Comments (5)
My guess would be that you have Same Site issues with the OpenID connect cookie. It's probably being removed and then authentication will fail as it can't check the antiforgery token.
There's more information about it here: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
If it's the case, then this is something you need to fix on your end and isn't a bug in this library.
from aspnet.security.openid.providers.
@martincostello fixed with your link. Thank you very much, ill never find that issue alone.
from aspnet.security.openid.providers.
Can you please provide error logs for the 500s? Otherwise there's not much to go on to help.
from aspnet.security.openid.providers.
@martincostello I can't see any Logs... I don't know why, is your library logging errors?
BTW i saw that its 500 always when i see this confirmation screen:
from aspnet.security.openid.providers.
@martincostello okay i have logs. It looks like some antiforgery problem, bout shouldn't it default throws 401 error?
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET http://localhost.pl:50000/signin-steam?state=CfDJ8HbqQfhQ7aZKt8GCIpM9OMjfmcardDJLv3W9vpsweRxfg8FSe2j888_pWRTGDBvr6InIWR1Huvp2PErAPt8iG60-FjIG4nzffkrWyHXePrD6T3KOFRej12_mmlWQkjqkfKNWkLP1JBFFYv5gCaHIvrJhfuLM5lKdf-QXItW0nrFucWhhcX2hy1EvEFwpJPmhJwV7uq_db55EcLnzAnyZbM55Nb9_ixdCzI01FUy2ByxDmyZ92fol2H57coRHrBjAUoiJSY_nwullb-2UD7WDIXwwaW7Hu6IEXvx2l35ZoMiq&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Flogin&openid.claimed_id=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Fid%2F76561198120154806&openid.identity=https%3A%2F%2Fsteamcommunity.com%2Fopenid%2Fid%2F76561198120154806&openid.return_to=http%3A%2F%2Flocalhost.pl%3A50000%2Fsignin-steam%3Fstate%3DCfDJ8HbqQfhQ7aZKt8GCIpM9OMjfmcardDJLv3W9vpsweRxfg8FSe2j888_pWRTGDBvr6InIWR1Huvp2PErAPt8iG60-FjIG4nzffkrWyHXePrD6T3KOFRej12_mmlWQkjqkfKNWkLP1JBFFYv5gCaHIvrJhfuLM5lKdf-QXItW0nrFucWhhcX2hy1EvEFwpJPmhJwV7uq_db55EcLnzAnyZbM55Nb9_ixdCzI01FUy2ByxDmyZ92fol2H57coRHrBjAUoiJSY_nwullb-2UD7WDIXwwaW7Hu6IEXvx2l35ZoMiq&openid.response_nonce=2020-03-27T12%3A32%3A38ZKRZvcJ98MWD9dIL1soVv0mjvsBI%3D&openid.assoc_handle=1234567890&openid.signed=signed%2Cop_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=eHczmOt9clwHCcmxTefKfTDWk7A%3D
warn: AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[15]
'.AspNetCore.Correlation.Steam.vkHFVBan4Z4ToVlIpR9usDFOKw-uUlOOfgMPVE2jDg8' cookie not found.
info: AspNet.Security.OpenId.Steam.SteamAuthenticationHandler[4]
Error from RemoteAuthentication: The authentication response was rejected because the anti-forgery token was invalid..
fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HLUI9BMQ1S7D", Request id "0HLUI9BMQ1S7D:00000004": An unhandled exception was thrown by the application.
System.Exception: An error was encountered while handling the remote login.
---> System.Exception: The authentication response was rejected because the anti-forgery token was invalid.
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 6.321000000000001ms 500
from aspnet.security.openid.providers.
Related Issues (20)
- How to use options pattern in service registration? HOT 2
- Newtonsoft Json assembly manifest mismatch? HOT 2
- [Question] How to get the user's Steam ID HOT 3
- [Question] How to get the user profile object after authentication HOT 1
- CallbackPaths not defined HOT 2
- Blazor Wasm + Web API -> how to return Steam details to Blazor WASM HOT 1
- Blazor Server app doesn't find/execute the login endpoint when tested outside of Visual Studio HOT 1
- ASP.NET Core 6 Support HOT 1
- ASP.NET Core 7 Support HOT 1
- Is there any way I can login to asp.net using an API using a steam token HOT 1
- Issues trying to get the AddSteam command to work with .NET 7 Angular SPA template HOT 2
- Key value parsing in `VerifyAssertionAsync` is not strictly correct HOT 1
- 'HttpContext' does not contain a definition for 'GetExternalProvidersAsync' or for 'IsProviderSupportedAsync' HOT 1
- ASP.NET Core 8 Support HOT 1
- Can I issue my own JWT token when signing in user? HOT 1
- Authority URL works only on localhost. HOT 1
- Antiforgery issue when hosted in AWS ECS HOT 3
- sgID provider HOT 1
- ASP.NET 5 Support HOT 2
- Steam sign in works after second try HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnet.security.openid.providers.