IdentityServer4 and .netcore WebApp/WebAPI cookie authentication/authorization









up vote
0
down vote

favorite












I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



Code sample in webapp:




services.AddAuthentication(options =>
 
 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
 options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
 )
 .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
 
 o.Cookie.Name = Config.CookieName;
 o.Cookie.SameSite = SameSiteMode.None;
 )
 .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
 
 options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

 options.Authority = Config.IdentityUrl;
 options.RequireHttpsMetadata = false;
 options.ClientId = Config.ClientId;
 options.SaveTokens = true;
 );



And Code sample used in WebAPI in configure service method ConfigureServices:



services.AddAuthentication(options =>

 options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
)
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => 
 o.Cookie.Name = Config.CookieName;
 o.Cookie.SameSite = SameSiteMode.None;
 o.Events = new CookieAuthenticationEvents()
 
 OnRedirectToLogin = redirectContext =>
 
 redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
 return Task.CompletedTask;
 
 ;
)
.AddIdentityServerAuthentication(options =>

 options.Authority = Config.IdentityUrl;
 options.RequireHttpsMetadata = false;
 options.ApiName = Config.ApiName;
);


also I have app.UseAuthentication() method in Configure method



What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



I traced log it shows just following thing in there:



Cookie was not authenticated. Failure Message: Unprotect ticket failed.



Authentication Cookie was chanllenged.



Any help would be appreciated.






ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







share|improve this question

























    up vote
    0
    down vote

    favorite












    I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



    When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



    Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



    Code sample in webapp:




    services.AddAuthentication(options =>
     
     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
     )
     .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
     
     o.Cookie.Name = Config.CookieName;
     o.Cookie.SameSite = SameSiteMode.None;
     )
     .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
     
     options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

     options.Authority = Config.IdentityUrl;
     options.RequireHttpsMetadata = false;
     options.ClientId = Config.ClientId;
     options.SaveTokens = true;
     );



    And Code sample used in WebAPI in configure service method ConfigureServices:



    services.AddAuthentication(options =>

     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    )
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => 
     o.Cookie.Name = Config.CookieName;
     o.Cookie.SameSite = SameSiteMode.None;
     o.Events = new CookieAuthenticationEvents()
     
     OnRedirectToLogin = redirectContext =>
     
     redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
     return Task.CompletedTask;
     
     ;
    )
    .AddIdentityServerAuthentication(options =>

     options.Authority = Config.IdentityUrl;
     options.RequireHttpsMetadata = false;
     options.ApiName = Config.ApiName;
    );


    also I have app.UseAuthentication() method in Configure method



    What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



    I traced log it shows just following thing in there:



    Cookie was not authenticated. Failure Message: Unprotect ticket failed.



    Authentication Cookie was chanllenged.



    Any help would be appreciated.






    ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
       
       options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
       )
       .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
       
       o.Cookie.Name = Config.CookieName;
       o.Cookie.SameSite = SameSiteMode.None;
       )
       .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
       
       options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

       options.Authority = Config.IdentityUrl;
       options.RequireHttpsMetadata = false;
       options.ClientId = Config.ClientId;
       options.SaveTokens = true;
       );



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>

       options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      )
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => 
       o.Cookie.Name = Config.CookieName;
       o.Cookie.SameSite = SameSiteMode.None;
       o.Events = new CookieAuthenticationEvents()
       
       OnRedirectToLogin = redirectContext =>
       
       redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
       return Task.CompletedTask;
       
       ;
      )
      .AddIdentityServerAuthentication(options =>

       options.Authority = Config.IdentityUrl;
       options.RequireHttpsMetadata = false;
       options.ApiName = Config.ApiName;
      );


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.






      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4







      share|improve this question













      I have Three application viz(IdentityServer4 App, .Net Core2.0 WebApp, .NetCore2.0 WebAPI)



      When I open the webapp if its un-authenticated, It gets navigated to identity server where I supply the credentials. After successful authentication it navigates back to webapp with the required cookies in place. Things are fine till here.



      Now within webapp I am making calls to webapi (with cookies set by identity server in webapp) but each time it returns as 401 unauthorized.



      Code sample in webapp:




      services.AddAuthentication(options =>
       
       options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
       )
       .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
       
       o.Cookie.Name = Config.CookieName;
       o.Cookie.SameSite = SameSiteMode.None;
       )
       .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
       
       options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

       options.Authority = Config.IdentityUrl;
       options.RequireHttpsMetadata = false;
       options.ClientId = Config.ClientId;
       options.SaveTokens = true;
       );



      And Code sample used in WebAPI in configure service method ConfigureServices:



      services.AddAuthentication(options =>

       options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      )
      .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o => 
       o.Cookie.Name = Config.CookieName;
       o.Cookie.SameSite = SameSiteMode.None;
       o.Events = new CookieAuthenticationEvents()
       
       OnRedirectToLogin = redirectContext =>
       
       redirectContext.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
       return Task.CompletedTask;
       
       ;
      )
      .AddIdentityServerAuthentication(options =>

       options.Authority = Config.IdentityUrl;
       options.RequireHttpsMetadata = false;
       options.ApiName = Config.ApiName;
      );


      also I have app.UseAuthentication() method in Configure method



      What I get a feeling of it has to do with something session-id may be. If so it the case please help if not then what you could make out as not doing right please help.



