I'm using openiddict on a .net core 1.1 project. So far i was able to login through /connect/token endpoint.
Suddenly, without any changes to the controller i get the following exception
InvalidCastException: Unable to cast object of type
'AspNet.Security.OpenIdConnect.Primitives.OpenIdConnectRequest' to
type 'OpenIddict.OpenIddictOptions'.
Is there anyone else having the same issue?
API changes have been introduced in ASOS 2.0.0-rc1-final that are incompatible with the exact OpenIddict version you're using. To fix that, remove the packages that start with AspNet.Security.OpenIdConnect from your .nuget\packages folder and restore your project when it's done.
Related
We have upgraded both our application running openiddict and the client application in question to .net core 3.1 and .net framework 4.8 respectively. Openiddict is also updated to 3.1.0
Since this update, and the resulting changes in both projects, our .net framework asp.net mvc 5 application began hitting exception
IDX21323: RequireNonce is 'System.Boolean'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.
Upon inspection of the redirect request from our connect/authorize endpoint back to the client application's signin callback (called signin-sevanidentity) we see that instead of receiving a cookie of OpenIdConnect.nonce like we see on our production instance we see .AspNetCore.Identity.Application which is not being recognized by the client
Callback in updated version:
OpenIdConnect.nonce Header Info
Callback in working production instance:
ProductionHeaderInfo
Not certain if I've messed up config in openiddict, the client or both.
I found the resolution for this specific issue. The root cause was because I was using the incorrect response type in my client side's OpenIdConnect configuration. I was using "code id_token" instead of "code"
When I went to modify the OpenIdConnectResponseType enum value I found that code was not one of them, only 2 options were.
It turns out I had mistakenly installed an unneeded package that overrode the extensions.
Microsoft.IdentityModel.Protocol.Extensions published by "Microsoft Corporation" not "Microsoft"
Nuget Package name and version
After uninstalling this package I was able to add the code response type as intended.
I have a webApi .net core. I use this api also for angular 7.
In api sessions are not stable. I solve ths proble 'withCredentials': true. for angular 7.
But for Flutter I can not find anything like that.
I tried import 'dart:html';. But I get
Target of URI doesn't exist: 'dart:html'.
Try creating the file referenced by the URI, or Try using a URI for a file that does exist.dart(uri_does_not_exist)
error
is there any way to set withCredentials:true ?
Good day all,
I have just implemented a REST API in ASP.NET MVC Core. GET works just fine but when I try to test POST, PUT and DELETE I am getting the same error:
{System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.}
Could anyone help me with hints how to avoid this error?
Well... I found out that I need to install SSL certificate - can be made using MakeCert.exe.
I originally created a ASP.NET MVC4 project using the wrong authentication/template in Visual Studio. So I've been trying to make it use windows authentication (I already changed the project property to enable it) but there was a bunch of built-in garbage in my project:
- AccountController
- AuthConfig.RegisterAuth() im my Global.asax.cs
- AccountModel.cs
... and some other crap that I can't remember at this point
I went through and deleted all that junk but I still get the following error:
Error Page 404: The controller for path '/login.aspx' was not found or does not implement IController.
So it mentions some ASPX page in my ASP.NET MVC project that doesn't even exist. It would appear as though I didn't thoroughly go through and remove every reference to the "built-in" authentication login garbage that was put into the project when I first created it.
Can anyone provide any insight?
I have a custom IHttpHandler that calls MvcHttpHandler implemented as described in this answer.
It worked well in asp.net MVC2, but after I migrate the code to MVC4 with IISExpress 7.5, I start getting InvalidOperationException on the line:
httpHandler.ProcessRequest(HttpContext.Current);
with message:
'HttpContext.SetSessionStateBehavior' can only be invoked before
'HttpApplication.AcquireRequestState' event is raised.
ASP.NET Development Server does not make any problems.
Does anyone know what's going on here, and how to solve it?
I believe you need to use httpContext.Server.TransferRequest with the MVC update.
See this question: MVC3 Application Inside Webforms Application Routing is throwing a HttpContext.SetSessionStateBehavior Error in IIS7.5