Servicestack authentication routing not working when hosted in IIS

maggarwal · July 15, 2024, 3:43pm

Hi,
I have a .Net Core 6 Angular 13 application with ServiceStack 8.0. I have a custom AuthProvider implementation for application user. Authentication flow works fine in debug mode. But when the service is hosted in IIS, the /auth post request returns 200 OK response, but the custom authprovider is not getting executed (no logs written, I can see them when executing in debug mode). Below is my web config. Is there anything additional needs to be done while hosting in IIS?

Program.cs -
webBuilder
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup();

Thank you!

mythz · July 15, 2024, 3:59pm

What’s the full HTTP Request/Response Header of a /auth request that returns 200 without invoking the ServiceStack API?

maggarwal · July 15, 2024, 4:26pm

Thank you!

mythz · July 15, 2024, 4:31pm

This request doesn’t look valid, you’re sending JSON with a text/html content type. The Response returns a 200 and this request does reach ServiceStack.

But this isn’t a valid Auth Request, since it’s not being posted to /auth/credentials.

maggarwal · July 15, 2024, 7:09pm

I’m not using credential auth provider. I have a custom auth provider implementing “AuthProvider”. This works fine in Development mode, but in Production mode while hosted in IIS, the /auth url doesn’t seem to get hit in spite of the 200 response. The request header do have content type as "application/json’.

mythz · July 16, 2024, 1:13am

You still need to specify the provider in /auth/provider

This request says it’s hitting ServiceStack, what’s the response contain?

maggarwal · July 19, 2024, 7:09am

I get 404 error with /auth/provider url in both localhost and IIS. With localhost (development mode) , I’m able to authenticate with /auth url –

When the service is hosted in IIS, the swagger-ui loading fails with error message “failed to parse JSON/YAML response”. The response to the /auth url is a default html page –

Thanks.

mythz · July 19, 2024, 7:13am

You wouldn’t use /auth/provider you would use /auth/{provider} where you’d replace {provider} with the name of your Auth Provider. Or you specify the provider in the Request Body, I don’t understand how your Custom Auth Provider would be able to work without it.

What is the Provider property of your AuthProvider and which base class does it inherit from?

maggarwal · July 19, 2024, 8:36am

I was using /auth/{provider}. There was a spacing issue in the provider name that resulted in the 404 error. I’m now able to access the /auth/provider url now from both localhost and IIS hosted service. I still have an issue with IIS hosted service where swagger-ui url doesn’t work, but in Development mode the api loads fine -

mythz · July 19, 2024, 8:40am

The Response Headers are showing it reaches ServiceStack so that’s not the issue. The first step in diagnosing any issue is looking at the HTTP Request. What is the HTTP Request/Response Body of a valid request?

maggarwal · July 19, 2024, 9:13am

The response to the /openapi url is a default html page shown

mythz · July 19, 2024, 9:26am

This is the Swagger UI? you’re saying the Auth API doesn’t work right?

What’s the HTTP Request/Response Headers including Response Body of a valid AUTH API Request?

maggarwal · July 19, 2024, 2:17pm

The Auth Api is now working with /auth/provider url and the original issue is resolved. Thank you! The swagger-ui is not working for the IIS hosted service. It’s failing with “failed to parse JSON/YAML response” message.

mythz · July 20, 2024, 2:19am

/openapi is a regular ServiceStack API, can’t tell from here why it’s not being executed as a normal API as the request reaches ServiceStack, does its response give any insight into why it’s not being executed?