Closed agkoutis closed 1 week ago
Hello,
Could you please provide the configuration details of your SimpleIdServer project?
To support Windows Authentication, did you set "windowsAuthentication" to true in the appsettings.json file?
For more information, please refer to the official documentation: Windows Authentication in ASP.NET Core
Kind regards,
SID
Hello, besides the dabase connection string and authorization url , the rest of settings are the defaults. I don't need windows authentication and I also checked the allow anonymous auth in iis is set to true.
I can provide the Json tomorrow,
Thanks!
Hello,
Sorry for my late reply. :)
This exception is thrown when the DynamicAuthenticationHandlerProvider
class calls the InitializeAsync
method of the NegotiateHandler
class.
Could you please remove the NegotiateHandler
record from the AuthenticationSchemeProvider table and try again?
Kind regards,
SID
Hello!
I have deleted the negotiation record, but the error still occurs.
My Json config:
{ "Serilog": { "MinimumLevel": { "Default": "Warning", "Override": { "Microsoft": "Warning", "System": "Warning", "Microsoft.AspNetCore": "Information", "Microsoft.EntityFrameworkCore.Database.Command": "Warning" } }, "WriteTo": [ { "Name": "Console" }, { "Name": "File", "Args": { "path": "Logs\IdentityProvider.log", "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff} [{Level:u3}] [{SourceContext}:{MemberName}:{LineNumber}] {Message:lj}{NewLine}{Exception}", "rollingInterval": "Day" } } ], "Enrich": [ "FromLogContext" ] }, "ForceHttps": false, "IsForwardedEnabled": true, "AllowedHosts": "*", "ClientCertificateMode": "NoCertificate",
"IsRealmEnabled": false, "IsEmailUsedDuringAuthentication": true
"SCIMBaseUrl": "http://localhost:5003",
"Authority": "https://xxxxxxx/IdentityProvider", "AuthCookieNamePrefix": "idp-auth", "SessionCookieNamePrefix": "idp-session",
"DistributedCacheConfiguration": { "Type": "SQLSERVER", "ConnectionString": "Data Source=xxxxxxx;Initial Catalog=IdentityProviderDev;User Id=sa;Password=xxxxxxx;TrustServerCertificate=True", "InstanceName": "IdentityProviderDB" }, "StorageConfiguration": { "ConnectionString": "Data Source=xxxxxxx;Initial Catalog=IdentityProviderDev;User Id=sa;Password=xxxxxxx;TrustServerCertificate=True", "Type": "SQLSERVER" },
"Facebook": { "FacebookOptionsLite": { "AppId": "569242033233529", "AppSecret": "12e0f33817634c0a650c0121d05e53eb" } }, "Google": { "GoogleOptionsLite": { "ClientId": "357608317425-bf8pibt1s4t2b4dkr12ar70rc6o78j4l.apps.googleusercontent.com", "ClientSecret": "5majI7of9JK_yGqERP-C3Sm9" } }, "Negotiate": { "NegotiateOptionsLite": { } }, "SCIM": { "SCIMRepresentationsExtractionJobOptions": { "Count": 1, "SCIMEdp": "https://localhost:5003", "AuthenticationType": "APIKEY", "ApiKey": "ba521b3b-02f7-4a37-b03c-58f713bf88e7" } }, "LDAP": { "LDAPRepresentationsExtractionJobOptions": { "Server": "localhost", "Port": 389, "BindDN": "cn=admin,dc=xl,dc=com", "BindCredentials": "password", "UsersDN": "ou=people,dc=xl,dc=com", "UserObjectClasses": "organizationalPerson,person", "BatchSize": 1 } }, "IdServerEmailOptions": { "SmtpPort": 587, "SmtpHost": "smtp.gmail.com", "SmtpUserName": "", "SmtpPassword": "", "Subject": "Confirmation code", "HttpBody": "The confirmation code is {0}", "FromEmail": "", "SmtpEnableSsl": true, "OTPType": "TOTP", "OTPValue": "OGFBIDG3Y42LUH7VPSWCX35HY3TS3L6T" }, "IdServerSmsOptions": { "AccountSid": "", "AuthToken": "", "FromPhoneNumber": "", "Message": "The confirmation code is {0}", "OTPType": "TOTP", "OTPValue": "PBJ777ZITHOPF7AVR7I47VRSNQYVFFNY" }, "IdServerPasswordOptions": { "NotificationMode": "email", "ResetPasswordTitle": "Reset your password", "ResetPasswordBody": "Link to reset your password {0}", "ResetPasswordLinkExpirationInSeconds": "30", "CanResetPassword": "true" }, "FidoOptions": { "U2FExpirationTimeInSeconds": "300", "IsDeveloperModeEnabled": false }, "IdServerConsoleOptions": { "Message": "The confirmation code is {0}", "OTPType": "TOTP", "OTPValue": "PBJ777ZITHOPF7AVR7I47VRSNQYVFFNY", "TOTPStep": "30" }, "FcmOptions": { "ServiceAccountFilePath": "" } }
Kind regards,
Can you execute the following actions:
OK, I will try. Would you like me to download the source code? Right now I'm using VS template (using Nuget V 5.0) and there is no AddMissingAuthenticationSchemeProvider method
Thanks
I checked the template (version 5.0), and the statement 'AddMissingAuthenticationSchemeProviders' is present in the Program.cs file. Otherwise, remove Negotiate from the IdServerConfiguration.cs file, delete the record from the AuthenticationSchemeProviders table, and restart the application pool.
