Closed cjwik closed 6 years ago
Did you fix it?
Otherwise this is a question for Micrsoft - you are using their code to validate the token.
No, have put his on the side for now. Not sure how to outline the question here for Microsoft.
Make sure you read (and understand) the readme for scenarios where this handler is useful and configuration options:
https://github.com/IdentityServer/IdentityServer4.AccessTokenValidation/blob/release/README.md
@cjwik will close this issue - feel free to open / re-open once you know more about your problem.
Have a identity service, a javascript client and api I like to access in a secure way.
Javascript client can logon, but when I try to access the api does it fails. It seems that it is the validation of the accesstoken that fail in the api. All of this works locally with localhost. I have cert in personal storage locally and have also upload the cert to Azure. I can verify that the identity service on Azure can find and load the cert.
(Have MASK the url)
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o =>
{
o.AddPolicy("default", policy =>
{
policy.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.WithExposedHeaders("WWW-Authenticate");
});
});
services.AddAuthentication(o =>
{
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = "https://MASK/identityservice";
o.Audience = "api1";
o.RequireHttpsMetadata = false;
});
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("default");
app.UseAuthentication();
app.UseMvc();
}
And the log on Azure
(Have MASK some name and url)
2017-10-22 18:03:09.888 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESJN6A6D" started. 2017-10-22 18:03:09.926 +00:00 [Information] Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET http://MASK/IdentityServiceTestApi/identityd__6.MoveNext()
2017-10-22 18:03:10.115 +00:00 [Information] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Bearer was not authenticated. Failure message: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
2017-10-22 18:03:10.325 +00:00 [Debug] Microsoft.AspNetCore.Routing.Tree.TreeRouter: Request successfully matched the route with name '(null)' and template 'Identity'.
2017-10-22 18:03:10.361 +00:00 [Debug] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Executing action MASK.IdentityServiceTestApi.Controllers.IdentityController.Get (MASK.IdentityServiceTestApi)
2017-10-22 18:03:10.374 +00:00 [Information] Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Authorization failed for user: (null).
2017-10-22 18:03:10.375 +00:00 [Information] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
2017-10-22 18:03:10.376 +00:00 [Information] Microsoft.AspNetCore.Mvc.ChallengeResult: Executing ChallengeResult with authentication schemes ().
2017-10-22 18:03:10.391 +00:00 [Information] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: AuthenticationScheme: Bearer was challenged.
2017-10-22 18:03:10.393 +00:00 [Information] Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker: Executed action MASK.IdentityServiceTestApi.Controllers.IdentityController.Get (MASK.IdentityServiceTestApi) in 29.7643ms
2017-10-22 18:03:10.404 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESJN6A6D" completed keep alive response.
2017-10-22 18:03:10.405 +00:00 [Information] Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 479.1014ms 401
2017-10-22 18:04:34.004 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8E" received FIN.
2017-10-22 18:04:34.004 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8E" disconnecting.
2017-10-22 18:04:34.004 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8E" sending FIN.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8E" stopped.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8D" received FIN.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8D" disconnecting.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8D" sending FIN.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8F" received FIN.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8F" disconnecting.
2017-10-22 18:04:34.005 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESCISJ8F" sending FIN.
2017-10-22 18:04:34.008 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8D" stopped.
2017-10-22 18:04:34.008 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESCISJ8F" stopped.
2017-10-22 18:04:34.007 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESBPJ074" received FIN.
2017-10-22 18:04:34.007 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESBPJ074" disconnecting.
2017-10-22 18:04:34.007 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESBPJ074" sending FIN.
2017-10-22 18:04:34.008 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESBPJ074" stopped.
2017-10-22 18:04:34.006 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESJN6A6D" received FIN.
2017-10-22 18:04:34.006 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESJN6A6D" disconnecting.
2017-10-22 18:04:34.006 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv: Connection id "0HL8PESJN6A6D" sending FIN.
2017-10-22 18:04:34.006 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HL8PESJN6A6D" stopped.
2017-10-22 18:03:10.110 +00:00 [Information] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Failed to validate the token eyJhbGciOiJSUzI1NiIsImtpZCI6IjUyRUU1NEY2NzQwN0M1RTdDNjNGMDRDQURDNjZCNzExOEJENDZCQzgiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJVdTVVOW5RSHhlZkdQd1RLM0dhM0VZdlVhOGcifQ.eyJuYmYiOjE1MDg2OTUzNzYsImV4cCI6MTUwODY5ODk3NiwiaXNzIjoiaHR0cHM6Ly9zb25kZXJkZXZlbG9wbWVudC5uY2ZpbmFuY2Uuc2UvaWRlbnRpdHlzZXJ2aWNlIiwiYXVkIjpbImh0dHBzOi8vc29uZGVyZGV2ZWxvcG1lbnQubmNmaW5hbmNlLnNlL2lkZW50aXR5c2VydmljZS9yZXNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6ImpzX0lkZW50aXR5U2VydmljZVRlc3RDbGllbnRKYXZhU2NyaXB0Iiwic3ViIjoiMTg4IiwiYXV0aF90aW1lIjoxNTA4NjkwNzQ5LCJpZHAiOiJsb2NhbCIsIm5hbWUiOiJBbGljZSBTbWl0aCIsInJvbGUiOiJteVJvbGUiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiYXBpMSJdLCJhbXIiOlsicHdkIl19.NoXtdq8K5t1_iA9RqN2BITo2w__8xEymG2bXCDmsGRpPm09fRtmIesR5_xaBE4ndGvVlsZbkQJDpFRLKgfX7OKV9Kb7qu_NF5F_kzc2lv3FMPZDGzZGOcAwtHrAYnYGQkEYW8KvWXRdfhEiyaXP-F1tufOGXXctD5T_8LW4kIben_kUpP4OFj4B3jTEJy-2Ft1_vkC7eqbuH0lQwepSNZFIZ4zB7wxifN0HHOeHJh7Rn1O-QgVFpNFqBZXpNLjjSRNg87ZK6kuig0C7OJwaZGfBBsLOqbv4sP_uD1UZdjnA5SkpNbBIcUuVIGyoKQMwWpHtOvXAyUrRAILj3jRgSzbDMlBH5MilVj6OXxE7bK60Jr2I8HB0vagGb1e1xJz6mT3rzm5AjE9UbjBtiOow3MlTR2YYcQmkUv_S8Xewnc7GeDbFxZkJjOXIKnmfpjNzviUf73AC7bL1fK8jmk3mXmrIGZxInPB8Z1i_l4n1rFFdiso_zDHf8YLp36og7DUmvwhLNFKRpXiMyjngyzq1OEc2L2yI7MotLZ-h45ZnoP4iDjU1OGttsoj1w4PxrIWHeOZCwjCxqUnXurpHY02yRUEgJPbsykenqw-WnL5O1I-HrSkyXc4r4r1XPJTT-GF3JUIzfkdhipF4Bb1wpq8ua3s3nP_NdNL9XE-S3TuMZBnk. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.