You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm testing authentication logic. JWT token expired and validation system produced exception: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.
OnAuthenticationFailed handler called and response started with status code 500
Then OnChallenge handler called.
On row context.Response.StatusCode = 401; i got InvalidOperationException because response already started.
o.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = c => //Called first <<---------------------
{
c.NoResult();
c.Response.StatusCode = 500;
c.Response.ContentType = "text/plain";
return c.Response.WriteAsync(c.Exception.ToString());
},
OnChallenge = context => //Called second <<---------------------
{
context.HandleResponse();
context.Response.StatusCode = 401; // Exception here because response alredy started
context.Response.ContentType = "application/json";
var result = JsonConvert.SerializeObject(new Response<string>("You are not Authorized"));
return context.Response.WriteAsync(result);
},
OnForbidden = context =>
{
context.Response.StatusCode = 403;
context.Response.ContentType = "application/json";
var result = JsonConvert.SerializeObject(new Response<string>("You are not authorized to access this resource"));
return context.Response.WriteAsync(result);
},
};
So, in that template authentication done somewhat wrong and won't work at all after token expiration.
Client do not receive any responce from server (status code = 0, error = Failed receive response stream)
The text was updated successfully, but these errors were encountered:
Hi @Last8Exile,
The problem is OnAuthenticationFailed and OnChallenge both try to manipulate StatusCode, ContentType. In production, you dont want to print your internal exception, so I fix it by remowving logic under OnAuthenticationFailed.
I'm testing authentication logic. JWT token expired and validation system produced exception:
IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.
OnAuthenticationFailed handler called and response started with status code 500
Then OnChallenge handler called.
On row
context.Response.StatusCode = 401;
i got InvalidOperationException because response already started.So, in that template authentication done somewhat wrong and won't work at all after token expiration.
Client do not receive any responce from server (status code = 0, error = Failed receive response stream)
The text was updated successfully, but these errors were encountered: