IConnectionItemsFeature Error

[agkoutis]

Hello, I have added a new Project using template 5.0, with fresh DB.

I'm facing a problem regarding the HttpClient & Postman in the IIS deployed instance.

When i request .well-known/openid-configuration from the browser everything works fine, but when I'm using c# httpClient or Postman I'm getting error 500 in the logs.

2024-06-21 15:58:48.273 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request starting HTTP/1.1 GET https://XXXXXXXX/IdentityProvider/.well-known/openid-configuration - null null 2024-06-21 15:58:49.356 [ERR] [Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler::] An exception occurred while processing the authentication request. System.NotSupportedException: Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel. at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.GetConnectionItems() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() 2024-06-21 15:58:49.376 [ERR] [Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer::] Connection ID "18086456130900328459", Request ID "80000011-0006-fb00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.NotSupportedException: Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel. at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.GetConnectionItems() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at SimpleIdServer.IdServer.Middlewares.LanguageMiddleware.InvokeAsync(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync() 2024-06-21 15:58:49.404 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request finished HTTP/1.1 GET https://XXXXXXXX/IdentityProvider/.well-known/openid-configuration - 500 null null 1138.8492ms

I have tried to deploy this version on a SID working IIS instance (different virtual application) and still get the same error.

The same errors occur even when I'm trying to access from Postman using Localhost/IdentityProvider from IIS Srv. When I'm debugging from VS everything works fine.

Any ideas?

Thanks!

[simpleidserver]

Hello,

Could you please provide the configuration details of your SimpleIdServer project?

To support Windows Authentication, did you set "windowsAuthentication" to true in the appsettings.json file?

For more information, please refer to the official documentation: Windows Authentication in ASP.NET Core

Kind regards,

SID

[agkoutis]

Hello, besides the dabase connection string and authorization url , the rest of settings are the defaults. I don't need windows authentication and I also checked the allow anonymous auth in iis is set to true.

I can provide the Json tomorrow,

Thanks!

[simpleidserver]

Hello,

Sorry for my late reply. :)

This exception is thrown when the DynamicAuthenticationHandlerProvider class calls the InitializeAsync method of the NegotiateHandler class. Could you please remove the NegotiateHandler record from the AuthenticationSchemeProvider table and try again?

Kind regards,

SID

[agkoutis]

Hello!

I have deleted the negotiation record, but the error still occurs.

My Json config:

{ "Serilog": { "MinimumLevel": { "Default": "Warning", "Override": { "Microsoft": "Warning", "System": "Warning", "Microsoft.AspNetCore": "Information", "Microsoft.EntityFrameworkCore.Database.Command": "Warning" } }, "WriteTo": [ { "Name": "Console" }, { "Name": "File", "Args": { "path": "Logs\IdentityProvider.log", "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff} [{Level:u3}] [{SourceContext}:{MemberName}:{LineNumber}] {Message:lj}{NewLine}{Exception}", "rollingInterval": "Day" } } ], "Enrich": [ "FromLogContext" ] }, "ForceHttps": false, "IsForwardedEnabled": true, "AllowedHosts": "*", "ClientCertificateMode": "NoCertificate",

"IsRealmEnabled": false, "IsEmailUsedDuringAuthentication": true

"SCIMBaseUrl": "http://localhost:5003",

"Authority": "https://xxxxxxx/IdentityProvider", "AuthCookieNamePrefix": "idp-auth", "SessionCookieNamePrefix": "idp-session",

"DistributedCacheConfiguration": { "Type": "SQLSERVER", "ConnectionString": "Data Source=xxxxxxx;Initial Catalog=IdentityProviderDev;User Id=sa;Password=xxxxxxx;TrustServerCertificate=True", "InstanceName": "IdentityProviderDB" }, "StorageConfiguration": { "ConnectionString": "Data Source=xxxxxxx;Initial Catalog=IdentityProviderDev;User Id=sa;Password=xxxxxxx;TrustServerCertificate=True", "Type": "SQLSERVER" },

