aspnet / aspnetkatana Goto Github PK
View Code? Open in Web Editor NEWMicrosoft's OWIN implementation, the Katana project
License: Apache License 2.0
Microsoft's OWIN implementation, the Katana project
License: Apache License 2.0
I have updated to RC 3.1.0 however seem am still getting issues authenticating.
This is the output from a fiddler:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
9452 200 HTTP **foo.bar.com** /Account/Login 7,712 no-cache, no-store; Expires: -1 text/html; charset=utf-8 firefox:17268
9675 200 HTTP **foo.bar.com** /__browserLink/requestData/29b5633f81424b548a2fc4f5842c9006?version=2 3,026 public; Expires: Thu, 30 Mar 2017 05:05:02 GMT application/json firefox:17268
9712 302 HTTP **foo.bar.com** /Account/ExternalLogin 0 private firefox:17268
9784 302 HTTP **foo.bar.com** /signin-google?state=j3HP3orE7tetRGbPwgzhavSX6yfRyWRtFAwQRhgWOlkGuWHrLjbt8-JKWK86dhk0i49vZDC4W5_7dmItoHdMzmJWX_56qYPNNkcJCrV2B7Z0_rYvwP8A92ioWSTlWl-pX7GNxOVnl7PF4g-VAtU9TIlk6l360mGHVFdQYZ34BBvfO-dRKkbIAJ9Fnq1K-8kx4aRreCzW_DhNLEzlvCo-JtiOSHdhMsrZ24OWsuJv5gU&code=4/cZgEy-LQH6WglN3zW5b6xtEhSVYioUxafUNWaGmBz6o&authuser=0&hd=liquidfusion.com.au&session_state=ce8761a407a452f656ccb83df50fca5a403132ae..8cd0&prompt=none 0 firefox:17268
9785 - HTTP **foo.bar.com** /Account/ExternalLoginCallback?error=access_denied -1 firefox:17268
With debugging enabled this is the error:
Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationMiddleware Error: 0 : Authentication failed
System.Net.Http.HttpRequestException: Response status code does not indicate success: 403 (Forbidden).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationHandler.<AuthenticateCoreAsync>d__0.MoveNext()
I will continue investigating and add any additional information I come across.
On the WIKI page, the MSDN links to a page with only the following line:
The topics in this section describe the public namespaces, classes, and interfaces that support Microsoft OWIN components.
How can people learn the API from this sentence?
I understand that by default this version of OIDC middleware (.net 4.5.1) assumes the response_mode is form post which has worked well for us with Azure. We are now being asked to integrate with another OIDC authorization server that supports hybrid flow, however the server's response to a hybrid flow OIDC request is always with a encoded url fragment. Per Dominic's post, this does appear to be a valid type of response in a hybrid flow:
https://leastprivilege.com/2014/10/10/openid-connect-hybrid-flow-and-identityserver-v3/
I have looked around but wasn't able to find anything that describes this type of response and how to handle it? Is there a way to support this type of response in OIDC middleware?
I have an IdentityServer4 provider and I'm trying to connect an ASP.NET WebForms 4.5.2 client using OpenIdConnect 3.0.1. Everything works fine but I'm having a problem with /signout-oidc
endpoints on the WebForms client: it doesn't seem to exist. I'm getting 404 error. Interestingly, /signin-oidc
does exist. I'm using same configuration for an ASP.NET Core client with the same OpenIdConnect 3.0.1 version and /signout-oidc
does work there. Am I doing something wrong?
Here's the /connect/endsession/callback
and /signout-oidc
log from logout process using Fiddler:
GET /connect/endsession/callback?sid=5f5617803ca616c7cb247d2d30f178af&logoutId=1ea004139be63cfd7d088ef6ea1483be HTTP/1.1
HTTP/1.1 200 OK
Date: Mon, 03 Apr 2017 08:08:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Kestrel
Cache-Control: no-store, no-cache, max-age=0
Pragma: no-cache
Set-Cookie: idsrv.ClientSessions.5f5617803ca616c7cb247d2d30f178af=.; expires=Sun, 03 Apr 2016 08:08:53 GMT; path=/; httponly
Set-Cookie: LogoutMessage.1ea004139be63cfd7d088ef6ea1483be=.; expires=Sun, 03 Apr 2016 08:08:53 GMT; path=/; httponly
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'sha256-u+OupXgfekP+x/f6rMdoEAspPCYUtca912isERnoEjY=';frame-src http://localhost:9869
X-Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'sha256-u+OupXgfekP+x/f6rMdoEAspPCYUtca912isERnoEjY=';frame-src http://localhost:9869
Content-Length: 223
<!DOCTYPE html><html><style>iframe{display:none;width:0;height:0;}</style><body><iframe src='http://localhost:9869/signout-oidc?sid=5f5617803ca616c7cb247d2d30f178af&iss=http%3A%2F%2Flocalhost%3A3027'></iframe></body></html>
GET /signout-oidc?sid=5f5617803ca616c7cb247d2d30f178af&iss=http%3A%2F%2Flocalhost%3A3027 HTTP/1.1
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcS1lTVjNcU291cmNlXElkZW50aXR5LkF1dGhlbnRpY2F0aW9uXFRlc3RzXElkZW50aXR5LkF1dGhlbnRpY2F0aW9uLkNsaWVudC5XZWJGb3Jtc1xzaWdub3V0LW9pZGM=?=
X-Powered-By: ASP.NET
Date: Mon, 03 Apr 2017 08:08:53 GMT
Content-Length: 5089
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 10.0 Detailed Error - 404.0 - Not Found</title>
...
By default, OWIN hooks itself into the system logging in order to be helpful and catch all sorts of logging. However, because of this and some deficiencies of DualWriter
, Owin is in the stacktrace of a lot of errors. And it seems to be actually causing some of them.
For my own project, in a high-volume environment, I'm getting the following stack trace in the event log (names sanitized):
Application: App.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
at System.Buffer.InternalBlockCopy(System.Array, Int32, System.Array, Int32, Int32)
at System.IO.StreamWriter.Write(Char[], Int32, Int32)
at System.IO.TextWriter+SyncTextWriter.Write(Char[], Int32, Int32)
at Microsoft.Owin.Hosting.Tracing.DualWriter.Write(Char[], Int32, Int32)
at System.IO.TextWriter.WriteLine(System.String)
at System.Diagnostics.TextWriterTraceListener.WriteLine(System.String)
at System.Diagnostics.TraceInternal.WriteLine(System.String)
at System.Diagnostics.Trace.WriteLine(System.String)
at SharedLibrary.ExampleUserObject.Cleanup()
I don't think it's necessary, but, just in case, the related Nuget packages I've got for this:
The code that causes this is a call to Trace.WriteLine()
in SharedLibrary.ExampleUserObject.Cleanup()
, and everything else in the stacktrace is core .NET code, except for OWIN. A call to Trace.WriteLine()
is certainly not a line of code you'd expect to be wrapping in a try/catch. It doesn't occur with a single call - only under heavy-ish concurrent load. I checked the commits in the master branch since 3.0.1 before submitting this issue, and they don't seem to touch files related to DualWriter
. So I think it's still relevant.
It's important to note, though, that this error with the exact stack trace occurred in two different kinds of environments: ones that were actually using the OWIN features, and ones that weren't. It's a system that has multiple different transports for incoming messages, with a self-hosted OWIN being one of them. OWIN was loaded in both environments, but this error was still occurring even when coming from other transports. I first dealt with this by removing my calls to Trace.WriteLine()
inside SharedLibrary.ExampleUserObject
, but that's not always an option. Especially if you're using a Nuget package or any other library you don't directly control. Eventually I settled on removing the listeners myself.
In fact, we can see a couple examples of this problem on the internet. Here's an error on StackOverflow where the user encountered this with LogEntries and mistakenly filed an issue on that project. Here's another SO question where the user gets these errors when running queries. And here's another SO question where the user complains about it interfering with his logging via Log4net. The answer on that question was pretty helpful about where to look.
