Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in handling Authentication failed event #32

Closed
Last8Exile opened this issue Mar 25, 2021 · 1 comment
Closed

Error in handling Authentication failed event #32

Last8Exile opened this issue Mar 25, 2021 · 1 comment

Comments

@Last8Exile
Copy link

I'm testing authentication logic. JWT token expired and validation system produced exception:
IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.

OnAuthenticationFailed handler called and response started with status code 500
Then OnChallenge handler called.
On row context.Response.StatusCode = 401; i got InvalidOperationException because response already started.

o.Events = new JwtBearerEvents()
{
    OnAuthenticationFailed = c =>         //Called first   <<---------------------
    {
        c.NoResult();
        c.Response.StatusCode = 500;
        c.Response.ContentType = "text/plain";
        return c.Response.WriteAsync(c.Exception.ToString());
    },
    OnChallenge = context =>             //Called second  <<---------------------
    {
        context.HandleResponse();
        context.Response.StatusCode = 401;                           // Exception here because response alredy started 
        context.Response.ContentType = "application/json";
        var result = JsonConvert.SerializeObject(new Response<string>("You are not Authorized"));
        return context.Response.WriteAsync(result);
    },
    OnForbidden = context =>
    {
        context.Response.StatusCode = 403;
        context.Response.ContentType = "application/json";
        var result = JsonConvert.SerializeObject(new Response<string>("You are not authorized to access this resource"));
        return context.Response.WriteAsync(result);
    },
};

So, in that template authentication done somewhat wrong and won't work at all after token expiration.
Client do not receive any responce from server (status code = 0, error = Failed receive response stream)
@development-pubinno
Copy link

development-pubinno commented Apr 14, 2021
edited
Loading

Hi @Last8Exile,
The problem is OnAuthenticationFailed and OnChallenge both try to manipulate StatusCode, ContentType. In production, you dont want to print your internal exception, so I fix it by remowving logic under OnAuthenticationFailed.

OnAuthenticationFailed = context => { return Task.CompletedTask; },

@supermun supermun mentioned this issue Jun 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Last8Exile @development-pubinno