search

DuendeSoftware / Support

Support for Duende Software products
21 stars 0 forks source link

QuickStart Interactive Applications with ASP.NET Core #1281

Closed DAR-2023 closed 3 months ago

DAR-2023 commented 4 months ago

Which version of Duende IdentityServer are you using? Duende.IdentityServer 7.0.4

Which version of .NET are you using? .NET 8.0.6

Describe the bug Go through the quickstart 2 steps, then host the IdentityServer and WebClient projects to the server, try to call the WebClient then redirects to the IdentityServer login page, add username/password with no action happening, and return to the login page again, the Log indicates that AuthenticationScheme: idsrv was not authenticated.

A clear and concise description of what the bug is. [Debug] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler AuthenticationScheme: idsrv was not authenticated.

The client config is: new Client { ClientId = "web", ClientSecrets = [new Secret("secret".Sha256())],

        AllowedGrantTypes = GrantTypes.Code,

        // where to redirect to after login
        RedirectUris = { "http://192.168.1.101/signin-oidc" },

        // where to redirect to after logout
        PostLogoutRedirectUris = { "http://192.168.1.101/signout-callback-oidc" },

        AllowedScopes = [
            IdentityServerConstants.StandardScopes.OpenId,
            IdentityServerConstants.StandardScopes.Profile
        ]
    }

where 192.168.1.101 is the server IP

WebClient config builder.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.Authority = "http://192.168.1.101:5000";

    options.ClientId = "web";
    options.ClientSecret = "secret";
    options.ResponseType = "code";

    options.Scope.Clear();
    options.Scope.Add("openid");
    options.Scope.Add("profile");

    options.RequireHttpsMetadata = false;

    options.MapInboundClaims = false; // Don't rename claim types

    options.SaveTokens = true;
});

where 192.168.1.101 is the server IP and hosting the IdentityServer on Port 5000
RolandGuijt commented 4 months ago

Please try to use a host name (could be just "localhost" in this case) instead of an IP address to prevent issues with cookies. Additionally, maybe needless to say but just to be sure: using http instead of https is not secure, it will expose the secrets that are exchanged. I would even use https in test scenarios to prevent issues with it when going to production.

RolandGuijt commented 3 months ago

@DAR-2023 Did this solve the issue for you? If so I'd like to close the issue.

RolandGuijt commented 3 months ago

Closing this but feel free to reopen and add something if needed.