search

skoruba / IdentityServer4.Admin

The administration for the IdentityServer4 and Asp.Net Core Identity
MIT License
3.56k stars 1.15k forks source link

Error when user without administrator visits Admin site. #621

Open johndcollins opened 4 years ago

johndcollins commented 4 years ago

Question

When I create a user without Administrator and log in to the Identity server everything seems ok. But if I try and visit the Admin site I get a server 500 error.

Is there a way to prevent this error if the user does not have permissions to the Admin site?

Relevant parts of the log file


{
  "TimeStamp": "2020-06-08T13:01:24.8655870",
  "Level": "Error",
  "Message": "An unhandled exception has occurred while executing the request.",
  "MessageTemplate": "An unhandled exception has occurred while executing the request.",
  "Exception": "System.Exception: An error was encountered while handling the remote login.\r\n ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).\r\n   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties)\r\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()\r\n   --- End of inner exception stack trace ---\r\n   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()\r\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)\r\n   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)\r\n   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)",
  "Properties": {
    "EventId": {
      "Id": 1,
      "Name": "UnhandledException"
    },
    "SourceContext": "Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware",
    "RequestId": "80000071-000e-ff00-b63f-84710c7967bb",
    "RequestPath": "/signin-oidc",
    "SpanId": "|f8337a8-44a0d2bcc55b7bdf.",
    "TraceId": "f8337a8-44a0d2bcc55b7bdf",
    "ParentId": "",
    "ApplicationName": "IdentityServer4.Admin"
  }
}```
skoruba commented 4 years ago

Thanks for reporting this, let me test it. 😉