Open Closed

OpenIdConnectAuthenticationHandler: message.State is null or empty #2930


User avatar
0
ldacnfinit created
  • ABP Framework version: v4.3.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:

--- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<

  • Steps to reproduce the issue:"
  1. conffiguration [ProjectName]HttpApiHostModule
  context.Services.AddAuthentication()
                .AddJwtBearer(options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                    options.Audience = "ProjectName";
                    options.BackchannelHttpHandler = new HttpClientHandler
                    {
                        ServerCertificateCustomValidationCallback =
                            HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                    };
                })
                .AddOpenIdConnect("xxx", "xxx", options =>
                {
                    options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                    options.SignOutScheme = IdentityServerConstants.SignoutScheme;
                    options.Authority = "https://xxx/";
                    options.CallbackPath = "/";
                    options.ClientSecret = configuration["MyIdAuthServer:ClientSecret"];
                    options.ClientId = configuration["MyIdAuthServer:ClientId"];
                    options.ResponseType = OpenIdConnectResponseType.Code;
                    options.BackchannelHttpHandler = new HttpClientHandler
                    {
                        ServerCertificateCustomValidationCallback =
                                   HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
                    };
                });
  1. configuration launchSetting.json
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "Project.HttpApi.Host": {
      "commandName": "Project",
      "launchBrowser": true,
      "launchUrl": "swagger",
      "applicationUrl": "https://localhost:44361",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
  1. run command
dotnet watch --project xxx run -c Debug --launch-profile=Project.HttpApi.Host

This exception don't affect normal use. when I visit https://localhost:44361/home or https://localhost:44361/swagger, the program don't throw this exception msg, so I guess this question is because I add OpenId authentication , I think set program default application URL to https://localhost:44361/home or https://localhost:44361/swagger ,this question can be solved, but after I add "launchUrl": "swagger" to launchSetting.json file, it don't work.

PS: when I remove options.CallbackPath = "/"; of OpenId authentication, this exception msg is don't throw too, but I can't remove this setting, because if I do that, OpenId authentication can't work.

So can you help me? thanks a lot!


3 Answer(s)
  • User Avatar
    1
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can try:

    options.CallbackPath = "/signin-oidc"

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Also, see: https://github.com/dotnet/aspnetcore/issues/8894#issuecomment-477718158

    Its doesn't work like you think it does. Authentication Handlers run on every request, regardless of the path. The handler decides if it needs to intervene based on, among other things, the path.

    For example; RemoteAuthenticationHandler (which OIDC uses) does it inside ShouldHandleEvent()

    This default implementation looks at the Options for the handler, which contains a CallbackPath property, then compares the inbound request path against that value. The base implementation of HandleRequestAsync() calls this function right at the start to see if it needs to run. There's no registration or anything of that ilk.

  • User Avatar
    0
    ldacnfinit created

    I think I know the use of callback option in integration OIDC authentication, It's solved, thanks a lot.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38