Considering that this seems to be default behavior, I think DualWriter could use a bit of scrutiny. Especially in scenarios where it's not the only code to interact with System.Diagnostics
. Nothing that can insert itself into the call path of .NET internals should have a design that allows for this to happen. It's a bit of an unpleasant surprise to reference a library and encounter this.
In my mvc application, i've configured OpenIdConnect and CookieAuthentication middlewares.
When i trigger web api call from ajax, the web api, depending on the inputs data, returns Unauthorized code, the problem is that the request is captured and transformed to 302 to display the login page !
I understand Microsoft updated their APIs recently, I created a new app at https://apps.dev.microsoft.com
Application Id: 388e0946-5fa0-4143-8e7a-97141200f6a6
Password: obu****************************Platforms: Web
Allow Implicit Flow: YES
Redirect URIs:
https://localhost:44300/ signin-microsoft
https://ufotoday.com/ signin-microsoftMicrosoft Graph Permissions: User.Read
Application Permissions: ProfileI did not use "generate new key pair" (not sure what is it for)
I know that before it was not possible to test on localhost, this is tested live on UFOToday.com, but I keep getting "access denied",
response_type=code seems suspicious, I would think code maybe replaced with something else (not sure) see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-permissions
I noticed that the name of the scope changed from wl.emails wl.birthday, so I'm just trying with what I saw in the example code "openid email profile" (otherwise it's breaking)
My code:
// https://account.live.com/developers/applications
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins
var microsoftAuthOptions = new MicrosoftAccountAuthenticationOptions();
microsoftAuthOptions.ClientId = currentPortalProviders.MicrosoftLiveClientId;
microsoftAuthOptions.ClientSecret = currentPortalProviders.MicrosoftLiveClientSecret;
microsoftAuthOptions.CallbackPath = new PathString("/signin-microsoft");
// See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/
microsoftAuthOptions.Scope.Add("openid");
microsoftAuthOptions.Scope.Add("email");
microsoftAuthOptions.Scope.Add("profile");
microsoftAuthOptions.Provider = new MicrosoftAccountAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:microsoft:access_token", context.AccessToken));
var expiryDuration = context.ExpiresIn ?? new TimeSpan();
context.Identity.AddClaim(new Claim("urn:microsoft:expires_in", DateTime.UtcNow.Add(expiryDuration).ToString(CultureInfo.InvariantCulture)));
if (context.Email != null) context.Identity.AddClaim(new Claim("urn:microsoft:email", context.Email));
if (context.Id != null) context.Identity.AddClaim(new Claim("urn:microsoft:id", context.Id));
if (context.Name != null) context.Identity.AddClaim(new Claim("urn:microsoft:name", context.Name));
if (context.FirstName != null) context.Identity.AddClaim(new Claim("urn:microsoft:first_name", context.FirstName));
if (context.LastName != null) context.Identity.AddClaim(new Claim("urn:microsoft:last_name", context.LastName));
// Add all other available claims
foreach (var claim in context.User)
{
var claimType = string.Format("urn:microsoft:{0}", claim.Key);
var claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, "XmlSchemaString", "Microsoft"));
}
return Task.FromResult(0);
}
};
app.UseMicrosoftAccountAuthentication(microsoftAuthOptions);
This is what I'm getting:
Request URL:https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA
Request Method:GET
Status Code:200 OK
Remote Address:23.100.32.136:443
Referrer Policy:no-referrer-when-downgradeRequest URL:https://login.live.com/oauth20_authorize.srf?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA&login_hint=yovavgad%40gmail.com&ui_locales=en-US&display=page&uaid=aedea0ead6e94294a42ad04754ced973&issuer=mso&tenant=common&msproxy=1
Request Method:GET
Status Code:302 Found
Remote Address:131.253.61.96:443
Referrer Policy:no-referrer-when-downgradeRequest URL:https://ufotoday.com/ signin-microsoft ?code=Mde1a1f82-19ea-afb6-faed-6492578ef127&state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA
Request Method:GET
Status Code:302
Remote Address:52.183.33.89:443
Referrer Policy:no-referrer-when-downgradeRequest URL:https://ufotoday.com/signup-connect?error=access_denied
Request Method:GET
Status Code:302
Remote Address:52.183.33.89:443
Referrer Policy:no-referrer-when-downgrade
Does it work for anyone else?
Hi,
In the Unprotect
method of the JwtFormat
class, it only validates against the IEnumerable ValidIssuers
and ignores ValidIssuer
. Shouldn't it concatenate it to the list of ValidIssuers before validating? Maybe it's by design?
TokenValidationParameters validationParameters = _validationParameters;
if (_issuerCredentialProviders != null)
{
// Lazy augment with issuers and tokens. Note these may be refreshed periodically.
validationParameters = validationParameters.Clone();
IEnumerable<string> issuers = _issuerCredentialProviders.Select(provider => provider.Issuer);
if (validationParameters.ValidIssuers == null)
{
validationParameters.ValidIssuers = issuers;
}
else
{
validationParameters.ValidIssuers = validationParameters.ValidIssuers.Concat(issuers);
}
I have implemented all Notifications, but I cant find the metadata info in the "context" object, how can I obtain this metadata information?
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
Debug.WriteLine("*** RedirectToIdentityProvider");
return Task.FromResult(0);
},
MessageReceived = (context) =>
{
Debug.WriteLine("*** MessageReceived");
return Task.FromResult(0);
},
SecurityTokenReceived = (context) =>
{
Debug.WriteLine("*** SecurityTokenReceived");
return Task.FromResult(0);
},
SecurityTokenValidated = (context) =>
{
Debug.WriteLine("*** SecurityTokenValidated");
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
Debug.WriteLine("*** AuthorizationCodeReceived");
return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
Debug.WriteLine("*** AuthenticationFailed");
return Task.FromResult(0);
},
}
One of the most common issues hit by users is a conflict in the response cookie header that causes values to be dropped. See http://katanaproject.codeplex.com/wikipage?title=System.Web%20response%20cookie%20integration%20issues
This can cause infinite auth loops and other hard to diagnose issues. While we can't directly solve the issue, we can provide helpers for the most common mitigation. This would involve taking the workaround code from the link above and adding it to the SystemWeb package where it could be easily referenced by apps.
We may also add ICookieManager to the other auth providers (e.g. OIDC, Facebook, etc.) as they set temporary cookies during the auth flow.
We'll need to update the wiki to show the new workaround.
On providing the userid (Live/Outlook/Hotmail) we are being redirected to
which is basically error page.
On monitoring with fiddler we observe that in these cases the redirect_uri parameter is having space appended at the start.
This extra characters are getting added intermittently, while we are assigning this property in StartUp ,there is no space characters.
Please help in figuring out where these space characters are getting appended from, or redirect to relevant forums.
Thanks in advance
Using a rather default setup of packages, you'll run into the error
Dependencies can not be resolved. "Microsoft.Owin 3.1.0 ' is not compatible with' Microsoft.Owin.de 3.0.1 Restriction: Microsoft.Owin (= 3.0.1) '.
When trying to upgrade to the v3.1.0 release with localizations installed.
Apparently the localizations aren't updated: https://www.nuget.org/packages/Microsoft.Owin.de/
Nightly packages have moved to https://dotnet.myget.org/f/katana-dev/
But symbol packages are still publishing to 'https://nuget.symbolsource.org/MyGet/aspnetwebstacknightly'
Is this a problem?
Moving bug from the codeplex as it is still an issue for us with no easy solution.
If you develop OWIN middleware for monitoring you need to use ThreadAsync
or CallContext
to keep the context across the async/await
. And it is working fine. However if you try to use the same middleware when hosting your application in IIS - it doesn't propagate the context any longer.
Even better if there will be a possibility to set the context from HttModule
's Begin
callback that will be preserved to the controller execution.
