search

IdentityServer / IdentityServer3.AccessTokenValidation

OWIN Middleware to validate access tokens from IdentityServer3
Apache License 2.0
91 stars 149 forks source link

401 Unauthorized after Upgrading to 2.7.0+ #114

Closed DeveTho closed 7 years ago

DeveTho commented 7 years ago

Hello!

I'm using this sweet library to validate the access tokens my Web API receives against my IdentityServer application (in another project). I'm doing this in a new project in the same way as I did it in another one some time ago. However, when setting the access token in the authentication header (type Bearer), I always got 401 unauthorized and there was no request made to IdentityServer. I searched quite a while on this, until I just thought to downgrade. That helped, and I found out I'm getting 401 starting at 2.7.0. I looked at the changes, but mostly this changed, right? I actually have no clue what it could be. It's probably an error on my side, but if one of you guys have any clue, feel free to let me know and I'll try to resolve it. Also please ask when more information is required!

Thanks in advance!

leastprivilege commented 7 years ago

Logs?

DeveTho commented 7 years ago

Well, I didn't find how to enable the Katana logging until after I posted the issue (sorry for that), but here they are:

System.TypeLoadException: Could not load type IdentityModel.Extensions.HashStringExtensions from assembly IdentityModel, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null.
   at IdentityServer3.AccessTokenValidation.ValidationEndpointTokenProvider.<ReceiveAsync>d__1.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
   at IdentityServer3.AccessTokenValidation.ValidationEndpointTokenProvider.ReceiveAsync(AuthenticationTokenReceiveContext context)
   at Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationHandler.<AuthenticateCoreAsync>d__0.MoveNext()

And then I knew of course what was wrong. These extensions don't exist in the 2.0.0 version. I tend to update my NuGet packages when possible, but this seemed to have been a rather stupid one (maybe)? Major change of course. Anyway, I don't know if it's possible, but could you maybe set a restriction on the dependency?

leastprivilege commented 7 years ago

see https://github.com/IdentityServer/IdentityServer3.AccessTokenValidation/issues/113

we accept PRs

DeveTho commented 7 years ago

Ah ok, didn't notice at first, I'm sorry. Anyway, thanks for the response. If you don't mind, I'm going to leave it as it is right now, but I'll certainly be looking into it!

ghost commented 7 years ago

Is this related?

Exception while initOnce: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeLoadException: Could not load type of field 'Microsoft.IdentityModel.Tokens.Saml2SecurityTokenHandler:_smSaml2HandlerPrivateNeverSetAnyProperties' (4) due to: Could not resolve type with token 01000006 (from typeref, class/assembly System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) assembly:System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 type:System.IdentityModel.Tokens.Saml2SecurityTokenHandler member:<none>
  at Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationMiddleware..ctor (Microsoft.Owin.OwinMiddleware next, Owin.IAppBuilder app, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions options) [0x000a9] in <9676ab1309794b2396c9d7c8ad23a538>:0 
  at (wrapper dynamic-method) System.Object:lambda_method (System.Runtime.CompilerServices.Closure,Microsoft.Owin.OwinMiddleware,Owin.IAppBuilder,Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions)
  at (wrapper managed-to-native) System.Reflection.MonoMethod:InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&)
  at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00032] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System.Reflection/MonoMethod.cs:305 
   --- End of inner exception stack trace ---
  at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00043] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System.Reflection/MonoMethod.cs:313 
  at System.Reflection.MethodBase.Invoke (System.Object obj, System.Object[] parameters) [0x00000] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/referencesource/mscorlib/system/reflection/methodbase.cs:229 
  at System.Delegate.DynamicInvokeImpl (System.Object[] args) [0x000e1] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System/Delegate.cs:461 
  at System.MulticastDelegate.DynamicInvokeImpl (System.Object[] args) [0x00008] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System/MulticastDelegate.cs:67 
  at System.Delegate.DynamicInvoke (System.Object[] args) [0x00000] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System/Delegate.cs:406 
  at Microsoft.Owin.Builder.AppBuilder.BuildInternal (System.Type signature) [0x00072] in <e28337575f6c4665b6ecaf25ff10dac6>:0 
  at Microsoft.Owin.Builder.AppBuilder.Build (System.Type returnType) [0x00000] in <e28337575f6c4665b6ecaf25ff10dac6>:0 
  at Owin.MapExtensions.Map (Owin.IAppBuilder app, Microsoft.Owin.PathString pathMatch, System.Action`1[T] configuration) [0x0007c] in <e28337575f6c4665b6ecaf25ff10dac6>:0 
  at Owin.MapExtensions.Map (Owin.IAppBuilder app, System.String pathMatch, System.Action`1[T] configuration) [0x00057] in <e28337575f6c4665b6ecaf25ff10dac6>:0 
  at Subscription.IdentityManagement.Startup.Configuration (Owin.IAppBuilder app) [0x00021] in /Users/briancullinan/Documents/asm/subscription.identitymanagement/Subscription.IdentityManagement/Startup.cs:46 
  at (wrapper managed-to-native) System.Reflection.MonoMethod:InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&)
  at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00032] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System.Reflection/MonoMethod.cs:305 
   --- End of inner exception stack trace ---
  at System.Reflection.MonoMethod.Invoke (System.Object obj, System.Reflection.BindingFlags invokeAttr, System.Reflection.Binder binder, System.Object[] parameters, System.Globalization.CultureInfo culture) [0x00043] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/corlib/System.Reflection/MonoMethod.cs:313 
  at System.Reflection.MethodBase.Invoke (System.Object obj, System.Object[] parameters) [0x00000] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/referencesource/mscorlib/system/reflection/methodbase.cs:229 
  at Owin.Loader.DefaultLoader+<>c__DisplayClass12.<MakeDelegate>b__b (Owin.IAppBuilder builder) [0x00000] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at Owin.Loader.DefaultLoader+<>c__DisplayClass1.<LoadImplementation>b__0 (Owin.IAppBuilder builder) [0x0004f] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at Microsoft.Owin.Host.SystemWeb.OwinHttpModule+<>c__DisplayClass2.<InitializeBlueprint>b__0 (Owin.IAppBuilder builder) [0x00012] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at Microsoft.Owin.Host.SystemWeb.OwinAppContext.Initialize (System.Action`1[T] startup) [0x00120] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at Microsoft.Owin.Host.SystemWeb.OwinBuilder.Build (System.Action`1[T] startup) [0x00014] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint () [0x00018] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at System.Threading.LazyInitializer.EnsureInitializedCore[T] (T& target, System.Boolean& initialized, System.Object& syncLock, System.Func`1[TResult] valueFactory) [0x0002e] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/referencesource/mscorlib/system/threading/LazyInitializer.cs:241 
  at System.Threading.LazyInitializer.EnsureInitialized[T] (T& target, System.Boolean& initialized, System.Object& syncLock, System.Func`1[TResult] valueFactory) [0x0000f] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/referencesource/mscorlib/system/threading/LazyInitializer.cs:206 
  at Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init (System.Web.HttpApplication context) [0x00000] in <d9e6b6f255bf4301a4e54f7b988a8be6>:0 
  at System.Web.HttpApplication.CreateDynamicModules () [0x0002c] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Web/System.Web/HttpApplication.cs:1676 
  at System.Web.HttpApplication.InitOnce (System.Boolean full_init) [0x0009b] in /private/tmp/source-mono-2017-02/bockbuild-2017-02/profiles/mono-mac-xamarin/build-root/mono-x86/mcs/class/System.Web/System.Web/HttpApplication.cs:218
mr-coetzee commented 6 years ago

@megamindbrian I'm getting the exact same exception, only on mono though.