Getting "Operation is not valid due to the current state of the object" error while we are trying to connect identity server from our existing web form application.

[geetzkrish]

Which version of Duende IdentityServer are you using? 5.2.0

Which version of .NET are you using? 4.8

Describe the bug We customized the IdentityServer code and have a web form application where we’re transitioning from forms authentication to SSO. We added a startup page and the necessary configurations in the web form application. However, when running the application on localhost, we’re encountering the error: 'Operation is not valid due to the current state of the object.'

A clear and concise description of what the bug is. We customized the IdentityServer code and have a web form application where we’re transitioning from forms authentication to SSO. We added a startup page and the necessary configurations in the web form application. However, when running the application on localhost, we’re encountering the error: 'Operation is not valid due to the current state of the object.'

We were able to connect successfully from a sample web form application before, but when attempting the connection from our existing application, we’re encountering this issue.

To Reproduce

Steps to reproduce the behavior.

1. Run the Identity Server in the localhost
2. Run web application, which will redirect to the error

Expected behavior

A clear and concise description of what you expected to happen.

The application should connect to the identity server, and if there is no valid user session, it should display the login page.

Log output/exception with stacktrace

Operation is not valid due to the current state of the object.

[InvalidOperationException: Operation is not valid due to the current state of the object.] Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.PushLastObjects(IDictionary2 environment, TaskCompletionSource1 completionSource) +91 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContextStage.Epilog(IDictionary2 env) +86 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.DefaultAppInvoked(IDictionary2 env) +125 Microsoft.Owin.Security.Infrastructure.d5.MoveNext() +564 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d7.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.Infrastructure.d5.MoveNext() +746 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d7.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__12.MoveNext() +192 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +118 System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +417 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +75 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +158

data

Additional context

Add any other context about the problem here.

[AndersAbel]

This looks like a problem somewhere in the Owin hosting for System.Web.

I found this Stack Overflow Post: https://stackoverflow.com/questions/52074727/owin-invalidoperation-exception-at-startup-in-authentication-or-map-middleware

Could it be the same issue?

[geetzkrish]

The stack trace mentioned above is the same, but in our case, the OWIN startup is triggered correctly.

[geetzkrish]

This error occurred because we added the following setting in the web.config under :

<add name="Owin" type="Microsoft.Owin.Host.SystemWeb.OwinHttpModule, Microsoft.Owin.Host.SystemWeb" />

The OwinHttpModule can cause conflicts or redundant initializations in the OWIN pipeline.

To resolve the issue, we removed the setting from in web.config and added the following code in the Form_Load method of the startup page in the web form application:

 if (!Request.IsAuthenticated)
 {
     // Redirect to login page via OWIN's authentication challenge
     HttpContext.Current.GetOwinContext().Authentication.Challenge( );
 }