Is this the official repository for Microsoft.Owin.Host.HttpListener?
https://www.nuget.org/packages/Microsoft.Owin.Host.HttpListener/
Can you clarify the license? The NuGet repository shows this license file: http://www.microsoft.com/web/webpi/eula/net_library_eula_enu.htm
The Git repository shows an Apache license: http://www.apache.org/licenses/LICENSE-2.0
As an aside, NuGet package also points to an old repository on CodePlex, that should be fixed too. I'm not 100% comfortable that the Git site IS the correct repository.
b2b299d#commitcomment-22034669
Katana uses some old build tools that do not support C#6+. Set <LangVersion>5</LangVersion>
in Common.targets to prevent the use of these new language features.
Repro:
This is caused by the redirect uri being set to https://twitter.com instead of https://api.twitter.com
The default https://twitter.com uri is used by the deep linking functionality of the app. This causes the app to handle the authentication request, instead of the browser, then after auth, the webview embedded in the twitter app takes over, and can not locate your redirect target.
The solution is to prefix the twitter.com domain with api. in this line https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.Twitter/TwitterAuthenticationHandler.cs#L25 just like the other calls,
or to allow the user to override the root domains via configuration.
Reference:
https://dev.twitter.com/oauth/reference/get/oauth/authenticate note the Resource url
Assume there is a cookie, and it is expired, sliding expiration is on, and code in method ValidateIdentity is rejecting identity. Flag _shouldRenew will still be set to true, and at the end of the request it will try to set cookie because of the flag, but there won't be identity and it will result in null reference exception when it will try to protect it.
`
protected override async Task AuthenticateCoreAsync()
.....
bool? allowRefresh = ticket.Properties.AllowRefresh;
if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration
&& (!allowRefresh.HasValue || allowRefresh.Value))
{
TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
if (timeRemaining < timeElapsed)
{
_shouldRenew = true;
_renewIssuedUtc = currentUtc;
TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
_renewExpiresUtc = currentUtc.Add(timeSpan);
}
}
var context = new CookieValidateIdentityContext(Context, ticket, Options);
await Options.Provider.ValidateIdentity(context);
`
Here is exception details:
System.NullReferenceException: Object reference not set to an instance of an object.
Stack trace
at Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Write(BinaryWriter writer, AuthenticationTicket model)
at Microsoft.Owin.Security.DataHandler.Serializer.TicketSerializer.Serialize(AuthenticationTicket model)
at Microsoft.Owin.Security.DataHandler.SecureDataFormat1.Protect(TData data) at Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler.<ApplyResponseGrantAsync>d__f.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<ApplyResponseCoreAsync>d__b.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<ApplyResponseAsync>d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<TeardownAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware
1.d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContextStage.d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar)
at System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Unhandled exceptions in OwinHttpListener.ProcessRequestsAsync from HttpListener.GetContextAsync() may bypass decrementing _currentOutstandingAccepts and cause the request pumping loop to stop accepting new requests. However, no one has successfully captured any such exception to understand the underlying cause.
Is there a reason for not using .ConfigureAwait(false) in the code base?
Facebook as deprecated their old OAuth endpoints that were used by Katana 3.0.1 and lower.
Here's a Fiddler trace of a failing auth flow:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
1191 302 HTTPS localhost:44318 /Account/ExternalLogin 0 private chrome:16236
1202 302 HTTPS www.facebook.com /dialog/oauth?response_type=code&client_id=569522623154478&redirect_uri=https%3A%2F%2Flocalhost%3A44318%2Fsignin-facebook&scope=&state=gQ2fRAt8BI46eC52Z_YdSFMCYbBleCGJO5Jl1BO4yQQFl0dVjx-Z0EqMS6QGNfIHD6n7fApnqdodg6ea4E7Ky9rsnExnoW22a7mV7uYAnj089d3yKm6TN4F2YoFgeVPZPakdddB_D-b8988omDTjeQPHrfSVNFqqATAsvab15PHkSaCuk5OqWZRJUnkKtfanM2uA9E8PH4_JrNrLc4DZyd0tRfGr0C3aHUkPJMUiEq0 0 private, no-cache, no-store, must-revalidate; Expires: Sat, 01 Jan 2000 00:00:00 GMT text/html chrome:16236
1203 302 HTTPS localhost:44318 /signin-facebook?code=AQDQ5k6PZ623JZqcDBHkeK6-uryTkyuKZWGD5Hk_rcLV2sYArbQKJE-d-WIvHGikif_5VtclZojZUInsOmV_KEYUYD9jL3Gn0qKKzdk6574_Ya8IoAVPpvm9hsHZ50bKAxItn01fTW54hhGRxUFpX4yCLqXrLtVgImctDxM73XGTEq7poHN7nglEcU0TjFKImpc4Pu-FkkrQXoDGrD4Xeig4NCJHzvJcw8Oc8iJIBCJDSESi6Y2U5Y2Gsy4WntIkRnhCPqh3p--h_2LFqbRcjpx9KYrvPqhW9sr5eShwY1JJ8fVlKzBQmmQbgf0IvTcbckLnxJOPCsIyIFCs5xNf9AH4&state=gQ2fRAt8BI46eC52Z_YdSFMCYbBleCGJO5Jl1BO4yQQFl0dVjx-Z0EqMS6QGNfIHD6n7fApnqdodg6ea4E7Ky9rsnExnoW22a7mV7uYAnj089d3yKm6TN4F2YoFgeVPZPakdddB_D-b8988omDTjeQPHrfSVNFqqATAsvab15PHkSaCuk5OqWZRJUnkKtfanM2uA9E8PH4_JrNrLc4DZyd0tRfGr0C3aHUkPJMUiEq0 0 chrome:16236
1205 200 HTTPS graph.facebook.com /oauth/access_token?grant_type=authorization_code&code=AQDQ5k6PZ623JZqcDBHkeK6-uryTkyuKZWGD5Hk_rcLV2sYArbQKJE-d-WIvHGikif_5VtclZojZUInsOmV_KEYUYD9jL3Gn0qKKzdk6574_Ya8IoAVPpvm9hsHZ50bKAxItn01fTW54hhGRxUFpX4yCLqXrLtVgImctDxM73XGTEq7poHN7nglEcU0TjFKImpc4Pu-FkkrQXoDGrD4Xeig4NCJHzvJcw8Oc8iJIBCJDSESi6Y2U5Y2Gsy4WntIkRnhCPqh3p--h_2LFqbRcjpx9KYrvPqhW9sr5eShwY1JJ8fVlKzBQmmQbgf0IvTcbckLnxJOPCsIyIFCs5xNf9AH4&redirect_uri=https%3A%2F%2Flocalhost%3A44318%2Fsignin-facebook&client_id=xxxxx&client_secret=xxxxxxxx 251 private, no-cache, no-store, must-revalidate; Expires: Sat, 01 Jan 2000 00:00:00 GMT application/json; charset=UTF-8 iisexpress:1144
1206 302 HTTPS localhost:44318 /Account/ExternalLoginCallback?error=access_denied 442 private text/html; charset=utf-8 chrome:16236
1207 200 HTTPS localhost:44318 /Account/Login 2,134 private text/html; charset=utf-8 chrome:16236
Note the /Account/ExternalLoginCallback?error=access_denied request.
If you enable logging here's the message (caused by a change in Facebook's response format):
https://github.com/aspnet/AspNetKatana/wiki/Debugging#logging
Microsoft.Owin.Security.Facebook.FacebookAuthenticationMiddleware Error: 0 : Authentication failed
System.ArgumentNullException: Value cannot be null.
Parameter name: stringToEscape
at System.Uri.EscapeDataString(String stringToEscape)
at Microsoft.Owin.Security.Facebook.FacebookAuthenticationHandler.<AuthenticateCoreAsync>d__0.MoveNext()
ProcessId=1144
DateTime=2017-03-27T20:53:38.6034000Z
This has been fixed in Katana 3.1.0-RC1 which is now available on nuget.org.
