Issue with setting up a stand alone Resource Server
See original GitHub issueHello,
I’m trying to set up a standalone resource server that is exactly what is described here: https://github.com/openiddict/openiddict-core/issues/1340.
My resource server is an OWIN/ASP.NET 4.8 Web API 2 application that has a simple controller that will be the protected resource and will be using the Client Credentials flow. The project was created in Visual Studio using the ASP.NET Web Application (.NET Framework) template.
The issue I’m experiencing is when I make a request to the API using Postman I get the following error:
{
"Message": "An error has occurred.",
"ExceptionMessage": "No OWIN authentication manager is associated with the request.",
"ExceptionType": "System.InvalidOperationException",
"StackTrace": " at System.Web.Http.HostAuthenticationFilter.GetAuthenticationManagerOrThrow(HttpRequestMessage request)\r\n at System.Web.Http.HostAuthenticationFilter.<AuthenticateAsync>d__4.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.AuthenticationFilterResult.<ExecuteAsync>d__5.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__15.MoveNext()"
}
In this request I’m passing the Authorization header with the bearer token.
This is what I get from the logging after I made that request:
OpenIddict.Validation.OpenIddictValidationDispatcher: Debug: The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.Owin.OpenIddictValidationOwinHandlers+InferIssuerFromHost.
OpenIddict.Validation.OpenIddictValidationDispatcher: Debug: The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.Owin.OpenIddictValidationOwinHandlers+InferIssuerFromHost.
Here is the startup.cs code for the resource server:
using Autofac;
using Autofac.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Owin;
using Owin;
[assembly: OwinStartup(typeof(Sample.OpenIddict.ResourceServer.Example.Startup))]
namespace Sample.OpenIddict.ResourceServer.Example
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
var services = new ServiceCollection();
services.AddLogging(logging =>
{
logging.AddDebug();
logging.SetMinimumLevel(LogLevel.Trace);
});
// Register the OpenIddict validation components.
services.AddOpenIddict()
.AddValidation(options =>
{
// Note: the validation handler uses OpenID Connect discovery
// to retrieve the address of the introspection endpoint.
options.SetIssuer("https://localhost:44300/");
options.AddAudiences("TestAPI");
// Configure the validation handler to use introspection and register the client
// credentials used when communicating with the remote introspection endpoint.
options.UseIntrospection()
.SetClientId("TestAPI")
.SetClientSecret("1cf0d681bc3c4e31a273b0203496983e");
// Register the System.Net.Http integration.
options.UseSystemNetHttp();
// Register the Owin host.
options.UseOwin();
});
var builder = new ContainerBuilder();
builder.Populate(services);
var container = builder.Build();
app.UseAutofacMiddleware(container);
}
}
}
This is the protected resource decorated with the HostAuthentication attribute
using OpenIddict.Validation.Owin;
using System.Collections.Generic;
using System.Web.Http;
namespace Sample.OpenIddict.ResourceServer.Example.Controllers
{
[HostAuthentication(OpenIddictValidationOwinDefaults.AuthenticationType)]
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
public string Get(int id)
{
return "value";
}
// POST api/values
public void Post([FromBody] string value)
{
}
// PUT api/values/5
public void Put(int id, [FromBody] string value)
{
}
// DELETE api/values/5
public void Delete(int id)
{
}
}
}
In regards to the error “No OWIN authentication manager is associated with the request.” I made sure that the Microsoft.Owin.Host.SystemWeb is installed.
Also made sure and that these two lines are not in the WebApiConfig.cs file:
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
I’ve also read the article of adding openiddict to an OWIN application (https://kevinchalet.com/2020/03/03/adding-openiddict-3-0-to-an-owin-application/) and I think I have it set up correctly. It seems that I’m missing something else and if I can be pointed to the right direction that would be much appreciated.
Thank you
Issue Analytics
- State:
- Created 2 years ago
- Comments:16 (7 by maintainers)
Top GitHub Comments
@kevinchalet I finally had the time to add the introspection permission endpoint into my orchard core using IOpenIdApplicationManager that you commented on here: https://github.com/openiddict/openiddict-core/issues/1359#issuecomment-986040499 and it was very straight forward. I think I’m going to add the revocation endpoint permission and give that a test drive as well. So cool! I’m going to submit a PR to Orchard Core for this when I’m done with everything. I’ll be sure to discuss with the OC team beforehand of course 😃 https://github.com/OrchardCMS/OrchardCore/issues/10803#issue-1070822538
Thank you again for your guidance on this.
@kevinchalet Will do. If I have any question I’ll ask it here: https://github.com/OrchardCMS/OrchardCore/issues/10803#issue-1070822538