Missing method exception

[vsavic]

When I try to access protected api method, I got redirected to /auth/IdentityServer?redirect=path-to-my-api-method with following exception:

[Authenticate: 2018-10-24 12:24:00 AM]: [REQUEST: {provider:IdentityServer}] System.MissingMethodException: Method not found: 'ServiceStack.Web.INameValueCollection ServiceStack.Web.IRequest.get_QueryString()'. at ServiceStack.Authentication.IdentityServer.Providers.UserAuthProvider.GetReferrerUrl(IServiceBase authService, IAuthSession session, Authenticate request) at ServiceStack.Authentication.IdentityServer.Providers.UserAuthProvider.Init(IServiceBase authService, IAuthSession& session, Authenticate request) at ServiceStack.Authentication.IdentityServer.Providers.UserAuthProvider.AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request)

I thought this would redirect me to identity server instance so I can login (locally or to use registered external providers), any idea why is this happening?

[stuartbfs]

Looks like you might be using a different version of Service Stack if the method is missing

[vsavic]

I'm using Service Stack version 5.2

[stuartbfs]

The plugin was built with version 4.0.56 so version 5 likely isn't supported.

[vsavic]

I just got code from this git to try it, and it works fine if I run for example IdentityServe3.SelfHost and UserAuthProvider.ServiceStack.SelfHost for example, however, if I try for example to run it against mine identity server 4 instance, it does not work, I'm getting this:

DEBUG: Exception Reading Response Error: The underlying connection was closed: An unexpected error occurred on a send., Exception: The underlying connection was closed: An unexpected error occurred on a send.

Is there something special that I need to do if I'm calling identity server which is behind https?

I saw something like RequireHeaderSymmetry = false is required for identity server on azure, but not sure where to configure that.

[stuartbfs]

As a guess, you might need to set the tls version using ServicePointManager depending on the certificate being used.

e.g.

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

[vsavic]

HA, ok now we are getting somewhere, I managed to get to mine identity server after I added these security protocols. Now just need to figure out what's wrong with my .NET Core setup and 5.2 version for Service Stack.

[vsavic]

Just wanted to confirm that this library can work with latest SS 5.4.1 and core 2.1, however I'm still struggling with popup which appear after I login into IdentityServer saying:

The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

Are you sure you want to send this information?

Any idea if something might be off with client registration?

[stuartbfs]

Is your Service Stack application is using HTTP and your Identity Server instance is HTTPS? If so the browser will give you a warning.

[vsavic]

Yes, my app is behind the http, and identity server behind https, and warning is fine (I was receiving it with .net core (without your plugin as well, but just once), but the thing is this time this warning keeps triggering callback method, and from callback method in your plugin, and never gets redirected to my API method.

[vsavic]

This is the method where it keeps landing after I click continue over and over:

public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)

[stuartbfs]

It’s probably failing to authenticate on the Service Stack. You’ll need to confirm the callback url is configured correctly in identity server.

[vsavic]

In this file from your repository, this condition with IdentityServer4 will never be true:

(!httpRequest.QueryString["code"].IsNullOrEmpty())

...because this code was not transferred as part of URL query string, so I replaced it with:

(!GetRequestValue("code", httpRequest).IsNullOrEmpty())

After that with my local identityserver4 everything works fine, however, with Azure I'm just having one more issue, and it's with nonce.

When enter this method from my azure instance: IsValidIdToken, idAuthTokens.Nonce is null, so somehow it got lost after it's set once in AuthenticateClient with:

 if (idAuthTokens != null)
            {                
                idAuthTokens.Nonce = nonce;
            }

fail: ServiceStack.Authentication.IdentityServerCore.IdentityServerIdTokenValidator[0] Nonce in id_token does not match the nonce created for the login request - potential replay attack

[stuartbfs]

Is the nonce in the response received from IdentityServer4?

[vsavic]

Yes, there's a nonce in the response received from IdentityServer4, but it looks like there's some issue with previously saved session (with authService.SaveSession(session, SessionExpiry); from where the nonce it's compared with received one in this IsValidIdToken method.

When I compare cookies for example, I don't have any cookie on second post from from azure idsvr to my localhost client application, somehow these ss cookies got lost, and that's causing the issue, because in Init method, you are checking for tokens from session.ProviderOAuthAccess but there's nothing when request lands there for second time (even doe it was added previously and stored in AuthenticateClient method.

[chrismcv]

@vsavic - seeing something similar, did you ever make progress with this?

[vsavic]

Hey @chrismcv, sorry for delay... no I just switched to default SS JWT auth to work with Identity Server.