Giters

aspnet-contrib / AspNet.Security.OpenId.Providers

OpenID 2.0 authentication middleware for ASP.NET Core

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[15] cookie not found.

Rysik5318 opened this issue · comments

commented

Describe the bug
I used examaple in your github.
Everything works fine on localhost, but on hosting it displays an error -

warn: AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[15]
      '.AspNetCore.Correlation.FN07PveE1rsK2IsgyCPuDYdU49H3_TL3yIc8wyE0zRw' cookie not found.
info: AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[4]
      Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HN4954KSODKP", Request id "0HN4954KSODKP:00000003": An unhandled exception was thrown by the application.
      Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
       ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: The authentication response was rejected because the anti-forgery token was invalid.
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[15]

Steps To reproduce
I'm using a run like this - dotnet WebPanel.dll --urls "http://193.164.17.231:5001/"

Expected behaviour
HTTP ERROR 500 is displayed

Actual behaviour
Either no cookies or anti-forgery token not found

System information:

  • OS: ubuntu
  • Library Version 8.0.0 (Last)
  • .NET version 8.0.301

Additional context
Add any other context about the problem here.

commented

Have you appropriately configured Data Protection to store keys in a way that work correctly when deployed remotely (e.g. so that data protection keys aren't lost when a container restarts or you promote a new deployment)?

The warning about a missing correlation cookie might be due to SameSite configuration issues.

In both cases, these are issues related to the configuration of ASP.NET Core Authentication, and not an issue with the Steam authentication handler itself.