Identityserver4: Return 401 after oidc was challenged, instead of 302 redirect

I think there is a breaking change in 1.1 - try adding AutomaticChallenge=true to the OIDC middleware.

@leastprivilege , adding AutomaticChallenge=true didn't help.
Here is the debug output:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5017/Home/About  
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null).
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Warning: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
'dotnet.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\1.0.1\Microsoft.Win32.Primitives.dll'. Cannot find or open the PDB file.
'dotnet.exe' (CoreCLR: clrhost): Loaded 'C:\Users\neera_000\.nuget\packages\System.Security.Cryptography.Encoding\4.3.0\runtimes\win\lib\netstandard1.3\System.Security.Cryptography.Encoding.dll'. Cannot find or open the PDB file.
'dotnet.exe' (CoreCLR: clrhost): Loaded 'C:\Users\neera_000\.nuget\packages\System.Runtime.Numerics\4.3.0\lib\netstandard1.3\System.Runtime.Numerics.dll'. Cannot find or open the PDB file.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44378/.well-known/openid-configuration  
IdentityServer4.Hosting.IdentityServerMiddleware:Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 329.2026ms 200 application/json
'dotnet.exe' (CoreCLR: clrhost): Loaded 'C:\Users\neera_000\.nuget\packages\System.IO.Compression\4.3.0\runtimes\win\lib\netstandard1.3\System.IO.Compression.dll'. Cannot find or open the PDB file.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44378/.well-known/openid-configuration/jwks  
IdentityServer4.Hosting.IdentityServerMiddleware:Information: Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration/jwks
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 191.4708ms 200 application/json
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectMiddleware:Information: AuthenticationScheme: oidc was challenged.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 1837.38ms 401 
Exception thrown: 'System.ArgumentNullException' in System.Private.CoreLib.ni.dll
Exception thrown: 'System.ArgumentNullException' in System.Private.CoreLib.ni.dll

I don't follow...

Is the client in the same app as IS? Is IdentityServer4 running in a 1.1 host?

@leastprivilege IS is different than MVC client. Here is the project.json from IS.

{
  "dependencies": {
    "Microsoft.NETCore.App": {
      "version": "1.0.1",
      "type": "platform"
    },
    "Microsoft.ApplicationInsights.AspNetCore": "1.0.0",
    "Microsoft.AspNetCore.Mvc": "1.0.1",
    "Microsoft.AspNetCore.Routing": "1.0.1",
    "Microsoft.AspNetCore.Server.IISIntegration": "1.0.0",
    "Microsoft.AspNetCore.Server.Kestrel": "1.0.1",
    "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.0.0",
    "Microsoft.Extensions.Configuration.FileExtensions": "1.0.0",
    "Microsoft.Extensions.Configuration.Json": "1.0.0",
    "Microsoft.Extensions.Logging": "1.0.0",
    "Microsoft.Extensions.Logging.Console": "1.0.0",
    "Microsoft.Extensions.Logging.Debug": "1.0.0",
    "Microsoft.Extensions.Options.ConfigurationExtensions": "1.0.0",
    "IdentityServer4": "1.0.0-rc3",
    "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0",
    "Microsoft.AspNetCore.Diagnostics": "1.0.0",
    "Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore": "1.0.0",
    "System.Security.Claims": "4.0.1",
    "Microsoft.AspNetCore.Authentication.Google": "1.0.0",
    "Microsoft.AspNetCore.Authentication.Facebook": "1.0.0",
    "Microsoft.AspNetCore.StaticFiles": "1.0.0"
  },

  "tools": {
    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-preview2-final",
    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-preview2-final"
  },

  "frameworks": {
    "netcoreapp1.0": {
      "imports": [
        "dotnet5.6",
        "portable-net45+win8"
      ]
    }
  },

  "buildOptions": {
    "emitEntryPoint": true,
    "preserveCompilationContext": true
  },

  "runtimeOptions": {
    "configProperties": {
      "System.GC.Server": true
    }
  },

  "publishOptions": {
    "include": [
      "wwwroot",
      "**/*.cshtml",
      "appsettings.json",
      "web.config"
    ]
  },

  "scripts": {
    "postpublish": [ "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%" ]
  }
}

And from where is the debug output you pasted above?

Both IS and MVC client are two different projects in a single solution. I run solution with multiple startup projects(both IS and Mvc client).

After clicking on secure action link in Mvc client, l copied it from output window of vs (selecting debug).

It's hard to tell if both log files are mixed together.

Try our clients sample or the quickstarts - and see if they work for you.

I tried my IS with Mvc client from quickstart (mvc hybrid flow). It was working fine. Then I updated packages version in quickstart itself. And it was causing problem. I thought there is some breaking change in those newer versions.

So are you all set now (can we close)?

@brockallen issue still exists with newer packages of Authentication.Cookies and Microsoft.AspNetCore.Authentication.OpenIdConnect. Though it is not a show stopper, anyone can always fall back to version "1.0.0" of these packages and get it running. However, the solution should work with updated versions also.
If someone updates his app to use Microsoft.NETCore.App version 1.1.0, he has to use latest version of these packages and the issue will arise.

We're not supporting 1.1. now -- it's too unstable.

But 1.1 is an RTM version update now so people will want to use this.
https://blogs.msdn.microsoft.com/webdev/2016/11/16/announcing-asp-net-core-1-1/

This is not an identityserver issue. The error happens on the client.

This issue got me for a couple of hours. The Quickstart (3) for interactive login does specify using version 1.0.0 of both the Cookies and OpenIDConnect packages, however I was building the application from scratch rather than use the pre-build demo and didn't realize the significance. It maybe worth mentioning not to upgrade in the quickstart, in bold flashing red writing ... ;)

You guys saved me a ton of time, I was wondering why the quickstart sample wasnt working for me. By default everyone who creates a new project tries to take the latest versions of the packages. However, in this case you should have a special red bold comment saying that there is an issue with 1.1.0 on the Creating an MVC Client Quickstart in ID4 docs ... http://docs.identityserver.io/en/release/quickstarts/3_interactive_login.html#creating-an-mvc-client

Thanks a ton Neeraj :)

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.