Google deprecated OpenId in favor of OAuth2. The old provider doesn't work anymore.
https://developers.google.com/identity/sign-in/auth-migration#timetable
Katana currently has OpenId and OAuth2 implementations. Remove the obsolete extension, handler, and options. Would it be worth renaming GoogleOAuth2AuthenticationOptions back to GoogleAuthenticationOptions? ASP.NET Core did.
Hi Chris,
Good to see this project moved to github :)
As we know Owin.dll
had its controversy... As a major release allows breaking changes, I suggest merging in IAppBuilder
into Microsoft.Owin.dll
. The namespace Owin.
could be retained within the lib to minimise changes to libraries that depend on Microsoft.Owin
.
Cheers
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/472/files#diff-04c6e90faac2675aa89e2176d2eec7d8R9
"+IdentityModel Extensions for .NET 5 has now been released. If you are using IdentityModel Extensions with ASP.NET, the following combinations are supported:
+* IdentityModel Extensions for .NET 4.x and ASP.NET 4
+* IdentityModel Extensions for .NET 5.x and ASP.NET Core 1.x
+All other combinations aren't supported."
Migration notes:
It would be nice to have OwinContext.Request.User.Identity disposed upon completion of each request. It was causing handle leak for me and for now I'm disposing it manually.
I've been trying to add WsFederationAuthenticationOptions at runtime, letting site administrators adding trusts to external IP's.
app.Map("/Account", configuration =>
{
var option= new WsFederationAuthenticationOptions
{
AuthenticationType = organizationModel.ADFS_Domain,
MetadataAddress = organizationModel.ADFS_MetadataAddress,
BackchannelCertificateValidator = null,
Wtrealm = organizationModel.ADFS_Realm,
Wreply = serveraddress + "/Account/ExternalLoginCallback/"+ wsFederationSetting.providerName,
};
configuration.UseWsFederationAuthentication(option);
});
But calling HttpContext.GetOwinContext().Authentication.GetExternalAuthenticationTypes() does not include the new option, hence the owinCtx.Authentication.Challenge will fail...
The code above is working from my startup class, but not at runtime. AndI don't want to have to restart the application just to add an Identity Provider...
UseActiveDirectoryFederationServicesBearerAuthentication and UseWindowsAzureActiveDirectoryBearerAuthentication both use WsFedCachingSecurityTokenProvider to download their metadata. WsFedCachingSecurityTokenProvider has read locks around Issuer and SecurityTokens, and a write lock for RetrieveMetadata. These locks are all synchronous and it calls into HttpClient and blocks, which fires off a background work item to send the request.
As OwinHttpListener receives requests it queues each one to the thread pool. When the global lock is taken then all of these requests start blocking thread pool threads and new threads cannot be injected fast enough. This may starve the metadata HttpClient and prevent it from sending the request in a timely fashion. Eventually it will time out, but the next request to get through the lock may encounter the same problem. This can bring the app to a complete halt.
I'm using an IIS Module to rewrite PathBase out of the urls. The middlewares are not aware of this obviously and generate the "wrong" urls:
e.g. FacebookAuthenticationMiddleware's CallbackPath
:
string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
Could an option be added (per middleware) to tell it to exclude Request.PathBase
? Or perhaps there's a better way?
Update nuget Project-url to reflect move to github, and codeplex shutdown
https://www.nuget.org/packages/Microsoft.Owin.Security/3.0.1
Hi all!
in OAuth2 https://tools.ietf.org/html/rfc6749#section-6 we may pass optional "scope" property
But in Microsoft.Owin.Security.OAuth 3.0.1 there is no way to detect this property, except ValidateTokenRequest/OnValidateTokenRequest in OAuthAuthorizationServerProvider (IOAuthAuthorizationServerProvider).
See
But this method is common for any request, while for refresh_token there are:
which, I assume, are more related to refresh workflow
Thanks
I think I found an issue in Microsoft.Owin.Security.Cookies.CookieAuthenticationHandler class, method ApplyResponseGrantAsync. There is a line (within "else if (_shouldRenew)" block) of where cookieOptions.Expires property is set if model.Properties.IsPersistent is true. The problem is that, in case of using a SessionStore, model.Properties.IsPersistent is always false, because in that case model is assigned a new instance with clean options.
So the cookie send to the browser is now a session cookie and when the browser is closed and reopened, the user must login again.
See also the ASP.NET core repository: aspnet/Security#973
There they have already fixed the issue. But that does not help me, as I am still using this library.
Hopyfully it will be fixed here also
For convenience. please expose the ssl.ClientCertificate
as a property in IOwinRequest interface.
This is a common property which used for implementation of ClientCertificateAuthenticationHandler.
Hi,
In our solution we use Microsoft.Owin.Security.Twitter for external authentification. If you click the Twitter-Button for the external authentification the application will freeze. A redirect to Twitter is expected.
If you comment out EnableHttpLogging = true (see code), it will work.
I think, it's a deadlock. Please make it robust.
Thanks,
Steffen
Additional information:
Code (Startup):
public void Configuration(IAppBuilder app)
{
// …
app.Map("/identity", idsrvApp =>
{
// …
AuthenticationOptions = IdentityServer3.Core.Configuration.AuthenticationOptions
{
EnablePostSignOutAutoRedirect = true,
IdentityProviders = ConfigureIdentityProviders,
},
IdentityServerOptions identityServerOptions = new IdentityServerOptions
{
LoggingOptions = new LoggingOptions()
{
EnableHttpLogging = true, // PROBLEM
// …
},
AuthenticationOptions = IdentityServer3.Core.Configuration.AuthenticationOptions
{
EnablePostSignOutAutoRedirect = true,
IdentityProviders = ConfigureIdentityProviders,
},
// …
}
}
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
// …
app.UseTwitterAuthentication(new TwitterAuthenticationOptions()
{
AuthenticationType = "Twitter",
Caption = "Twitter",
SignInAsAuthenticationType = signInAsType,
ConsumerKey = "…",
ConsumerSecret = "…",
BackchannelCertificateValidator = new CertificateSubjectKeyIdentifierValidator(
new[]
{
"90c86a986de20942a693c0115a04866a5053cf3e"
})
});
}
I use Swashbuckle to expose HTTP API in my service (self-hosted web application). From time to time I see in log errors like this:
2017-05-25 16:19:41 [17] ERROR - Unhandled exception. Request details:
Method: POST, RequestUri: 'http://localhost:8082/extract-info', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Connection: close
Accept: application/json
Accept-Encoding: gzip
Accept-Encoding: deflate
Host: localhost:8082
User-Agent: Python-urllib/3.5
Content-Length: 3980
Content-Type: application/json
}
System.Net.Http.HttpRequestException: Error while copying content to a stream. ---> System.IO.IOException ---> System.Net.HttpListenerException: The I/O operation has been aborted because of either a thread exit or an application request
at System.Net.HttpResponseStream.EndWrite(IAsyncResult asyncResult)
at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.EndWrite(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at Microsoft.Owin.Host.HttpListener.RequestProcessing.ExceptionFilterStream.EndWrite(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Owin.HttpMessageHandlerAdapter.<SendResponseContentAsync>d__20.MoveNext()
It reports that IO operation was aborted, altough client receives response completely and does not notice any problems.
I am posting the issue here because Swashbuckle uses Owin under its hood and stack trace points to Owin's code.
Initially I came across this issue on a slow machine and was unable to reproduce it on my computer. Then I ran a program which uses 100% CPU (any CPU performance test would do) and managed to reproduce it on my machine. I assume it can be some a kind of race conditions.
I don't think the details of my code are really helpful here because I managed to reproduce this error in extremely easy console application.
namespace My
{
public class MyController : ApiController
{
[Route("extract-info")]
[HttpPost]
public ResultType ExtractInfo([FromBody] InputType inputData, bool option = false)
{
Thread.Sleep(rnd.Next(1000, 5000)); // Simulate processing.
return GenerateResultType(); // Generate random/constant data.