OK, found it, but i have already commented SeedData Method after the first run, so AddMissingAuthenticationSchemeProviders was not executing.
The records in db are the same as before
This is the log when I request the discovery endpoint from a browser which is working just fine
2024-06-25 15:46:35.746 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request starting HTTP/2 GET https://localhost/IdentityProvider/.well-known/openid-configuration - null null 2024-06-25 15:46:35.913 [INF] [Microsoft.AspNetCore.Routing.EndpointMiddleware::] Executing endpoint 'SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer)' 2024-06-25 15:46:35.984 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker::] Route matched with {action = "Get", controller = "OpenIdConfiguration", area = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Get(System.String, System.Threading.CancellationToken) on controller SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController (SimpleIdServer.IdServer). 2024-06-25 15:46:36.411 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor::] Executing OkObjectResult, writing value of type 'System.Text.Json.Nodes.JsonObject'. 2024-06-25 15:46:36.486 [INF] [Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker::] Executed action SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer) in 468.569ms 2024-06-25 15:46:36.488 [INF] [Microsoft.AspNetCore.Routing.EndpointMiddleware::] Executed endpoint 'SimpleIdServer.IdServer.Api.OpenIdConfiguration.OpenIdConfigurationController.Get (SimpleIdServer.IdServer)' 2024-06-25 15:46:36.492 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request finished HTTP/2 GET https://localhost/IdentityProvider/.well-known/openid-configuration - 200 null application/json; charset=utf-8 745.9952ms
Super! If the ticket is resolved, can I close it? :)
Hello,
Well, nothing changed since my first post. As I mentioned when I'm trying to access the discovery endpoint from a browser everything works fine.
When I'm using c# httpclient or Postman I'm getting this error. I cant even use Admin UI.
I tried to reproduce your issue on my local machine but was not successful.
Here are the steps I took:
When the NegotiateHandler is enabled, I receive the following exception, but when it is disabled, everything works well:
Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel.
If you can access https://localhost/IdentityProvider/.well-known/openid-configuration with your browser, there is no reason POSTMAN shouldn't work.
POSTMAN
OK, i just double-checked appsettings there was another instance of db that Negotiate authentication record existed.
Everything work fine now in postman. I will run more tests tomorrow with c# client.
Thanks for the help!
Kind regards,
Hello, I have added a new Project using template 5.0, with fresh DB.
I'm facing a problem regarding the HttpClient & Postman in the IIS deployed instance.
When i request .well-known/openid-configuration from the browser everything works fine, but when I'm using c# httpClient or Postman I'm getting error 500 in the logs.
2024-06-21 15:58:48.273 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request starting HTTP/1.1 GET https://XXXXXXXX/IdentityProvider/.well-known/openid-configuration - null null 2024-06-21 15:58:49.356 [ERR] [Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler::] An exception occurred while processing the authentication request. System.NotSupportedException: Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel. at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.GetConnectionItems() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() 2024-06-21 15:58:49.376 [ERR] [Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer::] Connection ID "18086456130900328459", Request ID "80000011-0006-fb00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.NotSupportedException: Negotiate authentication requires a server that supports IConnectionItemsFeature like Kestrel. at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.GetConnectionItems() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at SimpleIdServer.IdServer.Middlewares.LanguageMiddleware.InvokeAsync(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync() 2024-06-21 15:58:49.404 [INF] [Microsoft.AspNetCore.Hosting.Diagnostics::] Request finished HTTP/1.1 GET https://XXXXXXXX/IdentityProvider/.well-known/openid-configuration - 500 null null 1138.8492ms
I have tried to deploy this version on a SID working IIS instance (different virtual application) and still get the same error.
The same errors occur even when I'm trying to access from Postman using Localhost/IdentityProvider from IIS Srv. When I'm debugging from VS everything works fine.
Any ideas?
Thanks!