Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration with On-Premises ADFS #18639

Closed
luckerby opened this issue Jan 28, 2020 · 20 comments
Closed

Integration with On-Premises ADFS #18639

luckerby opened this issue Jan 28, 2020 · 20 comments
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer ✔️ Resolution: Answered Resolved because the question asked by the original author has been answered. question Status: Resolved
Milestone
Discussions

Comments

@luckerby
Copy link

First, I do realize this has been discussed in the past. Yet some time has passed and maybe now there's a solution. Someone mentioned finding a way to move forward, but not a lot of details were provided.

I'm using .NET Core 3.0 with Microsoft.AspNetCore.Authentication.WSFederation 3.0.2 and using the instructions here, in order to get an ASP.NET Core app to successfully authenticate against an ADFS on-prem instance. The ADFS relying party is configured successfully and the details (metadata and RP URI) are inserted into the code. However while starting the project within Visual Studio 2019 (against a local IISExpress instance) it throws an exception, whose details follow.

System.AggregateException
  HResult=0x80131500
  Message=Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ITwoFactorSecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.TwoFactorSecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserClaimsPrincipalFactory`2[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IRoleStore`1[Microsoft.AspNetCore.Identity.IdentityRole]' while attempting to activate 'Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.Extensions.Options.IPostConfigureOptions`1[Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions] Lifetime: Singleton ImplementationType: Microsoft.AspNetCore.Authentication.WsFederation.WsFederationPostConfigureOptions': Could not load file or assembly 'Microsoft.AspNetCore.DataProtection.Abstractions, Version=3.0.2.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. The system cannot find the file specified.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler Lifetime: Transient ImplementationType: Microsoft.AspNetCore.Authentication.WsFederation.WsFederationHandler': Could not load file or assembly 'Microsoft.AspNetCore.DataProtection.Abstractions, Version=3.0.2.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. The system cannot find the file specified.)
  Source=Microsoft.Extensions.DependencyInjection
  StackTrace:
   at Microsoft.Extensions.DependencyInjection.ServiceProvider..ctor(IEnumerable`1 serviceDescriptors, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceProvider.cs:line 86
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionContainerBuilderExtensions.BuildServiceProvider(IServiceCollection services, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceCollectionContainerBuilderExtensions.cs:line 59
   at Microsoft.Extensions.DependencyInjection.DefaultServiceProviderFactory.CreateServiceProvider(IServiceCollection containerBuilder) in /_/src/DependencyInjection/DI/src/DefaultServiceProviderFactory.cs:line 46
   at Microsoft.Extensions.Hosting.Internal.ServiceFactoryAdapter`1.CreateServiceProvider(Object containerBuilder) in /_/src/Hosting/Hosting/src/Internal/ServiceFactoryAdapter.cs:line 47
   at Microsoft.Extensions.Hosting.HostBuilder.CreateServiceProvider() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 233
   at Microsoft.Extensions.Hosting.HostBuilder.Build() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 133
   at NewClaimsDataTakeThree.Program.Main(String[] args) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Program.cs:line 16

Inner Exception 1:
InvalidOperationException: Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.

Inner Exception 2:
InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.
@luckerby
Copy link
Author

luckerby commented Jan 28, 2020
edited

Noticed that the exception in my original post referred to an assembly unable to be loaded - Microsoft.AspNetCore.DataProtection.Abstractions. I've installed the NuGet package for this (used version 3.0.2) and tried again. This time the exception changed as follows:

System.AggregateException
  HResult=0x80131500
  Message=Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ITwoFactorSecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.TwoFactorSecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserClaimsPrincipalFactory`2[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IRoleStore`1[Microsoft.AspNetCore.Identity.IdentityRole]' while attempting to activate 'Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole]'.)
  Source=Microsoft.Extensions.DependencyInjection
  StackTrace:
   at Microsoft.Extensions.DependencyInjection.ServiceProvider..ctor(IEnumerable`1 serviceDescriptors, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceProvider.cs:line 86
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionContainerBuilderExtensions.BuildServiceProvider(IServiceCollection services, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceCollectionContainerBuilderExtensions.cs:line 59
   at Microsoft.Extensions.DependencyInjection.DefaultServiceProviderFactory.CreateServiceProvider(IServiceCollection containerBuilder) in /_/src/DependencyInjection/DI/src/DefaultServiceProviderFactory.cs:line 46
   at Microsoft.Extensions.Hosting.Internal.ServiceFactoryAdapter`1.CreateServiceProvider(Object containerBuilder) in /_/src/Hosting/Hosting/src/Internal/ServiceFactoryAdapter.cs:line 47
   at Microsoft.Extensions.Hosting.HostBuilder.CreateServiceProvider() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 233
   at Microsoft.Extensions.Hosting.HostBuilder.Build() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 133
   at NewClaimsDataTakeThree.Program.Main(String[] args) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Program.cs:line 16

Inner Exception 1:
InvalidOperationException: Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.