}
}
}
The ResultType is a C# class, instances of this class are serialized to JSON like this:
{
"list": [
{
"a": "Some text",
"b": 12759966,
"c": false,
"d": true,
"e": "ORG",
"f": 5,
"g": 6,
"h": -1000.5,
"i": false
},
...
],
"dict1": {
"802474": 1.1,
"4005": 0.293677663774,
...
},
"dict2": {
"1141": 0.8998012898171055,
"24005": 0.993677663774,
...
}
}
The client (located on the same machine) makes requests from 10 parallel threads, each thread issues requests continiously one after another. The size of request data is 1-10KB, the size of returned data is 150-300KB. Due to Sleep() in request processing method the total throughput is not so high, about 3-4 requests per second.
Does anybody have any ideas about these exceptions?
Facebook (Graph) API 2.4 made some breaking changes to their request formats and flow.
https://katanaproject.codeplex.com/workitem/417
There is a wiki page System.Web response cookie integration issues that proposes to use SystemWebCookieManager
as a workaround. However, SystemWebCookieManager
has a major issue.
How to reproduce the issue:
ExpireTimeSpan
for the CookieAuthenticationOptions
to 10 minutesThe actual result: server makes a response with already expired authentication cookie.
For example, if you are in UTC +2 timezone and it's 12:00 on your machine, then you will receive .AspNet.Cookie cookie with Expires equal to 8:10, instead of 10:10
Why it happens:
In the CookieAuthenticationHandler.ApplyResponseGrantAsync
method there is the following code:
if (signInContext.Properties.IsPersistent)
{
DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
Even though, expiresUtc is a UTC time, the result of expiresUtc.ToUniversalTime().DateTime
returns DateTime
with Kind equals to DateTimeKind.Unspecified
. That's why Expires is converted to UTC twice.
In order fix it, SystemWebCookieManager
need to be updated. Instead of
cookie.Expires = options.Expires.Value;
there must be
cookie.Expires = DateTime.SpecifyKind(options.Expires.Value, DateTimeKind.Utc);
On Examining the threads which were taking high CPU, it was found out that all of those threads are stuck in accessing a Dictionary.
Here is WinDBG CLRStack of all High CPU Taking Threads
Loading Dump File [E:\Shared\Logs\100%CPUYogi\3CLogicStarter_6.dmp]
User Mini Dump File with Full Memory: Only application data is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred symsrvsymsrv.dllE:\SymbolsE:\PDBshttp://msdl.microsoft.com/download/symbols
Symbol search path is: symsrvsymsrv.dllE:\SymbolsE:\PDBshttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8.1 Version 9600 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS Personal
Built by: 6.3.9600.18217 (winblue_ltsb.160124-0053)
Machine Name:
Debug session time: Wed May 17 17:51:06.000 2017 (UTC + 5:30)
System Uptime: 0 days 1:26:27.672
Process Uptime: 0 days 1:01:33.000
................................................................
................................................................
...........
Loading unloaded module list
.........
*** ERROR: Symbol file could not be found. Defaulted to export symbols for KERNELBASE.dll -
eax=0000008c ebx=00000001 ecx=00000000 edx=00000000 esi=00000002 edi=00000002
eip=7761c7ec esp=00a3cc68 ebp=00a3cdf0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!NtWaitForMultipleObjects+0xc:
7761c7ec c21400 ret 14h
0:000> .loadby sos clr
0:000> !runaway
User Mode Time
Thread Time
42:55c 0 days 0:09:36.109
39:1d44 0 days 0:09:35.687
40:147c 0 days 0:02:43.062
41:1cc8 0 days 0:02:42.593
8:1388 0 days 0:00:08.687
20:1734 0 days 0:00:05.218
0:e50 0 days 0:00:03.109
4:6d4 0 days 0:00:02.328
36:1198 0 days 0:00:01.390
21:1764 0 days 0:00:01.234
14:16c4 0 days 0:00:01.187
12:1924 0 days 0:00:00.593
32:1bd4 0 days 0:00:00.468
44:1c90 0 days 0:00:00.359
16:1700 0 days 0:00:00.328
24:df0 0 days 0:00:00.296
43:1f60 0 days 0:00:00.281
26:1948 0 days 0:00:00.265
45:16e0 0 days 0:00:00.234
46:1664 0 days 0:00:00.218
25:16a0 0 days 0:00:00.218
31:10e4 0 days 0:00:00.203
28:15e0 0 days 0:00:00.187
27:11f8 0 days 0:00:00.156
30:b4 0 days 0:00:00.140
29:1590 0 days 0:00:00.125
22:16a4 0 days 0:00:00.109
2:5ec 0 days 0:00:00.093
38:1978 0 days 0:00:00.078
47:1254 0 days 0:00:00.062
48:8f4 0 days 0:00:00.031
52:1b3c 0 days 0:00:00.015
51:16d4 0 days 0:00:00.015
23:15ec 0 days 0:00:00.015
19:1ba4 0 days 0:00:00.015
50:1c98 0 days 0:00:00.000
49:132c 0 days 0:00:00.000
37:14d8 0 days 0:00:00.000
35:1b6c 0 days 0:00:00.000
34:1b98 0 days 0:00:00.000
33:918 0 days 0:00:00.000
18:a0c 0 days 0:00:00.000
17:16ec 0 days 0:00:00.000
15:158 0 days 0:00:00.000
13:92c 0 days 0:00:00.000
11:1750 0 days 0:00:00.000
10:2d8 0 days 0:00:00.000
9:858 0 days 0:00:00.000
7:a58 0 days 0:00:00.000
6:1264 0 days 0:00:00.000
5:1178 0 days 0:00:00.000
3:1644 0 days 0:00:00.000
1:1614 0 days 0:00:00.000
0:000> ~40s
eax=00000000 ebx=02a90fd8 ecx=00000003 edx=128a17cc esi=030e5a80 edi=030e8ce8
eip=737e6eb9 esp=05cae7a0 ebp=05cae7c4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
mscorlib_ni+0x366eb9:
737e6eb9 3b45f0 cmp eax,dword ptr [ebp-10h] ss:002b:05cae7b4=3c3317dd
0:040> !CLRStack
OS Thread Id: 0x147c (40)
Child SP IP Call Site
05cae7a0 737e6eb9 System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Insert(System.__Canon, System.__Canon, Boolean) 05cae7d4 737d9beb System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].set_Item(System.__Canon, System.__Canon)
05cae7dc 0d4cb95f Microsoft.Owin.Host.HttpListener.RequestProcessing.CallEnvironment.set_Item(System.String, System.Object)
05cae7f0 0d5499a0 Microsoft.Owin.OwinRequest.Set[[System.__Canon, mscorlib]](System.String, System.__Canon)
05cae808 0d54995f Microsoft.Owin.Security.Infrastructure.OwinRequestExtensions.RegisterAuthenticationHandler(Microsoft.Owin.IOwinRequest, Microsoft.Owin.Security.Infrastructure.AuthenticationHandler)
05cae824 0d549632 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler+d__0.MoveNext()
05cae85c 0d54952f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationHandler+d__0, Microsoft.Owin.Security]](d__0 ByRef)
05cae8b4 0d5494c3 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.BaseInitializeAsync(Microsoft.Owin.Security.AuthenticationOptions, Microsoft.Owin.IOwinContext)
05cae90c 0d549437 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler1[[System.__Canon, mscorlib]].Initialize(System.__Canon, Microsoft.Owin.IOwinContext) 05cae918 0d549093 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]].MoveNext()
05cae950 0d548fe3 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef) 05cae9b0 0d548f66 System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef) 05cae9cc 0d548f0c System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef)
05cae9e4 0d548eb1 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1[[System.__Canon, mscorlib]].Invoke(Microsoft.Owin.IOwinContext) 05caea38 0d4cc777 Microsoft.Owin.Infrastructure.OwinMiddlewareTransition.Invoke(System.Collections.Generic.IDictionary2)
05caea4c 0d548c87 Microsoft.Owin.Mapping.MapMiddleware+d__0.MoveNext()
