1

I have 2 asp.net core 3.1 applications. one of them is an IdentityServer and the other one is a Client which make OpenID Connect to IdentityServer if action method have Authorize Attribute.

  1. My IdentityServer has nothing strange. There are just some InMemory Clients and Users:
// User 1
{
   "SubjectId": 1,
   "Username": "MyName",
   "Password": "MyPassword"
}

// Client 1
{
   "ClientId": "ClientID",
   "ClientName": "This is MVC1 Client",
   "ClientSecrets": [{
       "Value": "ClientSecret"
    }],
   "AllowedGrantTypes": [ "authorization_code" ],
   "RedirectUris": [ "http://localhost:7573/signin-oidc" ],
   "PostLogoutRedirectUris": [ "http://localhost:7573/signin-oidc" ],
   "AllowedScopes": [
       "openid",
       "profile",
       "address",
       "email",
       "phone"
    ],
    "RequirePkce": true,
    "AllowPlainTextPkce": false
}
  1. And this is my Client application:
services
        .AddAuthentication(options => {
              options.DefaultScheme = "Cookie";
              options.DefaultChallengeScheme = "OIDC";})

        .AddCookie("Cookie")
        .AddOpenIdConnect("OIDC", options => { // This config used for Authentication
              options.SignInScheme = "Cookie";
              options.SignOutScheme = "Cookie";

              options.Authority = "http://192.168.34.33:80"; // My remote Server
              options.RequireHttpsMetadata = false;

              options.ClientId = "MVC1";
              options.ClientSecret = "MVC1";

              options.ResponseType = "code";
              options.UsePkce = true;

              options.SaveTokens = true;

              options.ResponseMode = "query";

              options.CallbackPath = "/signin-oidc";

              options.Scope.Clear();
              options.Scope.Add("openid");
              options.Scope.Add("profile");
              options.Scope.Add("email");
              options.Scope.Add("address");
              options.Scope.Add("phone");
      });

And This Configuration WORK Well with HTTP But NOT HTTPS

enter image description here
when i press login, it work ok and after authentication, redirect me back to the client

The problem is when i change Authority URL to HTTPS, I receive a remote certificate error and its right, because there is no valid certificate in my IIS
So:

  1. I create a self signed certificate in my IIS and Bind it to my Project:

enter image description here

  1. And also i add this certificate to my trusted root certification authorities of client machine:

    enter image description here

  2. I change options.Authority and options.RequireHttpsMetadata to this:

    options.Authority = "https://192.168.34.33:4430"; // My remote Server
    options.RequireHttpsMetadata = true;

Now when i click on Privacy button in my client application (Authorize action method), i see certificate error:

enter image description here

Please Help Me. I Really Really Need Help. Thank You :))

Ali Abbasifard
  • 398
  • 4
  • 22

1 Answers1

1

You can't use the IP-address and HTTPS together, like here:

   options.Authority = "https://192.168.34.33:4430"; // My remote Server
   options.RequireHttpsMetadata = true;

To get TLS/HTTPS to work, you must have the domain name of the server. Otherwise, who can the client know who it is talking to?

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40