Inner Exception 2:
InvalidOperationException: Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]' while attempting to activate 'Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]'.

@mkArtakMSFT mkArtakMSFT added the area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer label Jan 29, 2020
@blowdart
Copy link
Contributor

Can we see your dependencies?

@analogrelay analogrelay added the Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. label Jan 30, 2020
@luckerby
Copy link
Author

luckerby commented Feb 3, 2020

@blowdart: Would the snapshot below do, or should I export the full inner dependency list from something like the project/solution file ?

image

@ghost ghost added Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. and removed Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. labels Feb 3, 2020
@blowdart
Copy link
Contributor

blowdart commented Feb 3, 2020

That's fine. Could we also get your startup.cs

@luckerby
Copy link
Author

luckerby commented Feb 3, 2020

Contents here.

I had to take out .AddEntityFrameworkStores<ApplicationDbContext>() initially since I wasn't getting anywhere (the code would not compile).

@luckerby
Copy link
Author

luckerby commented Feb 3, 2020

@blowdart ...and happy 10 year anniversary at MS ! :)

@blowdart
Copy link
Contributor

blowdart commented Feb 3, 2020

Weird. @Tratcher any ideas here?

@Tratcher
Copy link
Member

Tratcher commented Feb 3, 2020

Unable to resolve service for type 'Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser]'

...

I had to take out .AddEntityFrameworkStores<ApplicationDbContext>() initially since I wasn't getting anywhere (the code would not compile).

It's AddEntityFrameworkStores that adds IUserStore, you'll need to put that back. Maybe it will work now that you fixed the other error.

@luckerby
Copy link
Author

luckerby commented Feb 3, 2020
edited

@Tratcher the issue is this - if I uncomment .AddEntityFrameworkStores<ApplicationDbContext>() then I run into 2 errors:

  • Error CS1061 'IdentityBuilder' does not contain a definition for 'AddEntityFrameworkStores' and no accessible extension method 'AddEntityFrameworkStores' accepting a first argument of type 'IdentityBuilder' could be found (are you missing a using directive or an assembly reference?)
  • Error CS0246 The type or namespace name 'ApplicationDbContext' could not be found (are you missing a using directive or an assembly reference?)

Visual Studio - usually apt of solving such things - presents the fix below, which I'm having serious doubts it's the right way to go about it:

image

@Tratcher
Copy link
Member

Tratcher commented Feb 3, 2020

  • Error CS1061 'IdentityBuilder' does not contain a definition for 'AddEntityFrameworkStores' and no accessible extension method 'AddEntityFrameworkStores' accepting a first argument of type 'IdentityBuilder' could be found (are you missing a using directive or an assembly reference?)

Sounds like you're missing a package reference to Microsoft.AspNetCore.Identity.EntityFrameworkCore.

  • Error CS0246 The type or namespace name 'ApplicationDbContext' could not be found (are you missing a using directive or an assembly reference?)

You should have that file in your app. Here's the one from the template:

aspnetcore/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/Data/ApplicationDbContext.cs

Line 9 in 36267e8

public class ApplicationDbContext : IdentityDbContext

@luckerby
Copy link
Author

luckerby commented Feb 4, 2020

@Tratcher I've included the class definition in the Startup.cs, so that the file now looks like this. Yet the exception looks even more verbose now:

System.AggregateException
  HResult=0x80131500
  Message=Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ITwoFactorSecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.TwoFactorSecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserClaimsPrincipalFactory`2[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.UserManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SignInManager`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.RoleManager`1[Microsoft.AspNetCore.Identity.IdentityRole]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.RoleStore`5[Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.IUserStore`1[Microsoft.AspNetCore.Identity.IdentityUser] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.) (Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.IRoleStore`1[Microsoft.AspNetCore.Identity.IdentityRole] Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.EntityFrameworkCore.RoleStore`5[Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.RoleStore`5[Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.)
  Source=Microsoft.Extensions.DependencyInjection
  StackTrace:
   at Microsoft.Extensions.DependencyInjection.ServiceProvider..ctor(IEnumerable`1 serviceDescriptors, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceProvider.cs:line 83
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionContainerBuilderExtensions.BuildServiceProvider(IServiceCollection services, ServiceProviderOptions options) in /_/src/DependencyInjection/DI/src/ServiceCollectionContainerBuilderExtensions.cs:line 59
   at Microsoft.Extensions.DependencyInjection.DefaultServiceProviderFactory.CreateServiceProvider(IServiceCollection containerBuilder) in /_/src/DependencyInjection/DI/src/DefaultServiceProviderFactory.cs:line 46
   at Microsoft.Extensions.Hosting.Internal.ServiceFactoryAdapter`1.CreateServiceProvider(Object containerBuilder) in /_/src/Hosting/Hosting/src/Internal/ServiceFactoryAdapter.cs:line 47
   at Microsoft.Extensions.Hosting.HostBuilder.CreateServiceProvider() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 233
   at Microsoft.Extensions.Hosting.HostBuilder.Build() in /_/src/Hosting/Hosting/src/HostBuilder.cs:line 133
   at NewClaimsDataTakeThree.Program.Main(String[] args) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Program.cs:line 16

Inner Exception 1:
InvalidOperationException: Error while validating the service descriptor 'ServiceType: Microsoft.AspNetCore.Identity.ISecurityStampValidator Lifetime: Scoped ImplementationType: Microsoft.AspNetCore.Identity.SecurityStampValidator`1[Microsoft.AspNetCore.Identity.IdentityUser]': Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.

Inner Exception 2:
InvalidOperationException: Unable to resolve service for type 'NewClaimsDataTakeThree.ApplicationDbContext' while attempting to activate 'Microsoft.AspNetCore.Identity.EntityFrameworkCore.UserStore`9[Microsoft.AspNetCore.Identity.IdentityUser,Microsoft.AspNetCore.Identity.IdentityRole,NewClaimsDataTakeThree.ApplicationDbContext,System.String,Microsoft.AspNetCore.Identity.IdentityUserClaim`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserRole`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserLogin`1[System.String],Microsoft.AspNetCore.Identity.IdentityUserToken`1[System.String],Microsoft.AspNetCore.Identity.IdentityRoleClaim`1[System.String]]'.

@Tratcher
Copy link
Member

Tratcher commented Feb 4, 2020

Looks like you're still missing this line from the template:

            services.AddDbContext<ApplicationDbContext>(options =>
                options.UseSqlServer(
                    Configuration.GetConnectionString("DefaultConnection")));

aspnetcore/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs

Lines 56 to 59 in 36267e8

services.AddDbContext<ApplicationDbContext>(options =>
#if (UseLocalDB)
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));

You're also missing app.UseAuthentication() just above app.UseAuthorization().

aspnetcore/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs

Line 153 in 36267e8

app.UseAuthentication();

https://gist.github.com/luckerby/32c86716ba877f2b3eb170ce2bb3e64d#file-startup-cs-L77

How did you get into this state? Did you create an app without any authentication and then try to add it later? It's not clear that you're intentionally using Identity, WsFed doesn't require it. There's a later section in the doc that shows the simplified setup. (I'm going to ask them to move that up...)
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-3.1#use-ws-federation-without-aspnet-core-identity

@Tratcher Tratcher mentioned this issue Feb 4, 2020
Closed
@luckerby
Copy link
Author

luckerby commented Feb 4, 2020
edited

@Tratcher Ok, how did I end up here. I was using a simplistic app, consisting of just 2 lines of C# code that - using a WsFed relying party on an ADFS on-prem server - would simply print all the claims in a text based output. Visual Studio 2012 was used (back when the Identity wizard was still around). WebDeploy worked great against the servers I needed. Fast forward to VS 2019 and IIS target servers running on Windwos Server 2019, and I'm running into issues with WebDeploy. Therefore it appears I'm faced with 3 options:

  • fix somehow WebDeploy and keep pushing from the VS 2012 machine: not feasible long-term
  • use "classic" ASP.NET (as in non-Core): I'm running into issues with web.config and a "target audience" message that just won't go away
  • use ASP.NET Core