05caea94 0d548a5f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Mapping.MapMiddleware+d__0, Microsoft.Owin]](d__0 ByRef)
05caeaec 0d5489f5 Microsoft.Owin.Mapping.MapMiddleware.Invoke(System.Collections.Generic.IDictionary2) 05caeb44 0d54896d Microsoft.Owin.Cors.CorsMiddleware.HandleCorsRequestAsync(Microsoft.Owin.IOwinContext, System.Web.Cors.CorsPolicy, System.Web.Cors.CorsRequestContext) 05caeb60 0d4ced52 Microsoft.Owin.Cors.CorsMiddleware+d__0.MoveNext() 05caeb98 0d4ce697 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Cors.CorsMiddleware+d__0, Microsoft.Owin.Cors]](d__0 ByRef) 05caebf0 0d4ce495 Microsoft.Owin.Cors.CorsMiddleware.Invoke(System.Collections.Generic.IDictionary2)
05caec48 0d4ce3c7 Microsoft.Owin.Infrastructure.AppFuncTransition.Invoke(Microsoft.Owin.IOwinContext)
05caec54 0d4cdc34 WebAstra.Shared.Rest.RestPreProcessor+d__6.MoveNext()
05caec84 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
05caec8c 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
05caecf8 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
05caed0c 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
05caed3c 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
05caed68 737c01f6 System.Threading.Tasks.Task.FinishContinuations()
05caedb4 737bff08 System.Threading.Tasks.Task.FinishStageThree()
05caedc0 737f51bb System.Threading.Tasks.Task.FinishStageTwo()
05caede8 737f5070 System.Threading.Tasks.Task.Finish(Boolean)
05caee14 737f4bbd System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
05caee78 737f4ac3 System.Threading.Tasks.Task.ExecuteEntry(Boolean)
05caee88 737f4a0f System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
05caee8c 73795269 System.Threading.ThreadPoolWorkQueue.Dispatch()
05caeedc 73795115 System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
05caf100 745d2372 [DebuggerU2MCatchHandlerFrame: 05caf100]
05caf16c 745d2372 [ContextTransitionFrame: 05caf16c]
05caf2f4 745d2372 [DebuggerU2MCatchHandlerFrame: 05caf2f4]
0:040> ~42s
eax=00000000 ebx=00000003 ecx=127ede24 edx=02eb5aa0 esi=02eb57c0 edi=00000000
eip=737e9cd8 esp=0ef2e148 ebp=0ef2e164 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
mscorlib_ni+0x369cd8:
737e9cd8 3b45f0 cmp eax,dword ptr [ebp-10h] ss:002b:0ef2e154=3c850816
0:042> !CLRStack
OS Thread Id: 0x55c (42)
Child SP IP Call Site
0ef2e148 737e9cd8 System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].FindEntry(System.__Canon) 0ef2e16c 737eac6d System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].TryGetValue(System.__Canon, System.__Canon ByRef)
0ef2e17c 0d4cafdb Microsoft.Owin.Host.HttpListener.RequestProcessing.CallEnvironment.TryGetValue(System.String, System.Object ByRef)
0ef2e190 0d5a3acc System.Collections.Generic.DictionaryExtensions.TryGetValue[[System.__Canon, mscorlib]](System.Collections.Generic.IDictionary2, System.String, System.__Canon ByRef) 0ef2e1ac 0d5a3a54 System.Web.Http.Owin.OwinRequestExtensions.DisableBuffering(Microsoft.Owin.IOwinRequest) 0ef2e1bc 0d5a2a97 System.Web.Http.Owin.HttpMessageHandlerAdapter+d__0.MoveNext() 0ef2e24c 0d5a1def System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.Web.Http.Owin.HttpMessageHandlerAdapter+d__0, System.Web.Http.Owin]](d__0 ByRef) 0ef2e2a4 0d5a1c19 System.Web.Http.Owin.HttpMessageHandlerAdapter.InvokeCore(Microsoft.Owin.IOwinContext, Microsoft.Owin.IOwinRequest, Microsoft.Owin.IOwinResponse) 0ef2e31c 0d5a18e2 System.Web.Http.Owin.HttpMessageHandlerAdapter.Invoke(Microsoft.Owin.IOwinContext) 0ef2e330 0d4cc777 Microsoft.Owin.Infrastructure.OwinMiddlewareTransition.Invoke(System.Collections.Generic.IDictionary2)
0ef2e344 0d54e833 SqueezeMe.CompressionStrategies.DirectCompressionStrategy+d__0.MoveNext()
0ef2e3d8 73f6cf7f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0ef2e434 73fe48cd System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0ef2e450 73f7030f System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0ef2e468 0d54e4c8 SqueezeMe.CompressionStrategies.DirectCompressionStrategy.Compress(System.Func2,System.Threading.Tasks.Task>, Microsoft.Owin.OwinContext, SqueezeMe.ICompressor, System.IO.Stream)
0ef2e4b4 0d54bfcc SqueezeMe.CompressionMiddleware+d__5.MoveNext()
0ef2e53c 73f6cf7f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0ef2e598 73fe48cd System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0ef2e5b4 73f7030f System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0ef2e5cc 0d54bd56 SqueezeMe.CompressionMiddleware.Invoke(System.Collections.Generic.IDictionary2)
0ef2e60c 0d4ce3c7 Microsoft.Owin.Infrastructure.AppFuncTransition.Invoke(Microsoft.Owin.IOwinContext)
0ef2e618 0d549222 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]].MoveNext() 0ef2e650 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object) 0ef2e658 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 0ef2e6c4 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 0ef2e6d8 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run() 0ef2e708 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef) 0ef2e734 737c01f6 System.Threading.Tasks.Task.FinishContinuations() 0ef2e780 737bff08 System.Threading.Tasks.Task.FinishStageThree() 0ef2e78c 737f3950 System.Threading.Tasks.Task1[[System.Boolean, mscorlib]].TrySetResult(Boolean)
0ef2e79c 737f38d1 System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Boolean, mscorlib]].SetResult(Boolean) 0ef2e7b4 0d549e32 WebAstra.Shared.Rest.RestAuthenticationHandler+d__1.MoveNext() 0ef2e7e4 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object) 0ef2e7ec 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 0ef2e858 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 0ef2e86c 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run() 0ef2e89c 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef) 0ef2e8c8 737c01f6 System.Threading.Tasks.Task.FinishContinuations() 0ef2e914 737bff08 System.Threading.Tasks.Task.FinishStageThree() 0ef2e920 737f51bb System.Threading.Tasks.Task.FinishStageTwo() 0ef2e948 737f5070 System.Threading.Tasks.Task.Finish(Boolean) 0ef2e974 737f4bbd System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef) 0ef2e9d8 737f4ac3 System.Threading.Tasks.Task.ExecuteEntry(Boolean) 0ef2e9e8 737f4a0f System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() 0ef2e9ec 73795269 System.Threading.ThreadPoolWorkQueue.Dispatch() 0ef2ea3c 73795115 System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() 0ef2ec60 745d2372 [DebuggerU2MCatchHandlerFrame: 0ef2ec60] 0ef2eccc 745d2372 [ContextTransitionFrame: 0ef2eccc] 0ef2ee54 745d2372 [DebuggerU2MCatchHandlerFrame: 0ef2ee54] 0:042> !runaway User Mode Time Thread Time 42:55c 0 days 0:09:36.109 39:1d44 0 days 0:09:35.687 40:147c 0 days 0:02:43.062 41:1cc8 0 days 0:02:42.593 8:1388 0 days 0:00:08.687 20:1734 0 days 0:00:05.218 0:e50 0 days 0:00:03.109 4:6d4 0 days 0:00:02.328 36:1198 0 days 0:00:01.390 21:1764 0 days 0:00:01.234 14:16c4 0 days 0:00:01.187 12:1924 0 days 0:00:00.593 32:1bd4 0 days 0:00:00.468 44:1c90 0 days 0:00:00.359 16:1700 0 days 0:00:00.328 24:df0 0 days 0:00:00.296 