asp.net-mvciisasp.net-coreidentityserver3identityserver4

Identity Server Endpoints OIDC


I am using Identity server and hosting it under IIS. It was working fine when hosted directly under http://localhost:44431

Step 1: call http://localhost:44431/account/login?returnUrl=/connect/authorize/login?respone_type.... Step 2: Then it goes to the Authorize Endpoint and a return a token

Probelm hosting under localhost\id:

However, when I deploy the application on IIS under Default Web site as localhost\id. It stops working.

Step 1: Calling http://localhost/id/account/login?returnUrl=/connect/authorize/login?respone_type....

>> Inspecting the Request Headers:

enter image description here

>> Response Header:

enter image description here

>> Open Id Configuration at http://localhost/id/.well-known/openid-configuration

  "authorization_endpoint":"http://localhost/id/connect/authorize",

Step 2: Calling the /connect/authorize endpoint:

>> Inspecting the Headers:

enter image description here

It didn't include the id virtual directory, that's why it is failing. where in the process I have to fix this?


Solution

  • I'm not able to reproduce your problem, but I did start from scratch hosting IdentityServer4 in IIS. The steps I followed for setup are below.

    1. Cloned IdentityServer4.Samples. Launch Quickstarts/3_ImplicitFlowAuthentication solution: https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/3_ImplicitFlowAuthentication
    2. Created an application in IIS with the path as '/id' with the AppPool set to 'No Managed Code'
    3. Ran 'dotnet publish' on the IdentityServer4 project and moved the output to the IIS app root's folder
    4. Changed the Authority URL in the MvcClient project to point to localhost/id

      app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
      {
          AuthenticationScheme = "oidc",
          SignInScheme = "Cookies",
          Authority = "http://localhost/id",
          RequireHttpsMetadata = false,
          ClientId = "mvc",
          SaveTokens = true
      });
      
    5. Load the MvcClient application and navigate to a route with the 'Authorize' filter. The redirect occurred properly with the appropriate virtual directory

    Check to see if the proper path is being output by IdentityServer by going to the openid-configuration page: http://localhost/id/.well-known/openid-configuration

    Are you running IdentityServer4 and an MVC app in the same project? If so, are you using relative paths for the OpenIdConnectOptions.Authority property? Try changing it to an absolute path and see if that fixes the problem. I'm thinking this might be the case, because your request URL does not include the /id path in the redirect uri:

    http://localhost/id/account/login?**returnUrl=/connect/authorize/login**?respone_type
    

    The correct path of course should be:

    http://localhost/id/account/login?**returnUrl=/id/connect/authorize/login**?respone_type
    

    Hope this helps! Please let me know