I have two different clients with diffrent domains. And i have identity server hosting different domains. Like this;
client1.com, client2.com (client domains) , auth.client1.com (identity server domain).
Silent renew works on client1.com. But on client2.com when try to silent renew it's gives an error and whole page become empty.
Error is;
"Error: AuthCallback AuthResult came with error: login_required".
Am i missing something?
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.ConfigureNonBreakingSameSiteCookies();
services.AddControllersWithViews();
string migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
string connectionString = "<connectionString>"
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b => b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
options.EnableTokenCleanup = true;
}).AddAspNetIdentity<ApplicationUser>(); ;
string cerFileName = "<cerFileName>";
string cerPassword = "<cerPassword>"
if (Environment.IsDevelopment())
{
string fileName = Path.Combine(Environment.ContentRootPath, "tempkey.rsa");
builder.AddDeveloperSigningCredential(filename: fileName);
}
else
{
// string fileName = Path.Combine(Environment.ContentRootPath, "<file>");
if (!File.Exists(cerFileName))
{
throw new FileNotFoundException("Signing Certificate is missing!");
}
X509Certificate2 cert = new X509Certificate2(cerFileName, cerPassword, X509KeyStorageFlags.MachineKeySet);
//X509Certificate2 cert = new X509Certificate2(fileName, "", X509KeyStorageFlags.MachineKeySet);
builder.AddSigningCredential(cert);
Console.WriteLine("###Certificate is done");
}
string authorityUrl = Configuration.GetValue<string>("<AuthorityUrl>");
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwt =>
{
jwt.Authority = authorityUrl;
jwt.TokenValidationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
};
jwt.RequireHttpsMetadata = false;
});
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));
}
public void Configure(IApplicationBuilder app)
{
using (var scope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
{
SeedData.EnsureSeedData(scope.ServiceProvider, Configuration);
}
app.UseCookiePolicy();
if (Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
///app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}