[Bug] Microsoft.Identity.Web should not call BuildServiceProvider
See original GitHub issueWhich Version of Microsoft Identity Web are you using ? Microsoft Identity Web 0.1.5-preview
Where is the issue?
- Web App
- [x ] Sign-in users
- Web API
- [x ] Protected web APIs (Validating tokens)
Repro See:
Expected behavior
NEVER call BuildServiceProvider
.
Actual behavior
Microsoft.Identity.Web calls BuildServiceProvider
Discussion
-
It’s a MUST FIX
-
In NET 5.0, there is an overload of
AddJwtBearer
/AddOpenIdConnect
with a service that you want to inject -
We need to come-up with alternatives for 3.0. @Tratcher will help
-
in addition raise an issue with ASP.NET Core to have these diagnostics available by default without wrapping the events.
Possible design (but feel free to do differently)
-
Add a constant in the Microsoft.Identity.Web.csproj file depending on the TargetFramework (maybe something like:
<PropertyGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'"> <DefineConstants>$(DefineConstants);DOTNET_CORE_31</DefineConstants> </PropertyGroup>
-
Based on the constant use one form of the other of AddOpenIdConnect and AddJwtBearer. For instance for AddOpenIdConnect we could have something like the following:
#if DOTNET_CORE_31 builder.AddOpenIdConnect(openIdConnectScheme, options => { // Todo: replace by the work around that @Tratcher will provider IServiceProvider serviceProvider = builder.Services.BuildServiceProvider(); #else builder.AddOpenIdConnect<IServiceProvider>(openIdConnectScheme, (options, serviceProvider) => { #endif
Note that the aspnetcoreapp3.1 case would still use the BuildServiceProvider until Chris provides a workaround
-
In the section garded by the subscribeToXXXMiddlewareDiagnosticsEvents boolean, just use the serviceProvider to call GetRequiredService<> For instance for the OIDC case, something like:
var diags = serviceProvider.GetRequiredService<IOpenIdConnectMiddlewareDiagnostics>();
-
Consider doing #239 soon after this one, as it leverages similar mechanisms
-
Follow-up with @Tratcher for the NET 3.1 work around to populate the service provider in the case of netcore3.1
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top GitHub Comments
So I understand that the section in WebApiAuthenticationBuilderExtensions.cs could be:
And in WebAppAuthenticationBuilderExtensions.cs, it could be:
@jennyf19, moving back to “in progress” now that Chris has shared the work around for .NET Core 3.1
https://github.com/dotnet/aspnetcore/issues/18772#issuecomment-588302416 This should work in prior versions:
In fact, you could do it in both versions and avoid the #ifs.