Identityserver4: .Net Framework 4.6.2 MVC Application.

Created on 8 Feb 2018 · 18Comments · Source: IdentityServer/IdentityServer4

Hi,
I've been through the "quick starts" as far as getting ID4 run-able and responding correctly to the example MVC .net core application.

We have an already existing .net application which is using MembershipReboot that we'd like to switch to using ID4. As a quick test I created an basic .Net Framework 4.6.2 MVC app and have the startup.cs file set as follows...

using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System.Collections.Generic;
using System.IdentityModel.Tokens;

[assembly: OwinStartup(typeof(MVC_OWIN_Client.Startup))]

namespace MVC_OWIN_Client
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            string baseClientAddress = "http://localhost:44301/";

            var authority = JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = "mvc.standard",
                Authority = "http://localhost:5000/",
                RedirectUri = baseClientAddress + "signin-oidc",
                PostLogoutRedirectUri = baseClientAddress + "signout-callback-oidc",
                ResponseType = "code id_token",
                Scope = "openid api1 offline_access",

                UseTokenLifetime = false,
                SignInAsAuthenticationType = "Cookies"
            });
        }
    }
}

In ID4 config, I created a client to match...

 public static IEnumerable<Client> GetClients()
 {

    ...

    new Client
        {
        ClientId = "mvc.standard",
            ClientName = "MVC Client2",
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },

            RedirectUris           = { "http://localhost:44301/signin-oidc" },
            PostLogoutRedirectUris = { "http://localhost:44301/signout-callback-oidc" },

            AllowedScopes =
            {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "api1"
            },
            AllowOfflineAccess = true
    }
};

The application will progress through the login and permissions page and ID4 finally indicates the user signed in....

info: IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator[0]
      User consented to scopes: openid, api1, offline_access
info: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
      Authorize endpoint response
      {
        "SubjectId": "2",
        "ClientId": "mvc.standard",
        "RedirectUri": "http://localhost:44301/signin-oidc",
        "State": "OpenIdConnect.AuthenticationProperties=pnxKmthLCWSNS1Tj8sBS1K4K-Erxq8_W3Sfj1gg3zXhTCqP-gKV-Hsfgh_pRLPYQcIdVJONhzA3VMdBNv4xqE7y8uX-pzEmeNKBYb0cPAh6Q9lm5knIS5ds9gccYKubK1U0NpnGAW7tw38brRzD7dEG-EkSgXqjnEGeS4pMCrFaG2CFwq08_-KyA85VufscpT3y9sL0hTLLYYbRiJhWIZBOM427piwaHpR-jbl7KXGo",
        "Scope": "openid api1 offline_access"
      }
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
      AuthenticationScheme: idsrv signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 152.1613ms 200 text/html; charset=UTF-8

That's it. The MVC Application is never restored, it sits there until it times-out.

Is there something missing from this?

question

Source

andy194

Most helpful comment

I read a lot of issues reported to these guys, and from what I experience they are notorious for misunderstanding obvious questions, blaiming other software, and closing issues without any solutions. I was able to follow everything you have stated in this post just fine. Pretty sure they day drink on the regular.

And the issue template states that this is not for general support on your architecture or configuration issues. We try to be as clear and upfront on this point as we can so as to save us all time and frustration. We work on this project in our free time and we don't have time to debug everyone else's issues. I suspect many folks opening questions here are doing it as a result of a project you're doing at work while being paid. I am not being paid to build the OSS, or reply to your issues here. It's a different OSS than that from Microsoft or some other company that funds devs working on it, so I'm sorry your expectations are misaligned.

brockallen on 23 Apr 2019

👍10 ❤3 🚀1

All 18 comments

Sorry, it's not clear what the issue is. It also sounds more like the issue is on your client app, rather than anything wrong going on in IdentityServer.

brockallen on 11 Feb 2018

I didn't point the finger at ID4, just want to know whether there were some missing settings as 'the issue' is Identity Server 'appears' to be not replying in a way that a .net framework web application understands.

I needed to ask the question of someone who is working with ID4 on a daily basis as all the examples for ID4, that I can find, are for .net core not .net framework so there's nothing to corroborate with.

andy194 on 12 Feb 2018

The issue tracker for IdentityServer is not for general questions. If you have a problem with how to configure components ASP.NET Core (which is what you're struggling with above), then contact Microsoft's support, please.

brockallen on 12 Feb 2018

👎4 ❤1 👍1

I'm not struggling with .net core. The client and server are working when it's a .net core web application contacting Identity Server, it doesn't when it's contacted from a .net framework app. I thought this was fairly clear from the descriptions I've provided previously. I believe it's an issue because there's no response from ID4 back to a .net framework app.

andy194 on 12 Feb 2018

@andy194 sounds like its a issue with your redirect uri like your not getting the response back. This really isnt an issue with this library you may want to consider asking a question on stackoverflow.com

LindaLawton on 13 Feb 2018

Why oh why didn't someone just point me to the page on the subject? This is for anyone else looking for an answer...

https://leastprivilege.com/2017/03/03/extending-identityserver4-with-ws-federation-support/

andy194 on 14 Feb 2018

👍2

Thank you for your advice

dpcrman on 9 Aug 2018

@andy194 so was your solution to implement ws-federation instead of using openid on your .net framework app?

kkaung on 16 Aug 2018

Yes, if you don't, you end up with the eternal loopback scenario, never
getting a response from ID4.

On Thu, 16 Aug 2018, 20:54 Kevin Aung, notifications@github.com wrote:

@andy194 https://github.com/andy194 so was your solution to implement
ws-federation instead of using openid on your .net framework app?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/IdentityServer/IdentityServer4/issues/2059#issuecomment-413665333,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AGMKYEbAhDl0m05xzA_F64xKqVe_m4fiks5uRc4RgaJpZM4R-Osk
.

andy194 on 17 Aug 2018

I agree with their reply. Some questions are really irrelevant to ids4

dpcrman on 23 Apr 2019

Given that one of them wrote the article I then found and which pointed me at a solution, you're missing the point, they could have chosen to not be abrupt and just pointed me to it, easily. There are two types of smart people on this planet, a decent type and the smart-arsed type.

andy194 on 23 Apr 2019

I read a lot of issues reported to these guys, and from what I experience they are notorious for misunderstanding obvious questions, blaiming other software, and closing issues without any solutions. I was able to follow everything you have stated in this post just fine. Pretty sure they day drink on the regular.

brockallen on 23 Apr 2019

👍10 ❤3 🚀1

You should read more Eran Hammer:

https://hueniverse.com/how-to-use-open-source-and-shut-the-fuck-up-at-the-same-time-d933471d59de

https://hueniverse.com/no-cure-for-entitlement-38eb3c80d808

brockallen on 23 Apr 2019

❤11

Pretty sure they day drink on the regular.

Yeah - you should better apologize...

https://www.dotnetfoundation.org/code-of-conduct

leastprivilege on 23 Apr 2019

❤10

You guys work too damn hard and produce awesome software to be treated like that! Thank you for all you do!

dabasejumper on 23 Apr 2019

👍6

You are right. I apologize for being rude.

ghost on 24 Apr 2019

❤2

I ran into the same problem yesterday, and the problem is the cookie configuration I've found.

This was my code
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
//AuthenticationType = "Application",
//AuthenticationMode = AuthenticationMode.Passive,
});

When the commented code is uncommented (for that matter it seems that the AuthenticationType is the big culpret) it went into an infinite loop replying with a new token every time. I was tracking the Notifications in the OpenIdConnectAuthenticationOptions and started to play around with the cookie settings. Was not an IDS4 problem, but was still very confusion.