Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AuthenticateAsync returns null when using IdentityServer4 authentication together with Forms Authentication #364

Open
DumboJet opened this issue Jul 1, 2020 · 1 comment
Milestone

Comments

@DumboJet
Copy link

DumboJet commented Jul 1, 2020

I have an old application using Forms Authentication and I am trying to add service-to-server authentication to it using Identity Server 4.
So, I have added some Owin/Katana setup code to it and I am using this code (from package IdentityServer3.AccessTokenValidation):

            app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                Authority = ConfigurationManager.AppSettings["IdentityServerUrl"],
                RequiredScopes = ConfigurationManager.AppSettings["IdentityServer.ClientAuthorizationScopes"]?.Split(' ', '\t')?.ToArray(),
                ClientId = ConfigurationManager.AppSettings["IdentityServer.ClientId"],
                ClientSecret = ConfigurationManager.AppSettings["IdentityServer.ClientSecret"],
                NameClaimType = "name",
                RoleClaimType = "role",
                //AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
                ValidationMode = ValidationMode.Local,
                DelayLoadMetadata = true,
                AuthenticationType = "BearerIS",
            });

This does not work (I get no identity back), so I debugged the package code (IdentityServer3.AccessTokenValidation) and found out that it "fails" in this place:
image
The result returned on this active breakpoint is always null.
(The _options.AuthenticationType is Bearer here, from what I remember)
I have verified that the incoming request contains an access token that can be validated successfully by the introspection endpoint of IS4.

Could you maybe tell me what could be wrong here with AuthenticateAsync() and what I can do to make it work (not return null)?
I have tried to follow the code of this repository, but there is a lot of global variables at play (e.g. in the the IOwinContext) that I have no idea where they come from...

Any hints are welcome.
If this doesn't work, I am thinking of using an HttpModule that calls the introspection endpoint of IS4, to validate the token and set the Identity. But this is custom security code, so it might be good to avoid it...

@Tratcher
Copy link
Member

Tratcher commented Jul 1, 2020

See https://github.com/aspnet/AspNetKatana/wiki/Debugging for instructions to enable logging to see if that captures any errors.

Eventually I'd expect that code to call something like this:

protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()

But you'd want to ask the IdentityServer folks for the details on their setup.

@Tratcher Tratcher added this to the Discussions milestone Sep 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants