question

Sam-0670 avatar image
0 Votes"
Sam-0670 asked ZhiLv-MSFT commented

OpenIdConnectOptions Validate Method Throwing Exception in ASP.NET 6.0

I have a new ASP.NET Core 6.0 web app, and I am trying to configure OpenID Connect (OIDC) in the Program.cs file. I am using "Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.0" in my .csproj file.

This is the code so far for my OIDC logic in my Program.cs file:

 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
    
 var builder = WebApplication.CreateBuilder(args);
    
 Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration oidcConfig = new OpenIdConnectConfiguration();
 oidcConfig.TokenEndpoint = "https://removed.com";
 oidcConfig.UserInfoEndpoint = "https://removed.com";
 oidcConfig.JwksUri = "https://removed.com";
    
 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions oidcOptions = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions();
 oidcOptions.Authority = "https://removed.com";
 oidcOptions.MetadataAddress = "https://removed.com";
 oidcOptions.Configuration = oidcConfig;
 oidcOptions.ClientId = "xxxxxxxxxxxxxxx";
 oidcOptions.ClientSecret = "xxxxxxxxxxxxxxx";
 oidcOptions.ResponseType = OpenIdConnectResponseType.IdToken;
 oidcOptions.GetClaimsFromUserInfoEndpoint = true;
 oidcOptions.SaveTokens = true;
 oidcOptions.Validate();

When I run my code and it gets to oidcOptions.Validate(), the following exception is thrown:

An unhandled exception of type 'System.InvalidOperationException' occurred in Microsoft.AspNetCore.Authentication.OpenIdConnect.dll: 'Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions'

Why is this exception being thrown? When I run my code in debug mode, I can see that my oidcOptions object has the values I provided for Authority, MetadataAddress, and Configuration.

dotnet-aspnet-core-generaldotnet-aspnet-core-securitydotnet-aspnet-core-auth
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhiLv-MSFT avatar image ZhiLv-MSFT ·

Why is this exception being thrown? When I run my code in debug mode....

Do you mean in the development environment, it works well, but in the other environments such production environment, it is not working? If that is the case, please check the environment selection part.

Or do you mean this error happens in release mode, but works well in debug mode?

Then, please check your service, have you ever register the AddOpenIdConnect service in the program.cs file, code like this:

 services.AddAuthentication(options => {
     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
 })
 .AddCookie(options => {
     options.LoginPath = "/Account/Login/";
 })
 .AddOpenIdConnect(options =>
     {
         options.ClientId = Configuration["oidc:clientid"];
         options.ClientSecret = Configuration["oidc:clientsecret"];
         options.Authority = String.Format("https://{0}.onelogin.com/oidc", Configuration["oidc:region"]);
    
         options.ResponseType = "code";
         options.GetClaimsFromUserInfoEndpoint = true;
     }
 );

More detail information, see OneLogin OpenId Connect Dotnet Core 3.0 Sample and An introduction to OpenID Connect in ASP.NET Core.

0 Votes 0 ·
Sam-0670 avatar image Sam-0670 ZhiLv-MSFT ·

Thank you for responding and providing those links.

My app is fully functional and its OIDC flow is working as long as I don't call the OpenIdConnectOptions.Validate() method.

When I call the Validate() method in any environment, my app returns the following exception during runtime:
An unhandled exception of type 'System.InvalidOperationException' occurred in Microsoft.AspNetCore.Authentication.OpenIdConnect.dll: 'Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions'

If I run my app in debug mode, I can see that Authority, MetadataAddress, and Configuration are all populated, which makes it seem like the exception is being thrown incorrectly.

When I remove the call to Validate(), my app works just fine, and I can successfully use the OIDC flow to authenticate.

I believe the OpenIdConnectOptions.Validate() method is nonfunctional in the current version of Microsoft.AspNetCore.Authentication.OpenIdConnect.

0 Votes 0 ·
ZhiLv-MSFT avatar image ZhiLv-MSFT Sam-0670 ·

An unhandled exception of type 'System.InvalidOperationException' occurred in Microsoft.AspNetCore.Authentication.OpenIdConnect.dll: 'Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions'

From the OpenIdConnectOptions source code, we can see that the above exception happens when the ConfigurationManager is null. So, you can check it.

190491-image.png


1 Vote 1 ·
image.png (54.7 KiB)

1 Answer

surferonwww avatar image
0 Votes"
surferonwww answered Sam-0670 commented

The following document describes the settings in the Program.cs of ASP.NET Core MVC application when Duende IdentityServer is used:

Interactive Applications with ASP.NET Core
https://docs.duendesoftware.com/identityserver/v5/quickstarts/2_interactive/

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sam-0670 avatar image Sam-0670 ·

Thank you for providing the tutorial! I followed it and got my application's OIDC flow working. However, the OpenIdConnectOptions.Validate() method still throws the same exception even when my web app is fully functional. I am now convinced that the Validate method doesn't do anything. I've simply removed the Validate() call from my code, and my app no longer throws an exception.

0 Votes 0 ·