0

I have two different clients with diffrent domains. And i have identity server hosting different domains. Like this;

client1.com, client2.com (client domains) , auth.client1.com (identity server domain).

Silent renew works on client1.com. But on client2.com when try to silent renew it's gives an error and whole page become empty.

Error is;

"Error: AuthCallback AuthResult came with error: login_required".

Am i missing something?

Startup.cs

      public void ConfigureServices(IServiceCollection services)
    {
        services.ConfigureNonBreakingSameSiteCookies();
        services.AddControllersWithViews();

        string migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
        string connectionString = "<connectionString>"

        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(connectionString));

        services.AddIdentity<ApplicationUser, ApplicationRole>()
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

        var builder = services.AddIdentityServer(options =>
        {
            options.Events.RaiseErrorEvents = true;
            options.Events.RaiseInformationEvents = true;
            options.Events.RaiseFailureEvents = true;
            options.Events.RaiseSuccessEvents = true;
        })
                         .AddConfigurationStore(options =>
                         {
                             options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
                                 sql => sql.MigrationsAssembly(migrationsAssembly));
                         })
                         .AddOperationalStore(options =>
                         {
                             options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
                                 sql => sql.MigrationsAssembly(migrationsAssembly));
                             options.EnableTokenCleanup = true;
                         }).AddAspNetIdentity<ApplicationUser>(); ;

        string cerFileName = "<cerFileName>";
        string cerPassword = "<cerPassword>"

        if (Environment.IsDevelopment())
        {
            string fileName = Path.Combine(Environment.ContentRootPath, "tempkey.rsa");
            builder.AddDeveloperSigningCredential(filename: fileName);
        }
        else
        {
            // string fileName = Path.Combine(Environment.ContentRootPath, "<file>");
            if (!File.Exists(cerFileName))
            {
                throw new FileNotFoundException("Signing Certificate is missing!");
            }

            X509Certificate2 cert = new X509Certificate2(cerFileName, cerPassword, X509KeyStorageFlags.MachineKeySet);
            //X509Certificate2 cert = new X509Certificate2(fileName, "", X509KeyStorageFlags.MachineKeySet);
            builder.AddSigningCredential(cert);
            Console.WriteLine("###Certificate is done");
        }

        string authorityUrl = Configuration.GetValue<string>("<AuthorityUrl>");

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
          .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwt =>
          {
              jwt.Authority = authorityUrl;

              jwt.TokenValidationParameters = new TokenValidationParameters()
              {
                  ValidateAudience = false,
              };
              jwt.RequireHttpsMetadata = false;
          });

        // Add application services.
        services.AddTransient<IEmailSender, AuthMessageSender>();
        services.AddTransient<ISmsSender, AuthMessageSender>();

        services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));
    }

    public void Configure(IApplicationBuilder app)
    {
        using (var scope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
        {
            SeedData.EnsureSeedData(scope.ServiceProvider, Configuration);
        }

        app.UseCookiePolicy();

        if (Environment.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseStaticFiles();
        app.UseRouting();

        app.UseIdentityServer();

        ///app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapDefaultControllerRoute();
        });
    }
HasanGundogdu
  • 82
  • 7
  • could you provide the minimal codes that could reproduce your error? – Ruikai Feng Oct 31 '22 at 05:26
  • I edited my question with sample startup.cs code @RuikaiFeng. Do you need any other part of code? Like client configs or angular silent renew code e.g – HasanGundogdu Oct 31 '22 at 12:16
  • I found a similar issue here,it seems that your cookie has expired,have you tried to set Authentication.CookieSlidingExpiration = true ?https://stackoverflow.com/questions/63901667/oidc-client-js-silent-access-token-renew-breaks-because-identity-server-authent – Ruikai Feng Nov 01 '22 at 02:38
  • I haven't try. Actually i found few similar issues but since my first client working properly to be honest i didn't consider these issues. I will try this and let you know. – HasanGundogdu Nov 01 '22 at 08:02

0 Answers0