Since the 3rd option would be wisest going forward, this is how I got to where I am. What I'm sensing however is that there's just too much code to write for getting something simple to work. I also can't quite figure out why "sql" classes should up in the config. Or maybe I'm just looking at things from the wrong angle.
Bottom line is that I don't want to waste your time. If - based on the above - I should go read some basic articles, any pointers would be appreciated. Or if the section you mentioned in your last reply would be the best way of moving forward, I'll try that.
What's annoying is that I'm aware of the basics and been looking at countless tokens using Fiddler for quite a while. Even so more annoying that I can't replicate those 2 lines of code to get the basic requirement :)

@Tratcher
Copy link
Member

Tratcher commented Feb 4, 2020

Yeah, you want a simpler setup.

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(sharedOptions =>
    {
        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
    })
    .AddWsFederation(options =>
    {
        options.Wtrealm = Configuration["wsfed:realm"];
        options.MetadataAddress = Configuration["wsfed:metadata"];
    })
    .AddCookie();

     services.AddAuthorization(options =>
     {
          options.FallbackPolicy = options.DefaultPolicy;
     });
}

public void Configure(IApplicationBuilder app)
{
            // ...
            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
}

Or look at the one I use for testing:
https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authentication/WsFederation/samples/WsFedSample/Startup.cs

@luckerby
Copy link
Author

luckerby commented Feb 5, 2020

First, in order to eliminate any wrong assumptions on my side: I've rewritten the realm/metadata values in the corresponding lines as such:

options.Wtrealm = Configuration["wsfed:https://localhost:44300/"];
options.MetadataAddress = Configuration["wsfed:https://sts.mydomain.com/FederationMetadata/2007-06/FederationMetadata.xml"];

Next I got the following exception:

System.InvalidOperationException
  HResult=0x80131509
  Message=Unable to find the required services. Please add all the required services by calling 'IServiceCollection.AddControllers' inside the call to 'ConfigureServices(...)' in the application startup code.
  Source=Microsoft.AspNetCore.Mvc.Core
  StackTrace:
   at Microsoft.AspNetCore.Builder.ControllerEndpointRouteBuilderExtensions.EnsureControllerServices(IEndpointRouteBuilder endpoints) in /_/src/Mvc/Mvc.Core/src/Builder/ControllerEndpointRouteBuilderExtensions.cs:line 508
   at Microsoft.AspNetCore.Builder.ControllerEndpointRouteBuilderExtensions.MapControllerRoute(IEndpointRouteBuilder endpoints, String name, String pattern, Object defaults, Object constraints, Object dataTokens) in /_/src/Mvc/Mvc.Core/src/Builder/ControllerEndpointRouteBuilderExtensions.cs:line 100
   at NewClaimsDataTakeThree.Startup.<>c.<Configure>b__5_0(IEndpointRouteBuilder endpoints) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Startup.cs:line 98
   at Microsoft.AspNetCore.Builder.EndpointRoutingApplicationBuilderExtensions.UseEndpoints(IApplicationBuilder builder, Action`1 configure) in /_/src/Http/Routing/src/Builder/EndpointRoutingApplicationBuilderExtensions.cs:line 96
   at NewClaimsDataTakeThree.Startup.Configure(IApplicationBuilder app, IWebHostEnvironment env) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Startup.cs:line 96
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) in /_/src/System.Private.CoreLib/src/System/Reflection/RuntimeMethodInfo.cs:line 469
   at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder) in /_/src/Hosting/Hosting/src/Internal/ConfigureBuilder.cs:line 31
   at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder) in /_/src/Hosting/Hosting/src/Internal/ConfigureBuilder.cs:line 20
   at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass13_0.<UseStartup>b__2(IApplicationBuilder app) in /_/src/Hosting/Hosting/src/GenericHost/GenericWebHostBuilder.cs:line 287
   at Microsoft.AspNetCore.Server.IIS.Core.IISServerSetupFilter.<>c__DisplayClass2_0.<Configure>b__0(IApplicationBuilder app) in /_/src/Servers/IIS/IIS/src/Core/IISServerSetupFilter.cs:line 35
   at Microsoft.AspNetCore.HostFilteringStartupFilter.<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app) in /_/src/DefaultBuilder/src/HostFilteringStartupFilter.cs:line 18
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.<StartAsync>d__31.MoveNext() in /_/src/Hosting/Hosting/src/GenericHost/GenericWebHostedService.cs:line 104
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/System.Private.CoreLib/shared/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 63
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 180
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 151
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 474
   at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>d__9.MoveNext() in /_/src/Hosting/Hosting/src/Internal/Host.cs:line 50
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/System.Private.CoreLib/shared/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 63
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 180
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 151
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult() in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 107
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext() in /_/src/Hosting/Abstractions/src/HostingAbstractionsHostExtensions.cs:line 64
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/System.Private.CoreLib/shared/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 63
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.<RunAsync>d__4.MoveNext() in /_/src/Hosting/Abstractions/src/HostingAbstractionsHostExtensions.cs:line 76
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/System.Private.CoreLib/shared/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 63
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 180
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 151
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult() in /_/src/System.Private.CoreLib/shared/System/Runtime/CompilerServices/TaskAwaiter.cs:line 107
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) in /_/src/Hosting/Abstractions/src/HostingAbstractionsHostExtensions.cs:line 50
   at NewClaimsDataTakeThree.Program.Main(String[] args) in C:\Users\malbert\Source\Repos\NewClaimsDataTakeThree\NewClaimsDataTakeThree\Program.cs:line 16

