clientIdentityServer Hybrid Flow - Access Token is null after user successful loginIdentity Server to MVC client : Page Redirect After loginLogin with Steam OpenId(oidc-client-js)Identity Server 4+.NET Core 2.0 + IdentityIdentityServer4 post-login redirect not working in Edge browserCall to IdentityServer4 generates System.NullReferenceException: Object reference not set to an instance of an objectIdentityServer4 without HTTPS not workingHow to get Authorization code from identity server without login form
strong texti am using 'oidc-client' in angular. following this tutorial
https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client
import UserManager, UserManagerSettings, User from 'oidc-client';
and my client settings looks like this
export function getClientSettings(): UserManagerSettings {
return
authority: 'https://localhost:44305/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile api1',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: false
// silent_redirect_uri: 'http://localhost:4200/silent-refresh.html',
//metadataUrl: 'http://localhost:44305/.well-known/openid-configuration'
;
in identity server i am using Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0
i am adding defaul identity like this
[assembly:
HostingStartup(typeof(WebApp.Areas.Identity.IdentityHostingStartup))]
namespace WebApp.Areas.Identity
public class IdentityHostingStartup: IHostingStartup
public void Configure(IWebHostBuilder builder)
builder.ConfigureServices((context, services) =>
services.AddDbContext < WebAppContext > (options =>
options.UseSqlite(
context.Configuration.GetConnectionString("WebAppContextConnection")));
services.AddDefaultIdentity < WebAppUser > ()
.AddEntityFrameworkStores < WebAppContext > ();
);
WebAppUser is derived from IdentityUser
the startup class looks like this.
public class Startup
private ILogger<DefaultCorsPolicyService> _logger;
private IHostingEnvironment _env;
public Startup(ILoggerFactory loggerFactory, IHostingEnvironment env)
_logger = loggerFactory.CreateLogger<DefaultCorsPolicyService>();
_env = env;
private static void SetupIdentityServer(IdentityServerOptions identityServerOptions)
identityServerOptions.UserInteraction.LoginUrl = new PathString("/Identity/Account/Login");
// identityServerOptions.Cors.CorsPolicyName = "CorsPolicy";
public void ConfigureServices(IServiceCollection services)
services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
builder
.WithOrigins("https://localhost:44305")
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
));
// services.AddMvc();
var cors = new DefaultCorsPolicyService(_logger)
AllowAll = true
;
var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "mycert.pfx"), "xxxxx");
services.AddIdentityServer(SetupIdentityServer)//SetupIdentityServer
.AddSigningCredential(cert)
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
// .AddTestUsers(TestUsers.Users)
.AddInMemoryIdentityResources(Config.GetIdentityResources());
services.AddSingleton<ICorsPolicyService>(cors);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
//loggerFactory.AddConsole();
app.UseDeveloperExceptionPage();
app.Map("/api", api =>
api.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
api.UseAuthentication();
api.Run(async context =>
var result = await context.AuthenticateAsync("api");
if (!result.Succeeded)
context.Response.StatusCode = 401;
return;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject("API Response!"));
);
);
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
//Run these PMC commands after this.
//Add - Migration CreateIdentitySchema
//Update - Database
in identity server 4 i have enabled https. So the problem is that from my Angular app if i try to use a protected url i am navigated to identity serves login page. Looks like it is authenticating properly against the user that is in database. but then it just refreshes the login page and does not redirects to the callback url.
here are some logs that might help
2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] Starting IdentityServer4 version 2.3 .2 .0
2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] You are using the in -memory version of the persisted grant store.This will store consent decisions, authorization codes, refresh and reference tokens in memory only.If you are using any of those features in production, you want to
switch to a different store implementation.
2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] Using the
default authentication scheme idsrv
for IdentityServer
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for authentication
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - in
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - out
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for challenge
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for forbid
2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS request made
for path: /.well-known/openid - configuration from origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll true, so origin: http: //localhost:4200 is allowed
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] CorsPolicyService allowed origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Url: /Identity/Account / Login
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Return Url Parameter: ReturnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Logout Url: /Account/Logout
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Consent Return Url Parameter: returnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Url: /home/error
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Id Parameter: errorId
2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.550 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.553 - 06: 00[DBG] Request path / .well - known / openid - configuration matched to endpoint type Discovery
2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint
for / .well - known / openid - configuration
2019 - 03 - 07 01: 19: 31.576 - 06: 00[DBG] Start discovery request
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[DBG] Request path / connect / authorize matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 31.893 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019 - 03 - 07 01: 19: 31.893 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint
for / connect / authorize
2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] Start authorize request
2019 - 03 - 07 01: 19: 31.919 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 31.945 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 31.983 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 32.099 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 32.126 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.155 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.628 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.517 - 06: 00[INF] AuthenticationScheme: Identity.Application signed in .
