search

byo-software / steam-openid-connect-provider

Steam OpenID Connect Identity Provider (IdP)
MIT License
67 stars 24 forks source link

System.Exception: The authentication response was rejected because the anti-forgery token was invalid. #22

Open characharm opened 1 year ago

characharm commented 1 year ago

2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login. 2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid. 2023-02-20 04:27:12 --- End of inner exception stack trace --- 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() 2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<<Configure>b__0>d.MoveNext() in /src/Startup.cs:line 110 2023-02-20 04:27:12 --- End of stack trace from previous location --- 2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-02-20 04:27:12 [22:27:12 ERR] Connection id "0HMOIP1A02N1Q", Request id "0HMOIP1A02N1Q:00000005": An unhandled exception was thrown by the application. 2023-02-20 04:27:12 System.Exception: An error was encountered while handling the remote login. 2023-02-20 04:27:12 ---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid. 2023-02-20 04:27:12 --- End of inner exception stack trace --- 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() 2023-02-20 04:27:12 at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() 2023-02-20 04:27:12 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) 2023-02-20 04:27:12 at SteamOpenIdConnectProvider.Startup.<>c__DisplayClass5_0.<b__0>d.MoveNext() in /src/Startup.cs:line 110 2023-02-20 04:27:12 --- End of stack trace from previous location --- 2023-02-20 04:27:12 at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) 2023-02-20 04:27:12 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

characharm commented 1 year ago

The authentication response was rejected because the anti-forgery token was invalid.

Trojaner commented 1 year ago

If I remember correctly this happens when the site is not opened via HTTPS

characharm commented 1 year ago

If I remember correctly this happens when the site is not opened via HTTPS

even in localhost?

Trojaner commented 1 year ago

yes

characharm commented 1 year ago

Is something with my configuration? Should these fields be in the request?

namePerson&openid.ax.type.first=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ax.type.last=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ax.type.email2=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ax.type.name2=http%3A%2F%2Fschema.openid.net%2FnamePerson&openid.ax.type.first2=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Ffirst&openid.ax.type.last2=http%3A%2F%2Fschema.openid.net%2FnamePerson%2Flast&openid.ax.required=email,name,first,last,email2,name2,first2,last2

STRATZ-Ken commented 1 year ago

Any update on this? Still getting about 90 users a day getting this error. I checked the defaults of .Net 6.0+ and those settings already seem to be the default.