As explicitly mentioned, I've added the controllers using services.AddControllers() at the end of the ConfigureServices method. Now I'm running into this:

InvalidOperationException: Provide MetadataAddress, Configuration, or ConfigurationManager to WsFederationOptions
Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions.Validate()

Which seems to indicate that either I haven't provided the settings wrong, or I've used some wrong syntax in the first 2 lines I've pasted.

@Tratcher
Copy link
Member

Tratcher commented Feb 5, 2020

First, in order to eliminate any wrong assumptions on my side: I've rewritten the realm/metadata values in the corresponding lines as such:

options.Wtrealm = Configuration["wsfed:https://localhost:44300/"];
options.MetadataAddress = Configuration["wsfed:https://sts.mydomain.com/FederationMetadata/2007-06/FederationMetadata.xml"];

...
As explicitly mentioned, I've added the controllers using services.AddControllers() at the end of the ConfigureServices method. Now I'm running into this:

InvalidOperationException: Provide MetadataAddress, Configuration, or ConfigurationManager to WsFederationOptions
Microsoft.AspNetCore.Authentication.WsFederation.WsFederationOptions.Validate()

Which seems to indicate that either I haven't provided the settings wrong, or I've used some wrong syntax in the first 2 lines I've pasted.

You'd give direct values like this:

options.Wtrealm = "https://localhost:44300/";
options.MetadataAddress = "https://sts.mydomain.com/FederationMetadata/2007-06/FederationMetadata.xml";

@Tratcher Tratcher added Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. and removed Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. labels Feb 5, 2020
@ghost
Copy link

ghost commented Feb 9, 2020

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.

@luckerby
Copy link
Author

Will test this tomorrow and post back. Sorry about the delay.

@ghost ghost added Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. and removed Needs: Author Feedback The author of this issue needs to respond in order for us to continue investigating this issue. Status: No Recent Activity labels Feb 12, 2020
@analogrelay analogrelay added this to the Discussions milestone Feb 13, 2020
@analogrelay analogrelay added question and removed Needs: Attention 👋 This issue needs the attention of a contributor, typically because the OP has provided an update. labels Feb 13, 2020
@luckerby
Copy link
Author

@Tratcher thank you for all your help and patience. It's now working as expected.

If someone else comes across this, I've pasted the final version of Startup.cs I've used here.

The Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true in the code above only served to debug a misconfigured relying party id.

@Tratcher Tratcher added the ✔️ Resolution: Answered Resolved because the question asked by the original author has been answered. label Feb 13, 2020
@ghost ghost added the Status: Resolved label Feb 13, 2020
@ghost
Copy link

ghost commented Feb 14, 2020

This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.

See our Issue Management Policies for more information.

@ghost ghost closed this as completed Feb 14, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Mar 24, 2020
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer ✔️ Resolution: Answered Resolved because the question asked by the original author has been answered. question Status: Resolved
Projects
None yet
Milestone
Discussions
Development

No branches or pull requests
5 participants
@analogrelay @blowdart @Tratcher @luckerby @mkArtakMSFT