      I traced log it shows just following thing in there:



      Cookie was not authenticated. Failure Message: Unprotect ticket failed.



      Authentication Cookie was chanllenged.



      Any help would be appreciated.






      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4




      ajax web-applications asp.net-web-api2 asp.net-core-2.0 identityserver4






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 10 at 14:17









      C For Code

      216




      216






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          Here is the magical line of code.Added in




          ConfigureServices




          method before




          services.AddAuthentication




          This was reason because of which cookie was not getting validated.




          services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
          .SetApplicationName(Config.ApplicationName);







          share|improve this answer




















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            Here is the magical line of code.Added in




            ConfigureServices




            method before




            services.AddAuthentication




            This was reason because of which cookie was not getting validated.




            services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
            .SetApplicationName(Config.ApplicationName);







            share|improve this answer
























              up vote
              0
              down vote













              Here is the magical line of code.Added in




              ConfigureServices




              method before




              services.AddAuthentication




              This was reason because of which cookie was not getting validated.




              services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
              .SetApplicationName(Config.ApplicationName);







              share|improve this answer






















                up vote
                0
                down vote










                up vote
                0
                down vote









                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);







                share|improve this answer












                Here is the magical line of code.Added in




                ConfigureServices




                method before




                services.AddAuthentication




                This was reason because of which cookie was not getting validated.




                services.AddDataProtection().PersistKeysToFileSystem(PersistKeysLocation.GetKeyRingDirInfo())
                .SetApplicationName(Config.ApplicationName);








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 10 at 15:04









                C For Code

                216




                216



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53239842%2fidentityserver4-and-netcore-webapp-webapi-cookie-authentication-authorization%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    這個網誌中的熱門文章

                    What does pagestruct do in Eviews?

                    圖片
                    0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. What does the following command do in Eviews (I am very new to Eviews) pagestruct crossid @date(dateid) structure eviews share | improve this question edited Nov 12 at 4:19 asked Nov 8 at 9:13 Dom Jo 42 6 add a comment  |  0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. What does the following command do in Eviews (I am very new to Eviews) pagestruct crossid @date(dateid) structure eviews share | improve this question edited Nov 12 at 4:19 asked Nov 8 at 9:13 Dom Jo 42 6 add a comment  |  0 0 0 I have a panel data with column name dateid and an ID variable crossid and several other variables over a period of time. Wh...
                    閱讀完整內容

                    Dutch intervention in Lombok and Karangasem

                    圖片
                    Dutch intervention in Lombok and Karangasem (1894) Attack of the Dutch on a Balinese stronghold in Lombok in 1894. Date July–November 1894 Location Lombok Result Decisive Dutch victory. Dutch control of Lombok and Karangasem. Belligerents Netherlands Eastern Sasak Lombok Mataram Western Sasak Commanders and leaders General-Major Jacobus Augustinus Vetter (Commander) General-Major P.P.H. van Ham (Second in command)   † Strength 2,200 (July expedition) Casualties and losses 500 (August 1894) 166 (November 1894) Thousands v t e Dutch interventions in Bali Northern Bali (1846) Northern Bali (1848) Bali (1849) Lombok and Karangasem (1894) Southern Bali (1906) Southern Bali (1908) v t e Dutch colonial campaigns 17th Century Bantam (1601) Malacca (1606) Cape Rachado (1606) Banda Islands (1621) Macau (1622) Pescadores (1622–1624) Bahia (1624) Persian Gulf (1625) Elmina (1625) Cuba (1628) Recife (1630) Albrolhos (1631) Liaoluo Bay (1633) Taiwan (1635–36) Lamey...
                    閱讀完整內容

                    Channel Islands

                    圖片
                    This article is about the Crown dependencies. For the islands off Southern California, see Channel Islands (California). For the French Channel Islands, see Chausey. Channel Islands Îles Anglo-Normandes    (French) Îles d'la Manche    (Norman) Satellite photo of the Channel Islands in 2012 Location of the Channel Islands Geography Location Western Europe Coordinates 49°26′N 2°19′W  /  49.433°N 2.317°W  / 49.433; -2.317 Coordinates: 49°26′N 2°19′W  /  49.433°N 2.317°W  / 49.433; -2.317 Adjacent bodies of water English Channel Total islands 8 inhabited Major islands Jersey and Guernsey Area 198 km 2 (76 sq mi) Highest point Les Platons Administration Bailiwick of Guernsey Capital and largest settlement Saint Peter Port, Guernsey Area covered 78 km 2 (30 sq mi;  7001394000000000000♠ 39.4%) Bailiwick ...
                    閱讀完整內容