I have same issue which was reported 4 years ago.
Here is the issue 385.
I think the issue is not resolved, but it was closed.
Same issue was reported few times but for newer ASPNETCORE version: 516, 52400
Expected Behavior
After enabling RequireState and RequireStateValidation, any state set in context.ProtocolMessage.State should be validated automatically.
Steps To Reproduce
When configuring OpenIdConnect, I am enabling both RequireState and RequireStateValidation:
This will result in the following exception:
IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
Description:An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidStateException: IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
--
[OpenIdConnectProtocolInvalidStateException: IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.] Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateState(OpenIdConnectProtocolValidationContext validationContext) +912 Microsoft.Owin.Security.OpenIdConnect.d__11.MoveNext() +4737 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 Microsoft.Owin.Security.OpenIdConnect.d__11.MoveNext() +7731 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.Infrastructure.d__31.MoveNext() +725 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +326 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +746 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__7.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +62 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__12.MoveNext() +192 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +32 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +118 System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +505 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +182 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +134
--
Hi,
I have same issue which was reported 4 years ago. Here is the issue 385. I think the issue is not resolved, but it was closed.
Same issue was reported few times but for newer ASPNETCORE version: 516, 52400
Expected Behavior After enabling RequireState and RequireStateValidation, any state set in context.ProtocolMessage.State should be validated automatically.
Steps To Reproduce When configuring OpenIdConnect, I am enabling both RequireState and RequireStateValidation:
options.ProtocolValidator.RequireState = true; options.ProtocolValidator.RequireStateValidation = true;
This will result in the following exception: IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
When looking into where this is created, it seems that State is never set on this context: https://github.com/aspnet/AspNetKatana/blob/43996b47015ca0c0ad12cdb6c87a017534eec620/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L390
Exception details:
IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidStateException: IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. -- [OpenIdConnectProtocolInvalidStateException: IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated.] Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateState(OpenIdConnectProtocolValidationContext validationContext) +912 Microsoft.Owin.Security.OpenIdConnect.