"Facebook": { "FacebookOptionsLite": { "AppId": "569242033233529", "AppSecret": "12e0f33817634c0a650c0121d05e53eb" } }, "Google": { "GoogleOptionsLite": { "ClientId": "357608317425-bf8pibt1s4t2b4dkr12ar70rc6o78j4l.apps.googleusercontent.com", "ClientSecret": "5majI7of9JK_yGqERP-C3Sm9" } }, "Negotiate": { "NegotiateOptionsLite": { } }, "SCIM": { "SCIMRepresentationsExtractionJobOptions": { "Count": 1, "SCIMEdp": "https://localhost:5003", "AuthenticationType": "APIKEY", "ApiKey": "ba521b3b-02f7-4a37-b03c-58f713bf88e7" } }, "LDAP": { "LDAPRepresentationsExtractionJobOptions": { "Server": "localhost", "Port": 389, "BindDN": "cn=admin,dc=xl,dc=com", "BindCredentials": "password", "UsersDN": "ou=people,dc=xl,dc=com", "UserObjectClasses": "organizationalPerson,person", "BatchSize": 1 } }, "IdServerEmailOptions": { "SmtpPort": 587, "SmtpHost": "smtp.gmail.com", "SmtpUserName": "", "SmtpPassword": "", "Subject": "Confirmation code", "HttpBody": "The confirmation code is {0}", "FromEmail": "", "SmtpEnableSsl": true, "OTPType": "TOTP", "OTPValue": "OGFBIDG3Y42LUH7VPSWCX35HY3TS3L6T" }, "IdServerSmsOptions": { "AccountSid": "", "AuthToken": "", "FromPhoneNumber": "", "Message": "The confirmation code is {0}", "OTPType": "TOTP", "OTPValue": "PBJ777ZITHOPF7AVR7I47VRSNQYVFFNY" }, "IdServerPasswordOptions": { "NotificationMode": "email", "ResetPasswordTitle": "Reset your password", "ResetPasswordBody": "Link to reset your password {0}", "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, "FidoOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", "OTPValue": "PBJ777ZITHOPF7AVR7I47VRSNQYVFFNY", "TOTPStep": "30" }, "FcmOptions": { "ServiceAccountFilePath": "" } }

Kind regards,

[simpleidserver]

Can you execute the following actions:

• Edit the Program.cs class and comment out the code AddMissingAuthenticationSchemeProvider.
• Remove the Negotiate record from the AuthenticationSchemeProviders.
• Restart the application pool.

[agkoutis]

OK, I will try. Would you like me to download the source code? Right now I'm using VS template (using Nuget V 5.0) and there is no AddMissingAuthenticationSchemeProvider method

Thanks

[simpleidserver]

I checked the template (version 5.0), and the statement 'AddMissingAuthenticationSchemeProviders' is present in the Program.cs file. Otherwise, remove Negotiate from the IdServerConfiguration.cs file, delete the record from the AuthenticationSchemeProviders table, and restart the application pool.

[agkoutis]

OK, found it, but i have already commented SeedData Method after the first run, so AddMissingAuthenticationSchemeProviders was not executing.

The records in db are the same as before

This is the log when I request the discovery endpoint from a browser which is working just fine

2024-06-25 15:46:35.746 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request starting HTTP/2 GET https://localhost/IdentityProvider/.well-known/openid-configuration - null null 2024-06-25 15:46:35.913 [INF] [Microsoft.AspNetCore.Routing.EndpointMiddleware::] Executing endpoint 'SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer)' 2024-06-25 15:46:35.984 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker::] Route matched with {action = "Get", controller = "OpenIdConfiguration", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Get(System.String, System.Threading.CancellationToken) on controller SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController (SimpleIdServer.IdServer). 2024-06-25 15:46:36.411 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor::] Executing OkObjectResult, writing value of type 'System.Text.Json.Nodes.JsonObject'. 2024-06-25 15:46:36.486 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker::] Executed action SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer) in 468.569ms 2024-06-25 15:46:36.488 [INF] [Microsoft.AspNetCore.Routing.EndpointMiddleware::] Executed endpoint 'SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer)' 2024-06-25 15:46:36.492 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request finished HTTP/2 GET https://localhost/IdentityProvider/.well-known/openid-configuration - 200 null application/json; charset=utf-8 745.9952ms

[simpleidserver]

Super! If the ticket is resolved, can I close it? :)

[agkoutis]

Hello,

Well, nothing changed since my first post. As I mentioned when I'm trying to access the discovery endpoint from a browser everything works fine.

When I'm using c# httpclient or Postman I'm getting this error. I cant even use Admin UI.

[simpleidserver]

I tried to reproduce your issue on my local machine but was not successful.

Here are the steps I took:

• Deployed version 5.0.0 on my IIS.
• Disabled the NegotiateHandler.

When the NegotiateHandler is enabled, I receive the following exception, but when it is disabled, everything works well:

Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel.

If you can access https://localhost/IdentityProvider/.well-known/openid-configuration with your browser, there is no reason POSTMAN shouldn't work.

POSTMAN

[agkoutis]

OK, i just double-checked appsettings there was another instance of db that Negotiate authentication record existed.

Everything work fine now in postman. I will run more tests tomorrow with c# client.

Thanks for the help!

Kind regards,