Any help on this issue would be much appreciated. I have wasted days on the matter.
Authenticating an ASP.NET Core 3.1 MVC app with IdentityServer3 is causing a runtime error. The Identity server is returning an error
The client application is not known or is not authorized
instead of a login screen. We have an ASP.NET MVC 5 app and an ASP.NET Core API that works fine with the identity server.
My approach has been to rewrite the ASP.NET MVC 5 code in .NET Core. I have done the best that I can without being able to find any documentation on how to do such a translation. Please see my code snippets below for details.
Working ASP.NET MVC 5 code:
//***
//commented all code that was not needed to get login screen to show up
//***
public void Configuration(IAppBuilder app)
{
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
ExpireTimeSpan = new TimeSpan(0, 300, 0),
SlidingExpiration = true
});
var clientBaseUrl = ConfigurationManager.AppSettings[ClientBaseUrlKey];
var identityServerBaseUrl = ConfigurationManager.AppSettings[IdentityServerBaseUrlKey];
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = identityServerBaseUrl,
ClientId = WebSettings.ClientId,
ResponseType = "code id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false//,
RedirectUri = $"{clientBaseUrl}/",
//PostLogoutRedirectUri = clientBaseUrl,
//Scope = "openid profile roles admin_certpay",
//Notifications = new OpenIdConnectAuthenticationNotifications
//{
...removed for brevity... }); }
Problematic ASP.NET Core 3.1 MVC code:
public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = "Cookies";
}).AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
{
o.Authority = "http://localhost/identity/";
o.ClientId = "actual value used here";
o.ResponseType = "code id_token token";
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.UseTokenLifetime = false;
//start - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.SignedOutRedirectUri = "http://localhost/CertPay.Admin/";
o.ReturnUrlParameter = "http://localhost/CertPay.Admin/";
//end - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
o.RequireHttpsMetadata = false; //fix to runtime error
});
//Played with Core API fix for the hell of it.
//.AddIdentityServerAuthentication(o =>
//{
// o.Authority = "http://localhost/identity/";
// //o.ApiName = "actual value here";
// o.LegacyAudienceValidation = true;
// o.RequireHttpsMetadata = true;
//});
}
