Ask
Reputation: 3746
No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS
I am implementing Aspnet.security.openidconnect (ASOS) with .net core 2.1 application. Now the issue is when I am trying to execute this chunk in controller,
public async Task<IActionResult> Authorize()
{
if (Response.StatusCode != 200)
{
return View("AuthorizeError");
}
var ticket = await AuthenticationHttpContextExtensions.AuthenticateAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
var identity = ticket != null && ticket.Principal != null ? ticket.Ticket.Principal : null;
if (identity == null)
{
await AuthenticationHttpContextExtensions.ChallengeAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme, null);
return Unauthorized();
}
ViewData["Name"] = ticket.Principal.Identity.Name;
var scopes = (HttpContext.Request.Query["scope"].ToString() ?? "").Split(' ');
ViewData["Scopes"] = scopes;
//var claimsIdentity = new ClaimsIdentity(identity.Claims, "Bearer", identity.NameClaimType, identity.RoleClaimType);
var claimsIdentity = new ClaimsIdentity(identity.Claims, "Bearer");
foreach (var scope in scopes)
{
claimsIdentity.AddClaim(new Claim("urn:oauth:scope", scope));
}
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, claimsPrincipal);
logger.Info("Authorize request received");
return View();
}
The error I am getting on this line:
var ticket = await AuthenticationHttpContextExtensions.AuthenticateAsync(HttpContext, CookieAuthenticationDefaults.AuthenticationScheme);
And here is the implementation of ASOS in startup:
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie("Application", options =>
{
options.LoginPath = new PathString(LoginPath);
options.LogoutPath = new PathString(LogoutPath);
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
//options.AccessDeniedPath = new PathString();
});
//services.AddAuthentication("External")
// .AddCookie("Cookies", options =>
// {
// options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "External";
// options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
// });
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
services.AddAuthentication(OAuthValidationDefaults.AuthenticationScheme).AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.AuthorizationEndpointPath = new PathString(AuthorizePath);
// Enable the token endpoint.
options.TokenEndpointPath = new PathString(TokenPath);
options.ApplicationCanDisplayErrors = true;
options.AccessTokenLifetime = TimeSpan.FromMinutes(5);
#if DEBUG
options.AllowInsecureHttp = true;
#endif
options.Provider.OnValidateAuthorizationRequest = context =>
{
if (string.Equals(context.ClientId, Configuration["OpenIdServer:ClientId"], StringComparison.Ordinal))
{
context.Validate(context.RedirectUri);
}
return Task.CompletedTask;
};
// Implement OnValidateTokenRequest to support flows using the token endpoint.
options.Provider.OnValidateTokenRequest = context =>
{
// Reject token requests that don't use grant_type=password or grant_type=refresh_token.
if (!context.Request.IsClientCredentialsGrantType() && !context.Request.IsPasswordGrantType()
&& !context.Request.IsRefreshTokenGrantType())
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return Task.CompletedTask;
}
if (string.IsNullOrEmpty(context.ClientId))
{
context.Skip();
return Task.CompletedTask;
}
if (string.Equals(context.ClientId, Configuration["OpenIdServer:ClientId"], StringComparison.Ordinal) &&
string.Equals(context.ClientSecret, Configuration["OpenIdServer:ClientSecret"], StringComparison.Ordinal))
{
context.Validate();
}
return Task.CompletedTask;
};
// Implement OnHandleTokenRequest to support token requests.
options.Provider.OnHandleTokenRequest = context =>
{
// Only handle grant_type=password token requests and let
// the OpenID Connect server handle the other grant types.
if (context.Request.IsClientCredentialsGrantType() || context.Request.IsPasswordGrantType())
{
//var identity = new ClaimsIdentity(context.Scheme.Name,
// OpenIdConnectConstants.Claims.Name,
// OpenIdConnectConstants.Claims.Role);
ClaimsIdentity identity = null;
if (context.Request.IsClientCredentialsGrantType())
{
identity = new ClaimsIdentity(new GenericIdentity(context.Request.ClientId, "Bearer"), context.Request.GetScopes().Select(x => new Claim("urn:oauth:scope", x)));
}
else if (context.Request.IsPasswordGrantType())
{
identity = new ClaimsIdentity(new GenericIdentity(context.Request.Username, "Bearer"), context.Request.GetScopes().Select(x => new Claim("urn:oauth:scope", x)));
}
// Add the mandatory subject/user identifier claim.
// By default, claims are not serialized in the access/identity tokens.
// Use the overload taking a "destinations" parameter to make sure
// your claims are correctly inserted in the appropriate tokens.
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, Guid.NewGuid().ToString("n") + Guid.NewGuid().ToString("n"), OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken);
var ticket = new Microsoft.AspNetCore.Authentication.AuthenticationTicket(
new ClaimsPrincipal(identity),
new Microsoft.AspNetCore.Authentication.AuthenticationProperties(),
context.Scheme.Name);
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(
OpenIdConnectConstants.Scopes.Profile,
OpenIdConnectConstants.Scopes.OfflineAccess);
context.Validate(ticket);
}
return Task.CompletedTask;
};
Now the error I am getting is:
InvalidOperationException: No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS. Did you forget to call AddAuthentication().AddSomeAuthHandler?
What am I missing here. Any help?
Upvotes: 3
Views: 21679
Answers (2)
Kishan Vaishnav
Reputation: 2631
In my case I was using "Cookies" when adding authentication and "Cookie" when calling the SiginOut method. Changed both the places to use "Cookies"
Startup:
services.AddAuthentication(config => {
config.DefaultScheme = "Cookies";
config.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")<---- Change here.
.AddOpenIdConnect("oidc", config => {
config.Authority = "https://localhost:44392/";
config.ClientId = "client_id_mvc";
config.ClientSecret = "client_secret_mvc";
config.SaveTokens = true;
config.ResponseType = "code";
//config.SignedOutCallbackPath = "/Privacy";
});
Calling SignOut:
public async Task<IActionResult> OnPostAsync()
{
return SignOut("Cookies", "oidc");
}
Upvotes: 1
Ask
Reputation: 3746
So found the issue, actually I was using "Application" name for cookie scheme and in controller I was using default name "Cookies". So just had to remove the explicit "Application" name to default "Cookies" name No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication
Upvotes: 0
Related Questions
- InvalidOperationException: No authentication handler is registered for the scheme 'CookieSettings'.Did you forget to call AddAuthentication()
- InvalidOperationException: No authentication handler is registered for the scheme Bearer.
- Cookie authentication is not working in ASP.NET Core application
- ASP.NET Core 2.0 Authentication Cookie not set
- .NET Core 2.2 sends out authentication cookie but doesn't recognise it
- .Net Core 2.2 Cookie Authentication Problem
- No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication
- Cookie Authentication ASP.NET Core
- Cannot use CookieAuthenticaton and openidConnect Authentication in asp.net core 2.0
- Authentication with Cookies in ASP.NET Core