2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] User logged in .
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] Request path / connect / authorize / callback matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 41.529 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019 - 03 - 07 01: 19: 41.529 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
for / connect / authorize / callback
2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] Start authorize callback request
2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
sorry i tried to format the logs properly but didn't worked.
UPDATE
my server side config looks like this
public class Config
public static IEnumerable<ApiResource> GetApiResources()
return new List<ApiResource>
new ApiResource("api1", "My API")
;
public static IEnumerable<Client> GetClients()
return new List<Client>
new Client
ClientSecrets =
new Secret("superSecretPassword".Sha256())
,
ClientId = "angular_spa",
ClientName = "Angular 4 Client",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials , //implicit
AllowedScopes = new List<string> "openid", "profile", "userInfo", "api1" ,
//AllowedScopes = new List<string> StandardScopes.OpenId, StandardScopes.Profile, StandardScopes.Email ,
RedirectUris = new List<string> "http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html",
PostLogoutRedirectUris = new List<string> "http://localhost:4200/" ,
AllowedCorsOrigins = new List<string> "http://localhost:4200" ,
AllowAccessTokensViaBrowser = true,
Enabled = true,
AllowOfflineAccess = true
;
public static List<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile() // <-- usefull
;
my project structure looks like this
it doesn't have any controllers. Should it have ?
UPDATE 2
looks like i figured out whats wrong.
the returnUrl is not resolving properly on the POST method. it is coming as the complete url. if i force it to a proper return url it works
var redirect_uri = HttpUtility.ParseQueryString(returnUrl).Get("redirect_uri");
i did as above and used variable 'redirect_uri' in Redirect function. it works but it looks like a hack. should it automatically get the right thing ?
with this i get 'No state in response' error on angular side and oidc-client have no user after redirect.
UPDATE
looks like i am using some different nuget package.
HttpContext.SignInAsync has following constructors.
My HttpContext is seems to e defined in
Microsoft.AspNetCore.Mvc.RazorPages
looks like i have wrong Nugets or something. i am trying to supply a proper ClaimsPrincipal as well but not working.
angular authentication identityserver4 asp.net-identity-2 oidc-client-js asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
add a comment |
strong texti am using 'oidc-client' in angular. following this tutorial
https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client
import UserManager, UserManagerSettings, User from 'oidc-client';
and my client settings looks like this
export function getClientSettings(): UserManagerSettings {
return
authority: 'https://localhost:44305/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile api1',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: false
// silent_redirect_uri: 'http://localhost:4200/silent-refresh.html',
//metadataUrl: 'http://localhost:44305/.well-known/openid-configuration'
;
in identity server i am using Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0
i am adding defaul identity like this
[assembly:
HostingStartup(typeof(WebApp.Areas.Identity.IdentityHostingStartup))]
namespace WebApp.Areas.Identity
public class IdentityHostingStartup: IHostingStartup
public void Configure(IWebHostBuilder builder)
builder.ConfigureServices((context, services) =>
services.AddDbContext < WebAppContext > (options =>
options.UseSqlite(
context.Configuration.GetConnectionString("WebAppContextConnection")));
services.AddDefaultIdentity < WebAppUser > ()
.AddEntityFrameworkStores < WebAppContext > ();
);
WebAppUser is derived from IdentityUser
the startup class looks like this.
public class Startup
private ILogger<DefaultCorsPolicyService> _logger;
private IHostingEnvironment _env;
public Startup(ILoggerFactory loggerFactory, IHostingEnvironment env)
_logger = loggerFactory.CreateLogger<DefaultCorsPolicyService>();
_env = env;
private static void SetupIdentityServer(IdentityServerOptions identityServerOptions)
identityServerOptions.UserInteraction.LoginUrl = new PathString("/Identity/Account/Login");
// identityServerOptions.Cors.CorsPolicyName = "CorsPolicy";
public void ConfigureServices(IServiceCollection services)
services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
builder
.WithOrigins("https://localhost:44305")
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
));
// services.AddMvc();
var cors = new DefaultCorsPolicyService(_logger)
AllowAll = true
;
var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "mycert.pfx"), "xxxxx");
services.AddIdentityServer(SetupIdentityServer)//SetupIdentityServer
.AddSigningCredential(cert)
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
// .AddTestUsers(TestUsers.Users)
.AddInMemoryIdentityResources(Config.GetIdentityResources());
services.AddSingleton<ICorsPolicyService>(cors);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
//loggerFactory.AddConsole();
app.UseDeveloperExceptionPage();
app.Map("/api", api =>
api.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
api.UseAuthentication();
api.Run(async context =>
var result = await context.AuthenticateAsync("api");
if (!result.Succeeded)
context.Response.StatusCode = 401;
return;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject("API Response!"));
);
);
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
//Run these PMC commands after this.
