I have an IS4 server, a web server, and and api server that are all using AspNetIdentity. Locally they all get along just fine I can sign into my Web UI it redirects me to IS4 where I enter my creds then it redirects me to my Web UI where I am successfully logged in. This works great but only on my local machine where all 3 instances are running localhost:differentports.
On my production environment they obviously are not all on a localhost but are 3 different domains. The API works the way I want but the Web will not log into IS4 properly. I try to log in, it redirects me to IS4 where I am able to log in. But when I am guided back to the Web UI I am not logged in. If I go to the IS4 server directly I am logged in there. If I try to go to an [Authorize] page in my UI it goes into an endless loop of calling IS4 to log in, then IS4 says it is already logged in so it returns to the page and the loop continues.
I know this is very wordy, but the configuration is the same on my local db as it is on my production, short of the redirect uris.
Here is the start up for my IS4
services.RegisterDataProtectionServices(Configuration);
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityContext>()
.AddDefaultTokenProviders();
services.AddMvc();
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddIdentityServer()
.AddAspNetIdentity<ApplicationUser>()
.AddConfigurationStore(configDb =>
{
configDb.ConfigureDbContext = db => db.UseNpgsql(Configuration.GetConnectionString("IdentityServer4ConfigurationContext"),
sql => sql.MigrationsAssembly(typeof(IdentityServer4Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddOperationalStore(operationDb =>
{
operationDb.ConfigureDbContext = db => db.UseNpgsql(Configuration.GetConnectionString("IdentityServer4PersistedGrantContext"),
sql => sql.MigrationsAssembly(typeof(IdentityServer4Startup).GetTypeInfo().Assembly.GetName().Name));
})
.AddDeveloperSigningCredential();
And here is the startup for the Web
services.RegisterDataProtectionServices(Configuration);
services.AddDefaultAWSOptions(Configuration.GetAWSOptions());
services.AddMvc(options =>
{
options.Filters.Add<WebAccessLogFilter>();
//source: https://stackoverflow.com/a/47728690/2874556 --> RequestController --> Self-reference when pulling RequestInstrument list
options.OutputFormatters.Clear();
options.OutputFormatters.Add(new JsonOutputFormatter(new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore,
}, ArrayPool<char>.Shared));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = _hostingConfiguration.IdentityServer4AuthorityUrl;
options.RequireHttpsMetadata = false;
options.ClientId = "mvc";
options.ClientSecret = "secret";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("api1");
options.Scope.Add("offline_access");
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("profile");
});
services.RegisterAutoMapper();
Any help would be appreciated as I am about to just get rid of IS4 from my web project entirely.
