Menu
With seting up asp.net core with AddOpenIdConnect it creates by defualt /signin-oidc page which works fine when accessed from opeind provider.
User is logged in and everything works fine.
Though user can still try to access mypage.com/signin-oidc directly and get as a result Correlation failed failed error.
How can I properly handle access to this page so that it still works for openid flow, but doesn't produce error (redirects) when accessed directly? (tried overwrite Route with HttpGet already)
EDIT
To elaborate, going to /signin-oidc is giving 500 status with base startup like
```
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = "test";
options.ClientSecret = Environment.GetEnvironmentVariable("ClientSecret");
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://test.net";
options.ResponseType = "code";
options.Scope.Add("openid");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = async ctx =>
{
var claims = new List<Claim>();
claims.Add(new Claim("jwt", ctx.SecurityToken.ToString()));
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
}
};
}).AddJwtBearer(options =>
{
options.Authority = "https://test.net";
options.Audience = "authorization.sample.api";
options.IncludeErrorDetails = true;
});
services.AddMvc();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Version = "v1",
Title = "Test API"
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(
Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "wwwroot")),
RequestPath = "/dist"
});
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.Use(async (context, next) =>
{
if (context.Request.Host.Host.ToLower() != "localhost")
context.Request.Scheme = "https";
await next.Invoke();
});
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=LandingPage}/{id?}");
routes.MapRoute("Spa", "{*url}", defaults: new { controller = "Home", action = "Index" });
});
var swaggerJsonEndpoint = "api-docs/{0}/swagger.json";
app.UseSwagger(so => so.RouteTemplate = string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "{documentName}"));
app.UseSwaggerUI(c =>
{
c.RoutePrefix = "api-docs";
c.SwaggerEndpoint("/" + string.Format(CultureInfo.InvariantCulture, swaggerJsonEndpoint, "v1"), "Test API v1");
c.OAuthClientId("admin.implicit");
});
}
```
916
This happened to me previously as well, and I think this is just an artefact of how the OpenId system works in ASP.NET Core. I believe there was a Github issue for this but I can't seem to find it ATM. I'll have a look around and post it if I can find it.
In any case, I was able to fix this by adding an event to the the OpenId options events that just redirects to "Home" on any remote failures:
options.Events = new OpenIdConnectEvents {
// Your events here
OnRemoteFailure = ctx => {
ctx.HandleResponse();
ctx.Response.Redirect("Home");
return Task.FromResult(0);
}
};
See if that works for you...
EDIT: This is the issue and comment with suggested fix for your reference https://github.com/IdentityServer/IdentityServer4/issues/720#issuecomment-368484827
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