//Add - Migration CreateIdentitySchema
//Update - Database
in identity server 4 i have enabled https. So the problem is that from my Angular app if i try to use a protected url i am navigated to identity serves login page. Looks like it is authenticating properly against the user that is in database. but then it just refreshes the login page and does not redirects to the callback url.
here are some logs that might help
2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] Starting IdentityServer4 version 2.3 .2 .0
2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] You are using the in -memory version of the persisted grant store.This will store consent decisions, authorization codes, refresh and reference tokens in memory only.If you are using any of those features in production, you want to
switch to a different store implementation.
2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] Using the
default authentication scheme idsrv
for IdentityServer
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for authentication
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - in
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - out
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for challenge
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for forbid
2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS request made
for path: /.well-known/openid - configuration from origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll true, so origin: http: //localhost:4200 is allowed
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] CorsPolicyService allowed origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Url: /Identity/Account / Login
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Return Url Parameter: ReturnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Logout Url: /Account/Logout
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Consent Return Url Parameter: returnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Url: /home/error
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Id Parameter: errorId
2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.550 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.553 - 06: 00[DBG] Request path / .well - known / openid - configuration matched to endpoint type Discovery
2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint
for / .well - known / openid - configuration
2019 - 03 - 07 01: 19: 31.576 - 06: 00[DBG] Start discovery request
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[DBG] Request path / connect / authorize matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 31.893 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019 - 03 - 07 01: 19: 31.893 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint
for / connect / authorize
2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] Start authorize request
2019 - 03 - 07 01: 19: 31.919 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 31.945 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 31.983 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 32.099 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 32.126 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.155 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.628 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.517 - 06: 00[INF] AuthenticationScheme: Identity.Application signed in .
2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] User logged in .
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] Request path / connect / authorize / callback matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 41.529 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019 - 03 - 07 01: 19: 41.529 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
for / connect / authorize / callback
2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] Start authorize callback request
2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
sorry i tried to format the logs properly but didn't worked.
UPDATE
my server side config looks like this
public class Config
public static IEnumerable<ApiResource> GetApiResources()
return new List<ApiResource>
new ApiResource("api1", "My API")
;
public static IEnumerable<Client> GetClients()
return new List<Client>
new Client
ClientSecrets =
new Secret("superSecretPassword".Sha256())
,
ClientId = "angular_spa",
ClientName = "Angular 4 Client",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials , //implicit
AllowedScopes = new List<string> "openid", "profile", "userInfo", "api1" ,
//AllowedScopes = new List<string> StandardScopes.OpenId, StandardScopes.Profile, StandardScopes.Email ,
RedirectUris = new List<string> "http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html",
PostLogoutRedirectUris = new List<string> "http://localhost:4200/" ,
AllowedCorsOrigins = new List<string> "http://localhost:4200" ,
AllowAccessTokensViaBrowser = true,
Enabled = true,
AllowOfflineAccess = true
;
public static List<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile() // <-- usefull
;
my project structure looks like this
it doesn't have any controllers. Should it have ?
UPDATE 2
looks like i figured out whats wrong.
the returnUrl is not resolving properly on the POST method. it is coming as the complete url. if i force it to a proper return url it works
var redirect_uri = HttpUtility.ParseQueryString(returnUrl).Get("redirect_uri");
i did as above and used variable 'redirect_uri' in Redirect function. it works but it looks like a hack. should it automatically get the right thing ?
with this i get 'No state in response' error on angular side and oidc-client have no user after redirect.
UPDATE
looks like i am using some different nuget package.
HttpContext.SignInAsync has following constructors.
My HttpContext is seems to e defined in
Microsoft.AspNetCore.Mvc.RazorPages
looks like i have wrong Nugets or something. i am trying to supply a proper ClaimsPrincipal as well but not working.
angular authentication identityserver4 asp.net-identity-2 oidc-client-js asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
Could you try setingAllowedGrantTypes = GrantTypes.ImplicitAndClientCredentialsto justAllowedGrantTypes = GrantTypes.Implicit?