43:1f60 0 days 0:00:00.281 26:1948 0 days 0:00:00.265 45:16e0 0 days 0:00:00.234 46:1664 0 days 0:00:00.218 25:16a0 0 days 0:00:00.218 31:10e4 0 days 0:00:00.203 28:15e0 0 days 0:00:00.187 27:11f8 0 days 0:00:00.156 30:b4 0 days 0:00:00.140 29:1590 0 days 0:00:00.125 22:16a4 0 days 0:00:00.109 2:5ec 0 days 0:00:00.093 38:1978 0 days 0:00:00.078 47:1254 0 days 0:00:00.062 48:8f4 0 days 0:00:00.031 52:1b3c 0 days 0:00:00.015 51:16d4 0 days 0:00:00.015 23:15ec 0 days 0:00:00.015 19:1ba4 0 days 0:00:00.015 50:1c98 0 days 0:00:00.000 49:132c 0 days 0:00:00.000 37:14d8 0 days 0:00:00.000 35:1b6c 0 days 0:00:00.000 34:1b98 0 days 0:00:00.000 33:918 0 days 0:00:00.000 18:a0c 0 days 0:00:00.000 17:16ec 0 days 0:00:00.000 15:158 0 days 0:00:00.000 13:92c 0 days 0:00:00.000 11:1750 0 days 0:00:00.000 10:2d8 0 days 0:00:00.000 9:858 0 days 0:00:00.000 7:a58 0 days 0:00:00.000 6:1264 0 days 0:00:00.000 5:1178 0 days 0:00:00.000 3:1644 0 days 0:00:00.000 1:1614 0 days 0:00:00.000 0:042> ~41s eax=00000000 ebx=00000003 ecx=128a17cc edx=030e8ce8 esi=030e5a80 edi=00000000 eip=737e9cd8 esp=0e67e4f8 ebp=0e67e514 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 mscorlib_ni+0x369cd8: 737e9cd8 3b45f0 cmp eax,dword ptr [ebp-10h] ss:002b:0e67e504=3c850816 0:041> !CLRStack OS Thread Id: 0x1cc8 (41) Child SP IP Call Site 0e67e4f8 737e9cd8 System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].FindEntry(System.__Canon)
0e67e51c 737eac6d System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].TryGetValue(System.__Canon, System.__Canon ByRef) 0e67e52c 0d4cafdb Microsoft.Owin.Host.HttpListener.RequestProcessing.CallEnvironment.TryGetValue(System.String, System.Object ByRef) 0e67e540 0d5a3acc System.Collections.Generic.DictionaryExtensions.TryGetValue[[System.__Canon, mscorlib]](System.Collections.Generic.IDictionary2, System.String, System.__Canon ByRef)
0e67e55c 0d5a3a54 System.Web.Http.Owin.OwinRequestExtensions.DisableBuffering(Microsoft.Owin.IOwinRequest)
0e67e56c 0d5a2a97 System.Web.Http.Owin.HttpMessageHandlerAdapter+d__0.MoveNext()
0e67e5fc 0d5a1def System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.Web.Http.Owin.HttpMessageHandlerAdapter+d__0, System.Web.Http.Owin]](d__0 ByRef)
0e67e654 0d5a1c19 System.Web.Http.Owin.HttpMessageHandlerAdapter.InvokeCore(Microsoft.Owin.IOwinContext, Microsoft.Owin.IOwinRequest, Microsoft.Owin.IOwinResponse)
0e67e6cc 0d5a18e2 System.Web.Http.Owin.HttpMessageHandlerAdapter.Invoke(Microsoft.Owin.IOwinContext)
0e67e6e0 0d4cc777 Microsoft.Owin.Infrastructure.OwinMiddlewareTransition.Invoke(System.Collections.Generic.IDictionary2) 0e67e6f4 0d54e833 SqueezeMe.CompressionStrategies.DirectCompressionStrategy+d__0.MoveNext() 0e67e788 73f6cf7f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0e67e7e4 73fe48cd System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0e67e800 73f7030f System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0e67e818 0d54e4c8 SqueezeMe.CompressionStrategies.DirectCompressionStrategy.Compress(System.Func2,System.Threading.Tasks.Task>, Microsoft.Owin.OwinContext, SqueezeMe.ICompressor, System.IO.Stream) 0e67e864 0d54bfcc SqueezeMe.CompressionMiddleware+d__5.MoveNext() 0e67e8ec 73f6cf7f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[System.__Canon, mscorlib]](System.__Canon ByRef) 0e67e948 73fe48cd System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0e67e964 73f7030f System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[System.__Canon, mscorlib]](System.__Canon ByRef)
0e67e97c 0d54bd56 SqueezeMe.CompressionMiddleware.Invoke(System.Collections.Generic.IDictionary2) 0e67e9bc 0d4ce3c7 Microsoft.Owin.Infrastructure.AppFuncTransition.Invoke(Microsoft.Owin.IOwinContext) 0e67e9c8 0d549222 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]].MoveNext()
0e67ea00 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
0e67ea08 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
0e67ea74 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
0e67ea88 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
0e67eab8 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
0e67eae4 737c01f6 System.Threading.Tasks.Task.FinishContinuations()
0e67eb30 737bff08 System.Threading.Tasks.Task.FinishStageThree()
0e67eb3c 737f3950 System.Threading.Tasks.Task1[[System.Boolean, mscorlib]].TrySetResult(Boolean) 0e67eb4c 737f38d1 System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Boolean, mscorlib]].SetResult(Boolean)
0e67eb64 0d549e32 WebAstra.Shared.Rest.RestAuthenticationHandler+d__1.MoveNext()
0e67eb94 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
0e67eb9c 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
0e67ec08 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
0e67ec1c 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
0e67ec4c 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
0e67ec78 737c01f6 System.Threading.Tasks.Task.FinishContinuations()
0e67ecc4 737bff08 System.Threading.Tasks.Task.FinishStageThree()
0e67ecd0 737f51bb System.Threading.Tasks.Task.FinishStageTwo()
0e67ecf8 737f5070 System.Threading.Tasks.Task.Finish(Boolean)
0e67ed24 737f4bbd System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
0e67ed88 737f4ac3 System.Threading.Tasks.Task.ExecuteEntry(Boolean)
0e67ed98 737f4a0f System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
0e67ed9c 73795269 System.Threading.ThreadPoolWorkQueue.Dispatch()
0e67edec 73795115 System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
0e67f010 745d2372 [DebuggerU2MCatchHandlerFrame: 0e67f010]
0e67f07c 745d2372 [ContextTransitionFrame: 0e67f07c]
0e67f204 745d2372 [DebuggerU2MCatchHandlerFrame: 0e67f204]
0:041> ~43s
eax=00000000 ebx=766688d0 ecx=00000000 edx=00000000 esi=00000000 edi=00000504
eip=7761c27c esp=0f12e9b8 ebp=0f12ea28 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
ntdll!NtWaitForSingleObject+0xc:
7761c27c c20c00 ret 0Ch
0:043> !CLRStack
OS Thread Id: 0x1f60 (43)
Child SP IP Call Site
GetFrameContext failed: 1
00000000 00000000
0:043> ~44s
eax=00000000 ebx=766688d0 ecx=00000000 edx=00000000 esi=00000000 edi=00000504
eip=7761c27c esp=0b02f858 ebp=0b02f8c8 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!NtWaitForSingleObject+0xc:
7761c27c c20c00 ret 0Ch
0:044> !CLRStack
OS Thread Id: 0x1c90 (44)
Child SP IP Call Site
GetFrameContext failed: 1
00000000 00000000
0:044> ~39s
eax=00000000 ebx=02a90fd8 ecx=00000003 edx=127ede24 esi=02eb57c0 edi=02eb5aa0
eip=737e6ea3 esp=08ace090 ebp=08ace0b4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
mscorlib_ni+0x366ea3:
737e6ea3 8b7e08 mov edi,dword ptr [esi+8] ds:002b:02eb57c8=02eb5aa0
0:039> !CLRStack
OS Thread Id: 0x1d44 (39)
Child SP IP Call Site
08ace090 737e6ea3 System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Insert(System.__Canon, System.__Canon, Boolean) 08ace0c4 737d9beb System.Collections.Generic.Dictionary2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].set_Item(System.__Canon, System.__Canon)
08ace0cc 0d4cb95f Microsoft.Owin.Host.HttpListener.RequestProcessing.CallEnvironment.set_Item(System.String, System.Object)
