InvalidOperationException: SignInAsync when principal.Identity.IsAuthenticated is false is not allowed when AuthenticationOptions.RequireAuthenticatedSignIn is true. Microsoft.AspNetCore.Authentication.AuthenticationService.SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) IdentityServer4.Hosting.IdentityServerAuthenticationService.SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) Siemens.LDA.CleanOrder.Controllers.AuthenticationController.ExternalLoginBackAsync() in AuthenticationController.cs await HttpContext.SignInAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme, lambda_method1783(Closure , object ) Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+TaskOfActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments) System.Threading.Tasks.ValueTask<TResult>.get_Result()
Steps to reproduce the issue:"
context.Services.AddAuthentication(options=>
{
//options.RequireAuthenticatedSignIn = false;
})
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "CleanOrder";
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
}) //.AddCookie("CleanOrder.MyId")
.AddOpenIdConnect("MyId", "OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = "https://myid.siemens.com/";
options.CallbackPath = "/";
options.ClientSecret = configuration["MyIdAuthServer:ClientSecret"];
options.ClientId = configuration["MyIdAuthServer:ClientId"];
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;
//options.SignedOutRedirectUri = "http://localhost:4300";
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
oAuthConfig: {
issuer: 'https://myid.siemens.com',
redirectUri: 'https://localhost:44361/authentication/token',
clientId: 'ClienID',
responseType: 'code',
scope: 'openid profile email',
}
[HttpGet("token")]
public ActionResult AuthAsync()
{
Console.WriteLine("===========token==================");
var callbackUrl = Url.Action("ExternalLoginback");
var properties = new AuthenticationProperties()
{
// actual redirect endpoint for your app
RedirectUri = callbackUrl,
AllowRefresh = true,
};
return Challenge(properties, "MyId");
}
[HttpGet("signin-oidc")]
public async Task<RedirectResult> ExternalLoginBackAsync()
{
Console.WriteLine("===========callback==================");
// read external identity from the temporary cookie
var result = await HttpContext.AuthenticateAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
if (result?.Succeeded != true)
{
throw new Exception("External authentication error");
}
// retrieve claims of the external user
var externalUser = result.Principal;
if (externalUser == null)
{
throw new Exception("External authentication error");
}
// retrieve claims of the external user
var claims = externalUser.Claims.ToList();
// try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier
// depending on the external provider, some other claim type might be used
var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
if (userIdClaim == null)
{
userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
}
if (userIdClaim == null)
{
throw new Exception("Unknown userid");
}
var externalUserId = userIdClaim.Value;
var externalProvider = userIdClaim.Issuer;
// get userInfo
var user = await _appUserService.GetByUserNameAsync(externalUserId.Split('|')[1]);
var clientUrl = _configuration["App:ClientUrl"];
if (user != null)
{
// issue authentication cookie for user
await HttpContext.SignInAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme,
new ClaimsPrincipal(
new ClaimsIdentity(
new List<Claim>
{
new Claim(AbpClaimTypes.UserId,user.Id.ToString()),
new Claim(AbpClaimTypes.UserName,user.UserName),
new Claim(AbpClaimTypes.Email,user.Email)
}
)
)
);
//delete temporary cookie used during external authentication
//await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme);
}
else
{
clientUrl += "/userNotExsit";
}
return Redirect(clientUrl);
}
It is the first time to integrate third-party authentication system. I have limited knowledge of authentication and experience with JWT Access Token. I need help.