– penleychan
Mar 7 at 15:53
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56
add a comment |
strong texti am using 'oidc-client' in angular. following this tutorial
https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client
import UserManager, UserManagerSettings, User from 'oidc-client';
and my client settings looks like this
export function getClientSettings(): UserManagerSettings {
return
authority: 'https://localhost:44305/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile api1',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: false
// silent_redirect_uri: 'http://localhost:4200/silent-refresh.html',
//metadataUrl: 'http://localhost:44305/.well-known/openid-configuration'
;
in identity server i am using Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0
i am adding defaul identity like this
[assembly:
HostingStartup(typeof(WebApp.Areas.Identity.IdentityHostingStartup))]
namespace WebApp.Areas.Identity
public class IdentityHostingStartup: IHostingStartup
public void Configure(IWebHostBuilder builder)
builder.ConfigureServices((context, services) =>
services.AddDbContext < WebAppContext > (options =>
options.UseSqlite(
context.Configuration.GetConnectionString("WebAppContextConnection")));
services.AddDefaultIdentity < WebAppUser > ()
.AddEntityFrameworkStores < WebAppContext > ();
);
WebAppUser is derived from IdentityUser
the startup class looks like this.
public class Startup
private ILogger<DefaultCorsPolicyService> _logger;
private IHostingEnvironment _env;
public Startup(ILoggerFactory loggerFactory, IHostingEnvironment env)
_logger = loggerFactory.CreateLogger<DefaultCorsPolicyService>();
_env = env;
private static void SetupIdentityServer(IdentityServerOptions identityServerOptions)
identityServerOptions.UserInteraction.LoginUrl = new PathString("/Identity/Account/Login");
// identityServerOptions.Cors.CorsPolicyName = "CorsPolicy";
public void ConfigureServices(IServiceCollection services)
services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
builder
.WithOrigins("https://localhost:44305")
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
));
// services.AddMvc();
var cors = new DefaultCorsPolicyService(_logger)
AllowAll = true
;
var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "mycert.pfx"), "xxxxx");
services.AddIdentityServer(SetupIdentityServer)//SetupIdentityServer
.AddSigningCredential(cert)
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
// .AddTestUsers(TestUsers.Users)
.AddInMemoryIdentityResources(Config.GetIdentityResources());
services.AddSingleton<ICorsPolicyService>(cors);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
//loggerFactory.AddConsole();
app.UseDeveloperExceptionPage();
app.Map("/api", api =>
api.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
api.UseAuthentication();
api.Run(async context =>
var result = await context.AuthenticateAsync("api");
if (!result.Succeeded)
context.Response.StatusCode = 401;
return;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject("API Response!"));
);
);
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
//Run these PMC commands after this.
//Add - Migration CreateIdentitySchema
//Update - Database
in identity server 4 i have enabled https. So the problem is that from my Angular app if i try to use a protected url i am navigated to identity serves login page. Looks like it is authenticating properly against the user that is in database. but then it just refreshes the login page and does not redirects to the callback url.
here are some logs that might help
2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] Starting IdentityServer4 version 2.3 .2 .0
2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] You are using the in -memory version of the persisted grant store.This will store consent decisions, authorization codes, refresh and reference tokens in memory only.If you are using any of those features in production, you want to
switch to a different store implementation.
2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] Using the
default authentication scheme idsrv
for IdentityServer
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for authentication
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - in
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - out
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for challenge
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for forbid
2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS request made
for path: /.well-known/openid - configuration from origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll true, so origin: http: //localhost:4200 is allowed
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] CorsPolicyService allowed origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Url: /Identity/Account / Login
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Return Url Parameter: ReturnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Logout Url: /Account/Logout
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Consent Return Url Parameter: returnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Url: /home/error
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Id Parameter: errorId
2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.550 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.553 - 06: 00[DBG] Request path / .well - known / openid - configuration matched to endpoint type Discovery
2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint
for / .well - known / openid - configuration
2019 - 03 - 07 01: 19: 31.576 - 06: 00[DBG] Start discovery request
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[DBG] Request path / connect / authorize matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 31.893 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019 - 03 - 07 01: 19: 31.893 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint
for / connect / authorize
2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] Start authorize request
2019 - 03 - 07 01: 19: 31.919 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 31.945 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 31.983 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 32.099 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 32.126 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.155 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.628 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.517 - 06: 00[INF] AuthenticationScheme: Identity.Application signed in .
2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] User logged in .
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] Request path / connect / authorize / callback matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 41.529 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019 - 03 - 07 01: 19: 41.529 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
for / connect / authorize / callback
2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] Start authorize callback request
2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
sorry i tried to format the logs properly but didn't worked.
