search

dylanplecki / KeycloakOwinAuthentication

Keycloak Authentication Middleware for the C# OWIN Pipeline
http://keycloak.jboss.org
MIT License
56 stars 130 forks source link

logging errors when authentication fails #31

Open ahus1 opened 8 years ago

ahus1 commented 8 years ago

I was trying out the library and had some initial configuration problems. I found that errors were swallowed in this piece of code in KeycloakAuthenticationHandler.cs. I wonder if there could be a possibility to log these errors (and a short paragraph in the configuration guide where to find the log information). This would have saved me some time, and I would need that before going to any non-testing environment.

                    catch (Exception)
                    {
                        // ignored
                    }
dylanplecki commented 8 years ago

So to start a discussion on this topic, ASP.NET 4.5 has no formal support for file-based logging, and assumes every "fatal" error will be either gracefully handled or output as an HTTP/HTML -based error response. ASP.NET 5+ fixes with with its own logging solution, but currently this library isn't targeting that platform.

I wrote this library in the ASP.NET 4.5 mentality of "try to fix the problem if one comes up", but obviously this hides common-sense issues like configuration problems that would show up in logging immediately.

So the obvious solution here is to implement one of the various .NET logging libraries, dependent on a configuration option. So, default behavior may be the current behavior + log fatal errors to file using the logging framework. It can be configurable for no logging, or log-all and don't gracefully handle errors, etc.

I'll begin implementing this logging approach for the next major release, beginning in the next few days.

ahus1 commented 8 years ago

I'm not a .NET guy, I am just trying to get Keycloak to work for our setup. Maybe suggesting logging was jumping to conclusions here. Compatibility with ASP.NET 4.5 and minimal dependencies might be very valuable to the other users of the library, probably even to us.

In my case the URLs for Keycloak in the configuration and in the access token didn't match. It was great that there was a configuration option DisableIssuerValidation that solved the problem for me. But it was only by debugging that I found the reason of the problem.