ASP.NET Core 3.1 MVC AddOpenIDConnect 与 IdentityServer3

Question

Any help on this issue would be much appreciated. I have wasted days on the matter.

Authenticating an ASP.NET Core 3.1 MVC app with IdentityServer3 is causing a runtime error. The Identity server is returning an error

The client application is not known or is not authorized

instead of a login screen. We have an ASP.NET MVC 5 app and an ASP.NET Core API that works fine with the identity server.

My approach has been to rewrite the ASP.NET MVC 5 code in .NET Core. I have done the best that I can without being able to find any documentation on how to do such a translation. Please see my code snippets below for details.

Working ASP.NET MVC 5 code:

    //***
    //commented all code that was not needed to get login screen to show up
    //***
    public void Configuration(IAppBuilder app)
    {
        AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "Cookies",
            ExpireTimeSpan = new TimeSpan(0, 300, 0),
            SlidingExpiration = true
        });

        var clientBaseUrl = ConfigurationManager.AppSettings[ClientBaseUrlKey];
        var identityServerBaseUrl = ConfigurationManager.AppSettings[IdentityServerBaseUrlKey];

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Authority = identityServerBaseUrl,
            ClientId = WebSettings.ClientId,
            ResponseType = "code id_token token",
            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false//,
            RedirectUri = $"{clientBaseUrl}/",
            //PostLogoutRedirectUri = clientBaseUrl,
            //Scope = "openid profile roles admin_certpay",

            //Notifications = new OpenIdConnectAuthenticationNotifications
            //{

...removed for brevity... }); }

Problematic ASP.NET Core 3.1 MVC code:

public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews();

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = "Cookies";
        }).AddCookie("Cookies")
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, o =>
        {
            o.Authority = "http://localhost/identity/";
            o.ClientId = "actual value used here";
            o.ResponseType = "code id_token token"; 
            o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            o.UseTokenLifetime = false;
            //start - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
            o.SignedOutRedirectUri = "http://localhost/CertPay.Admin/";
            o.ReturnUrlParameter = "http://localhost/CertPay.Admin/";
            //end - not sure what RedirectUri is, but PostLogoutRedirectUri doesn't matter
            o.RequireHttpsMetadata = false; //fix to runtime error
        });

        //Played with Core API fix for the hell of it.
        //.AddIdentityServerAuthentication(o =>
        //{
        //    o.Authority = "http://localhost/identity/";
        //    //o.ApiName = "actual value here";
        //    o.LegacyAudienceValidation = true;
        //    o.RequireHttpsMetadata = true;
        //});
}

Answer 1

The answer provided by Pedro The Kid on this thread solved my problem. The removal of the RedirectUri attribute can be compensated for by adding an event listener. For your convenience, an excerpt from Pedro's follows:

x.Events.OnRedirectToIdentityProvider = async n =>
{
    n.ProtocolMessage.RedirectUri = <Redirect URI string>;
    await Task.FromResult(0);
}

Edit: The above solution actual caused an endless loop of the login page loading a bunch of times. The following solution did not cause that problem:

o.CallbackPath = "/home/index/";