UPDATE
my server side config looks like this
public class Config
public static IEnumerable<ApiResource> GetApiResources()
return new List<ApiResource>
new ApiResource("api1", "My API")
;
public static IEnumerable<Client> GetClients()
return new List<Client>
new Client
ClientSecrets =
new Secret("superSecretPassword".Sha256())
,
ClientId = "angular_spa",
ClientName = "Angular 4 Client",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials , //implicit
AllowedScopes = new List<string> "openid", "profile", "userInfo", "api1" ,
//AllowedScopes = new List<string> StandardScopes.OpenId, StandardScopes.Profile, StandardScopes.Email ,
RedirectUris = new List<string> "http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html",
PostLogoutRedirectUris = new List<string> "http://localhost:4200/" ,
AllowedCorsOrigins = new List<string> "http://localhost:4200" ,
AllowAccessTokensViaBrowser = true,
Enabled = true,
AllowOfflineAccess = true
;
public static List<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile() // <-- usefull
;
my project structure looks like this
it doesn't have any controllers. Should it have ?
UPDATE 2
looks like i figured out whats wrong.
the returnUrl is not resolving properly on the POST method. it is coming as the complete url. if i force it to a proper return url it works
var redirect_uri = HttpUtility.ParseQueryString(returnUrl).Get("redirect_uri");
i did as above and used variable 'redirect_uri' in Redirect function. it works but it looks like a hack. should it automatically get the right thing ?
with this i get 'No state in response' error on angular side and oidc-client have no user after redirect.
UPDATE
looks like i am using some different nuget package.
HttpContext.SignInAsync has following constructors.
My HttpContext is seems to e defined in
Microsoft.AspNetCore.Mvc.RazorPages
looks like i have wrong Nugets or something. i am trying to supply a proper ClaimsPrincipal as well but not working.
angular authentication identityserver4 asp.net-identity-2 oidc-client-js asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
strong texti am using 'oidc-client' in angular. following this tutorial
https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client
import UserManager, UserManagerSettings, User from 'oidc-client';
and my client settings looks like this
export function getClientSettings(): UserManagerSettings {
return
authority: 'https://localhost:44305/',
client_id: 'angular_spa',
redirect_uri: 'http://localhost:4200/auth-callback',
post_logout_redirect_uri: 'http://localhost:4200/',
response_type: 'id_token token',
scope: 'openid profile api1',
filterProtocolClaims: true,
loadUserInfo: true,
automaticSilentRenew: false
// silent_redirect_uri: 'http://localhost:4200/silent-refresh.html',
//metadataUrl: 'http://localhost:44305/.well-known/openid-configuration'
;
in identity server i am using Assembly Microsoft.AspNetCore.Identity.UI, Version=2.1.3.0
i am adding defaul identity like this
[assembly:
HostingStartup(typeof(WebApp.Areas.Identity.IdentityHostingStartup))]
namespace WebApp.Areas.Identity
public class IdentityHostingStartup: IHostingStartup
public void Configure(IWebHostBuilder builder)
builder.ConfigureServices((context, services) =>
services.AddDbContext < WebAppContext > (options =>
options.UseSqlite(
context.Configuration.GetConnectionString("WebAppContextConnection")));
services.AddDefaultIdentity < WebAppUser > ()
.AddEntityFrameworkStores < WebAppContext > ();
);
WebAppUser is derived from IdentityUser
the startup class looks like this.
public class Startup
private ILogger<DefaultCorsPolicyService> _logger;
private IHostingEnvironment _env;
public Startup(ILoggerFactory loggerFactory, IHostingEnvironment env)
_logger = loggerFactory.CreateLogger<DefaultCorsPolicyService>();
_env = env;
private static void SetupIdentityServer(IdentityServerOptions identityServerOptions)
identityServerOptions.UserInteraction.LoginUrl = new PathString("/Identity/Account/Login");
// identityServerOptions.Cors.CorsPolicyName = "CorsPolicy";
public void ConfigureServices(IServiceCollection services)
services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
builder
.WithOrigins("https://localhost:44305")
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
));
// services.AddMvc();
var cors = new DefaultCorsPolicyService(_logger)
AllowAll = true
;
var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "mycert.pfx"), "xxxxx");
services.AddIdentityServer(SetupIdentityServer)//SetupIdentityServer
.AddSigningCredential(cert)
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
// .AddTestUsers(TestUsers.Users)
.AddInMemoryIdentityResources(Config.GetIdentityResources());
services.AddSingleton<ICorsPolicyService>(cors);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
//loggerFactory.AddConsole();
app.UseDeveloperExceptionPage();
app.Map("/api", api =>
api.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
api.UseAuthentication();
api.Run(async context =>
var result = await context.AuthenticateAsync("api");
if (!result.Succeeded)
context.Response.StatusCode = 401;
return;
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(JsonConvert.SerializeObject("API Response!"));
);
);
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
//Run these PMC commands after this.