08ace0e0 0d5499a0 Microsoft.Owin.OwinRequest.Set[[System.__Canon, mscorlib]](System.String, System.__Canon)
08ace0f8 0d54995f Microsoft.Owin.Security.Infrastructure.OwinRequestExtensions.RegisterAuthenticationHandler(Microsoft.Owin.IOwinRequest, Microsoft.Owin.Security.Infrastructure.AuthenticationHandler)
08ace114 0d549632 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler+d__0.MoveNext()
08ace14c 0d54952f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationHandler+d__0, Microsoft.Owin.Security]](d__0 ByRef)
08ace1a4 0d5494c3 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.BaseInitializeAsync(Microsoft.Owin.Security.AuthenticationOptions, Microsoft.Owin.IOwinContext)
08ace1fc 0d549437 Microsoft.Owin.Security.Infrastructure.AuthenticationHandler1[[System.__Canon, mscorlib]].Initialize(System.__Canon, Microsoft.Owin.IOwinContext) 08ace208 0d549093 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]].MoveNext()
08ace240 0d548fe3 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef) 08ace2a0 0d548f66 System.Runtime.CompilerServices.AsyncTaskMethodBuilder1[[System.Threading.Tasks.VoidTaskResult, mscorlib]].Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef) 08ace2bc 0d548f0c System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1+d__0[[System.__Canon, mscorlib]], Microsoft.Owin.Security]](d__0 ByRef)
08ace2d4 0d548eb1 Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1[[System.__Canon, mscorlib]].Invoke(Microsoft.Owin.IOwinContext) 08ace328 0d4cc777 Microsoft.Owin.Infrastructure.OwinMiddlewareTransition.Invoke(System.Collections.Generic.IDictionary2)
08ace33c 0d548c87 Microsoft.Owin.Mapping.MapMiddleware+d__0.MoveNext()
08ace384 0d548a5f System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Mapping.MapMiddleware+d__0, Microsoft.Owin]](d__0 ByRef)
08ace3dc 0d5489f5 Microsoft.Owin.Mapping.MapMiddleware.Invoke(System.Collections.Generic.IDictionary2) 08ace434 0d54896d Microsoft.Owin.Cors.CorsMiddleware.HandleCorsRequestAsync(Microsoft.Owin.IOwinContext, System.Web.Cors.CorsPolicy, System.Web.Cors.CorsRequestContext) 08ace450 0d4ced52 Microsoft.Owin.Cors.CorsMiddleware+d__0.MoveNext() 08ace488 0d4ce697 System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Owin.Cors.CorsMiddleware+d__0, Microsoft.Owin.Cors]](d__0 ByRef) 08ace4e0 0d4ce495 Microsoft.Owin.Cors.CorsMiddleware.Invoke(System.Collections.Generic.IDictionary2)
08ace538 0d4ce3c7 Microsoft.Owin.Infrastructure.AppFuncTransition.Invoke(Microsoft.Owin.IOwinContext)
08ace544 0d4cdc34 WebAstra.Shared.Rest.RestPreProcessor+d__6.MoveNext()
08ace574 737f8de3 System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.InvokeMoveNext(System.Object)
08ace57c 737d0d07 System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
08ace5e8 737d0c56 System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
08ace5fc 737f493f System.Runtime.CompilerServices.AsyncMethodBuilderCore+MoveNextRunner.Run()
08ace62c 737f8d33 System.Threading.Tasks.AwaitTaskContinuation.RunOrScheduleAction(System.Action, Boolean, System.Threading.Tasks.Task ByRef)
08ace658 737c01f6 System.Threading.Tasks.Task.FinishContinuations()
08ace6a4 737bff08 System.Threading.Tasks.Task.FinishStageThree()
08ace6b0 737f51bb System.Threading.Tasks.Task.FinishStageTwo()
08ace6d8 737f5070 System.Threading.Tasks.Task.Finish(Boolean)
08ace704 737f4bbd System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
08ace768 737f4ac3 System.Threading.Tasks.Task.ExecuteEntry(Boolean)
08ace778 737f4a0f System.Threading.Tasks.Task.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
08ace77c 73795269 System.Threading.ThreadPoolWorkQueue.Dispatch()
08ace7cc 73795115 System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
08ace9f0 745d2372 [DebuggerU2MCatchHandlerFrame: 08ace9f0]
08acea5c 745d2372 [ContextTransitionFrame: 08acea5c]
08acebe4 745d2372 [DebuggerU2MCatchHandlerFrame: 08acebe4]
Any quick help will save my life...
Change all the .CS files and any other license files in the repo to be the same as ASP.NET Core.
Also, while we're at it, remove the bizarre DISCLAIMER.txt from the repo.
The Live Connect API is depricated
aspnet/Security#691
Twitter keeps changing the certificate they use for api.twitter.com requests. These certs are pinned by the middleware, so it breaks. Remove the pinning.
I upgraded my project to version 3.1.0 and when I try to login with facebook I get an error. My other authentication(google) works fine
My web application work correctly when run with Microsoft.Owin.Host.SystemWeb.dll in local bin folder (private dll). But when I need to GAC this dll to Global Assembly Cache, web application show "No owin.Environment item was found in the context" error when I call HTTPContext.GetOwinContext() method.
Note: I used fuslogvw.exe to check dll binding when web application startup. Difference is that for private dll, when web application startup, it load Microsoft.Owin.Host.SystemWeb.dll immediately, but GAC does not.
And I use Microsoft.Owin.Host.SystemWeb.dll version 3.0.0.
Please advice me how to fix it if I need to GAC this dll.
Thanks,
Anucha T.
This is not a bug, but can't seem to find a nice way to solve the problem, so I'm asking here.
I use Facebook login form my users, so, they are asked to authorize basic permissions (email, name) at login. And these permissions are set in app startup with a FacebookAuthenticationOptions object.
But for a small group of users I need to request more permissions from Facebook, (facebook page, cover, etc). My plan is to try and relogin to Facebook with more permissions in list, but there is no way of changing permission fields only for some users, as the original FacebookAuthenticationOptions is untouchable once it's defined.
Any suggestions?
Use case: easy porting of lots of existing code without having to rewrite entire applications.
Would be happy to attempt a PR.
This will be required for the IdentityModel update. #7
Does Katana support websockets for Windows 7?
Otherwise, will you add support in the future?
Thx
Add an expiration to the nonce cookie so they get cleared out even if login fails.
https://katanaproject.codeplex.com/workitem/402
Hi,
I have an ASP.NET MVC web application running on .NET Framework 4.5. I want my application to be able to use OAuth protocol of Linkedin to allow a user to authenticate into the application using Linkedin identity.
I am not able to find any Owin module for implementing this. I could only find app.UseOAuthAuthorizarionServer and app.UseOAuthBearerAuthentication. The first one is for implementing an authorization server and the second is for verifying the Bearer token present in the header in order to secure a service such as a Web API. There is another module app.UseOauthAuthentication, but that only works in ASP.NET Core project, and not ASP.NET 4.5.
Is there any way using which I can get Linkedin OAuth flow to work in ASP.Net 4.5 project, or will I have to migrate my project to ASP.NET Core ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.