//Add - Migration CreateIdentitySchema
//Update - Database
in identity server 4 i have enabled https. So the problem is that from my Angular app if i try to use a protected url i am navigated to identity serves login page. Looks like it is authenticating properly against the user that is in database. but then it just refreshes the login page and does not redirects to the callback url.
here are some logs that might help
2019 - 03 - 07 01: 19: 30.553 - 06: 00[INF] Starting IdentityServer4 version 2.3 .2 .0
2019 - 03 - 07 01: 19: 30.632 - 06: 00[INF] You are using the in -memory version of the persisted grant store.This will store consent decisions, authorization codes, refresh and reference tokens in memory only.If you are using any of those features in production, you want to
switch to a different store implementation.
2019 - 03 - 07 01: 19: 30.643 - 06: 00[INF] Using the
default authentication scheme idsrv
for IdentityServer
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for authentication
2019 - 03 - 07 01: 19: 30.644 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - in
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using Identity.External as
default ASP.NET Core scheme
for sign - out
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for challenge
2019 - 03 - 07 01: 19: 30.645 - 06: 00[DBG] Using idsrv as
default ASP.NET Core scheme
for forbid
2019 - 03 - 07 01: 19: 31.463 - 06: 00[DBG] CORS request made
for path: /.well-known/openid - configuration from origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] AllowAll true, so origin: http: //localhost:4200 is allowed
2019 - 03 - 07 01: 19: 31.468 - 06: 00[DBG] CorsPolicyService allowed origin: http: //localhost:4200
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Url: /Identity/Account / Login
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Login Return Url Parameter: ReturnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Logout Url: /Account/Logout
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] ConsentUrl Url: /consent
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Consent Return Url Parameter: returnUrl
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Url: /home/error
2019 - 03 - 07 01: 19: 31.482 - 06: 00[DBG] Error Id Parameter: errorId
2019 - 03 - 07 01: 19: 31.497 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.550 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.553 - 06: 00[DBG] Request path / .well - known / openid - configuration matched to endpoint type Discovery
2019 - 03 - 07 01: 19: 31.569 - 06: 00[DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2019 - 03 - 07 01: 19: 31.569 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint
for / .well - known / openid - configuration
2019 - 03 - 07 01: 19: 31.576 - 06: 00[DBG] Start discovery request
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.885 - 06: 00[DBG] Request path / connect / authorize matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 31.893 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeEndpoint
2019 - 03 - 07 01: 19: 31.893 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint
for / connect / authorize
2019 - 03 - 07 01: 19: 31.904 - 06: 00[DBG] Start authorize request
2019 - 03 - 07 01: 19: 31.919 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 31.935 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 31.945 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 31.983 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 32.069 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 32.099 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 32.126 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 32.154 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.155 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 32.628 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 40.844 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.517 - 06: 00[INF] AuthenticationScheme: Identity.Application signed in .
2019 - 03 - 07 01: 19: 41.518 - 06: 00[INF] User logged in .
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.528 - 06: 00[DBG] Request path / connect / authorize / callback matched to endpoint type Authorize
2019 - 03 - 07 01: 19: 41.529 - 06: 00[DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
2019 - 03 - 07 01: 19: 41.529 - 06: 00[INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint
for / connect / authorize / callback
2019 - 03 - 07 01: 19: 41.535 - 06: 00[DBG] Start authorize callback request
2019 - 03 - 07 01: 19: 41.536 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] No user present in authorize request
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Start authorize request protocol validation
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] client configuration validation
for client angular_spa succeeded.
2019 - 03 - 07 01: 19: 41.541 - 06: 00[DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] ValidatedAuthorizeRequest
"ClientId": "angular_spa",
"ClientName": "Angular 4 Client",
"RedirectUri": "http://localhost:4200/auth-callback",
"AllowedRedirectUris": ["http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html"],
"SubjectId": "anonymous",
"ResponseType": "id_token token",
"ResponseMode": "fragment",
"GrantType": "implicit",
"RequestedScopes": "openid profile api1",
"State": "cd6df66e397546d3aab62533de28a2d2",
"UiLocales": null,
"Nonce": "8b3af6331d784e9a9cad076555f16174",
"AuthenticationContextReferenceClasses": null,
"DisplayMode": null,
"PromptMode": null,
"MaxAge": null,
"LoginHint": null,
"SessionId": null,
"Raw":
"client_id": "angular_spa",
"redirect_uri": "http://localhost:4200/auth-callback",
"response_type": "id_token token",
"scope": "openid profile api1",
"state": "cd6df66e397546d3aab62533de28a2d2",
"nonce": "8b3af6331d784e9a9cad076555f16174"
,
"$type": "AuthorizeRequestValidationLog"
2019 - 03 - 07 01: 19: 41.541 - 06: 00[INF] Showing login: User is not authenticated
2019 - 03 - 07 01: 19: 41.552 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] idsrv was not authenticated.Failure message: Unprotect ticket failed
2019 - 03 - 07 01: 19: 41.553 - 06: 00[INF] AuthenticationScheme: Identity.External signed out.
sorry i tried to format the logs properly but didn't worked.
UPDATE
my server side config looks like this
public class Config
public static IEnumerable<ApiResource> GetApiResources()
return new List<ApiResource>
new ApiResource("api1", "My API")
;
public static IEnumerable<Client> GetClients()
return new List<Client>
new Client
ClientSecrets =
new Secret("superSecretPassword".Sha256())
,
ClientId = "angular_spa",
ClientName = "Angular 4 Client",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials , //implicit
AllowedScopes = new List<string> "openid", "profile", "userInfo", "api1" ,
//AllowedScopes = new List<string> StandardScopes.OpenId, StandardScopes.Profile, StandardScopes.Email ,
RedirectUris = new List<string> "http://localhost:4200/auth-callback", "http://localhost:4200/silent-refresh.html",
PostLogoutRedirectUris = new List<string> "http://localhost:4200/" ,
AllowedCorsOrigins = new List<string> "http://localhost:4200" ,
AllowAccessTokensViaBrowser = true,
Enabled = true,
AllowOfflineAccess = true
;
public static List<IdentityResource> GetIdentityResources()
return new List<IdentityResource>
new IdentityResources.OpenId(),
new IdentityResources.Profile() // <-- usefull
;
my project structure looks like this
it doesn't have any controllers. Should it have ?
UPDATE 2
looks like i figured out whats wrong.
the returnUrl is not resolving properly on the POST method. it is coming as the complete url. if i force it to a proper return url it works
var redirect_uri = HttpUtility.ParseQueryString(returnUrl).Get("redirect_uri");
i did as above and used variable 'redirect_uri' in Redirect function. it works but it looks like a hack. should it automatically get the right thing ?
with this i get 'No state in response' error on angular side and oidc-client have no user after redirect.
UPDATE
looks like i am using some different nuget package.
HttpContext.SignInAsync has following constructors.
My HttpContext is seems to e defined in
Microsoft.AspNetCore.Mvc.RazorPages
looks like i have wrong Nugets or something. i am trying to supply a proper ClaimsPrincipal as well but not working.
angular authentication identityserver4 asp.net-identity-2 oidc-client-js angular authentication identityserver4 asp.net-identity-2 oidc-client-js asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
edited Mar 11 at 4:49
Raas Masood
asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
asked Mar 7 at 14:30
Raas MasoodRaas Masood
406424
406424
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
Could you try setingAllowedGrantTypes = GrantTypes.ImplicitAndClientCredentialsto justAllowedGrantTypes = GrantTypes.Implicit?
– penleychan
Mar 7 at 15:53
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56
add a comment |
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
Could you try setingAllowedGrantTypes = GrantTypes.ImplicitAndClientCredentialsto justAllowedGrantTypes = GrantTypes.Implicit?
– penleychan
Mar 7 at 15:53
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
Could you try seting
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials to just AllowedGrantTypes = GrantTypes.Implicit?– penleychan
Mar 7 at 15:53
Could you try seting
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials to just AllowedGrantTypes = GrantTypes.Implicit?– penleychan
Mar 7 at 15:53
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56
add a comment |
2 Answers
2
active
oldest
votes
I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri. Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different). You shouldn't need to change the returnUrl at all and can leave it the way it was.
The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication. The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. There are a lot of overloads for the SignInAsync, but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims). After doing this you should be able to finish the authentication.
answered Mar 10 at 13:55
Randy Randy
42027
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use theSignInAsyncextension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to callSignInAsyncwith the regular ASP.NET Core extension method for testing you can callnew ClaimsPrincipal(new ClaimsIdentity(claims))whereclaimsis your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into theSignInAsyncmethod
– Randy
Mar 11 at 23:57
add a comment |
Identity server configuration
Set RedirectUris to your angular application hosted url.
Angular application
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55046210%2fidentity-server-4-is-not-redirecting-to-angular-app-after-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri. Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different). You shouldn't need to change the returnUrl at all and can leave it the way it was.
The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication. The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. There are a lot of overloads for the SignInAsync, but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims). After doing this you should be able to finish the authentication.
answered Mar 10 at 13:55
Randy Randy
42027
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use theSignInAsyncextension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to callSignInAsyncwith the regular ASP.NET Core extension method for testing you can callnew ClaimsPrincipal(new ClaimsIdentity(claims))whereclaimsis your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into theSignInAsyncmethod
– Randy
Mar 11 at 23:57
add a comment |
I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri. Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different). You shouldn't need to change the returnUrl at all and can leave it the way it was.
The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication. The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. There are a lot of overloads for the SignInAsync, but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims). After doing this you should be able to finish the authentication.
answered Mar 10 at 13:55
Randy Randy
42027
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use theSignInAsyncextension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to callSignInAsyncwith the regular ASP.NET Core extension method for testing you can callnew ClaimsPrincipal(new ClaimsIdentity(claims))whereclaimsis your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into theSignInAsyncmethod
– Randy
Mar 11 at 23:57
add a comment |
I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri. Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different). You shouldn't need to change the returnUrl at all and can leave it the way it was.
The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication. The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. There are a lot of overloads for the SignInAsync, but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims). After doing this you should be able to finish the authentication.
answered Mar 10 at 13:55
Randy Randy
42027
I see there's a bit of confusion concerning the difference between the returnUrl and the redirect_uri. Although the end goal is a redirect to the client's redirect_uri, after authentication the client must actually redirect to the authorize endpoint for further processing (hence the reason why the url is different). You shouldn't need to change the returnUrl at all and can leave it the way it was.
The problem you're facing now is you're not calling HttpContext.SignInAsync after a successful authentication. The SignInAsync method is used to administer a cookie with the user's information that tells the endpoint at the returnUrl that the user was successfully authenticated, and it's okay to return a token to the redirect_uri. There are a lot of overloads for the SignInAsync, but the one I find easiest to use is HttpContext.SignInAsync(string subject, params Claim[] claims). After doing this you should be able to finish the authentication.
answered Mar 10 at 13:55
Randy Randy
42027
answered Mar 10 at 13:55
Randy Randy
42027
answered Mar 10 at 13:55
Randy Randy
42027
answered Mar 10 at 13:55
Randy Randy
42027
42027
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use theSignInAsyncextension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to callSignInAsyncwith the regular ASP.NET Core extension method for testing you can callnew ClaimsPrincipal(new ClaimsIdentity(claims))whereclaimsis your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into theSignInAsyncmethod
– Randy
Mar 11 at 23:57
add a comment |
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use theSignInAsyncextension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to callSignInAsyncwith the regular ASP.NET Core extension method for testing you can callnew ClaimsPrincipal(new ClaimsIdentity(claims))whereclaimsis your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into theSignInAsyncmethod
– Randy
Mar 11 at 23:57
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
Not at my machine right not but so eager to test this. This totally makes sense. Ill let you know in a but
– Raas Masood
Mar 10 at 21:37
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
please check the update. any idea how to supply a proper claims principal? also note that claims are coming out to be 0 because while registering it looks like i am not adding claims to users.
– Raas Masood
Mar 11 at 4:50
You should be able to use the
SignInAsync extension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to call SignInAsync with the regular ASP.NET Core extension method for testing you can call new ClaimsPrincipal(new ClaimsIdentity(claims)) where claims is your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into the SignInAsync method– Randy
Mar 11 at 23:57
You should be able to use the
SignInAsync extension method with the IdentityServer4 package installed (and the implementation for IdentityServer4 does a little more than the regular extension method). If you'd like to call SignInAsync with the regular ASP.NET Core extension method for testing you can call new ClaimsPrincipal(new ClaimsIdentity(claims)) where claims is your list of claims. As for the reason of why there's no claims belonging to the signed in user is all dependent on the claims that go into the SignInAsync method– Randy
Mar 11 at 23:57
add a comment |
Identity server configuration
Set RedirectUris to your angular application hosted url.
Angular application
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
add a comment |
Identity server configuration
Set RedirectUris to your angular application hosted url.
Angular application
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
add a comment |
Identity server configuration
Set RedirectUris to your angular application hosted url.
Angular application
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
Identity server configuration
Set RedirectUris to your angular application hosted url.
Angular application
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
answered Mar 12 at 10:25
Md. Mahfuzul IslamMd. Mahfuzul Islam
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55046210%2fidentity-server-4-is-not-redirecting-to-angular-app-after-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
hav you tried this 'localhost:4200/auth-callback#' as redirect url
– Fateh Mohamed
Mar 7 at 15:32
Could you try seting
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentialsto justAllowedGrantTypes = GrantTypes.Implicit?– penleychan
Mar 7 at 15:53
# at the end of url gives page not found error.
– Raas Masood
Mar 7 at 17:17
i also tried GrantTypes.Implicit not change
– Raas Masood
Mar 7 at 17:19
@penleychan and Fateh check the second update. it might help you to figureout whats wrong.
– Raas Masood
Mar 8 at 0:56