[🐛 Bug]: User.Identity.IsAuthenticated and User.Identity.Name not working anymore since webDriver version 4.12

[fangwangse]

What happened?

I have OIDC authentication enabled in my API. When user gets authenticated via the swagger UI (or web client), I get correct values for
_httpContextAccessor.HttpContext.User.Identity.Name
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated (=True)
in my services.

When I add the following packages:


It still works fine.

But, if I upgrade above packages to the latest version 4.12.x, i.e.:

_httpContextAccessor.HttpContext.User.Identity.Name
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated
stop returning correct values:
...Identity.Name is always null, ...Identity.IsAuthenticated is always False.

If I remove these 2 packages, or downgraded back to 4.11.0, correct values are back as well.

How can we reproduce the issue?

In Program.cs:

services.AddHttpContextAccessor();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(...);
services.AddScoped<IHttpClientFactory, HttpClientFactory>();
services.AddScoped<IUserAuthenticationService, UserAuthenticationService>();
services.AddSwaggerGen(options =>
        {
            var oidcAddress = "your jwt token server address";
            options.AddSecurityDefinition(AuthorizationSystems.Oidc.ToString(), new OpenApiSecurityScheme
            {
                Type = SecuritySchemeType.OAuth2,
                Flows = new OpenApiOAuthFlows
                {
                    AuthorizationCode = new OpenApiOAuthFlow
                    {
                        AuthorizationUrl = new Uri($"{oidcAddress}/auth/realms/master/protocol/openid-connect/auth"),
                        TokenUrl = new Uri($"{oidcAddress}/auth/realms/master/protocol/openid-connect/token")
                    }
                }
            })
            .AddSecurityRequirement(new OpenApiSecurityRequirement
            {
                {
                    new OpenApiSecurityScheme
                    {
                        Reference = new OpenApiReference
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = AuthorizationSystems.Oidc.ToString()
                        }
                    },
                    new List<string>()
                }
            });
        });
...

app.UseAuthentication();

In UserAuthenticationService.cs:
    public class UserAuthenticationService: IUserAuthenticationService
    {
        private readonly IHttpContextAccessor _httpContextAccessor;

        public UserAuthenticationService(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }

        bool IUserAuthenticationService.IsAuthenticated()
        {
            return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated;
        }

        string IUserAuthenticationService.GetUserId()
        {
            return _httpContextAccessor.HttpContext.User.Identity.Name;
        }
    }

In controller:
public class ExampleController : ControllerBase
    {
        private readonly IUserAuthenticationService _authService;

        public TestCaseController(IUserAuthenticationService authService)
        {
            _authService = authService;
        }

        [HttpPost("DoSomething")]
        [Produces("application/json")]
        [ProducesResponseType(typeof(IEnumerable<string>), (int)HttpStatusCode.OK)]
        [ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Unauthorized)]
        [ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Forbidden)]
        [ProducesResponseType(typeof(int), (int)HttpStatusCode.BadRequest)]
        //[Authorize(Policy = ServiceAuthorizationPolicy.Consumer)]
        public ActionResult<string> DoSomething()
        {
            if (!_authService.IsAuthenticated())
            {
                return Problem(
                title: "Unauthenticated",
                detail: $"User '{_authService.GetUserId()}' is not authenticated.",
                statusCode: (int)HttpStatusCode.Unauthorized,
                instance: HttpContext.Request.Path);
            }
            ...
        }
    }

You can compare the result with or without installing
    <PackageReference Include="Selenium.WebDriver" Version="4.12.0" />
or 4.12 vs 4.11

Relevant log output

Without installing package "Selenium.WebDriver" , or with version 4.11:
_httpContextAccessor.HttpContext.User.Identity.Name has correct value,
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated is True, when user authenticated or logged in.

With 4.12:
_httpContextAccessor.HttpContext.User.Identity.Name  is null,
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated is always False, even though the user is authenticated

Operating System

Windows 10

Selenium version

dotnet, 4.12.x

What are the browser(s) and version(s) where you see this issue?

Chrome, Edge

What are the browser driver(s) and version(s) where you see this issue?

Selenium.WebDriver 4.12.x

Are you using Selenium Grid?

N/A

[github-actions]

@fangwangse, thank you for creating this issue. We will troubleshoot it as soon as we can.

---

Info for maintainers

Triage this issue by using labels.

If information is missing, add a helpful comment and then I-issue-template label.

If the issue is a question, add the I-question label.

If the issue is valid but there is no time to troubleshoot it, consider adding the help wanted label.

If the issue requires changes or fixes from an external project (e.g., ChromeDriver, GeckoDriver, MSEdgeDriver, W3C), add the applicable G-* label, and it will provide the correct link and auto-close the issue.

After troubleshooting the issue, please add the R-awaiting answer label.

Thank you!

[nvborisenko]

@fangwangse please try to use the latest 4.12.4 and report results back.

@jimevans I think it's related to Microsoft.IdentityModel.Tokens, we are dependent on it >=6.19. As short-term fix we can be dependent on lower version as possible. As long-term fix we can remove this dependency at all (just copy/paste small piece of code from Microsoft's repository)..

[fangwangse]

I've tried 4.12.4 already, same problem as 4.12.0

[nvborisenko]

Please help us: uninstall Selenium.WebDriver package and share the list of your packages (with versions) in the project. Thank you.

[fangwangse]

Uninstalling the selenium.webdriver does't help either.
List of packages:

<PackageReference Include="Swashbuckle.AspNetCore" Version="6.3.0" />
<PackageReference Include="Selenium.Support" Version="4.12.4" />
<PackageReference Include="ClosedXML" Version="0.101.0" />
<PackageReference Include="CronExpressionDescriptor" Version="2.20.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.20" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.32.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.32.0" />
<PackageReference Include="Hangfire.AspNetCore" Version="1.8.3" />
<PackageReference Include="Hangfire.Core" Version="1.8.3" />
<PackageReference Include="Hangfire.MemoryStorage" Version="1.8.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="6.0.0" />
<PackageReference Include="Serilog.AspNetCore" Version="5.0.0" />

and some EntityFrameworkCore (6.0.4) related packages.

[nvborisenko]

Stop. You uninstalled Selenium.WebDriver and the issue still exists?!

[fangwangse]

Yes, because this package is still installed:
PackageReference Include="Selenium.Support" Version="4.12.4" />

It works Only when I remove both Selenium.WebDriver and Selenium.Support
Or downgrade them to 4.11

[nvborisenko]

Gotcha.

Can we please compare a list of your PackageReferences before/after installing Selenium stuff? I think selenium forces your project to use Newtonsoft.Json v13 while you need v11.

And what is your .net target framework?

[fangwangse]

It’s .net6
In "Hangfire.Core" package that I’m using, I see it’s using Newtonsoft.Json v11
It’s true that you’re using Newtonsoft.Json v13 in your selenium.webdriver v4.12

[nvborisenko]

There is only 1 diff between 4.11 and 4.12 - selenium became honest and declared dependencies:

• Microsoft.IdentityModel.Tokens (>= 6.19.0)
• System.Drawing.Common (>= 7.0.0)

I created couple of PRs to remove these dependencies entirely, so installing Selenium packages should not affect your project. Stay tuned.

[fangwangse]

Sorry the version info for the 3 packages (see below) that I posted previously is wrong, the version info that I’m using is actually:

<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="5.0.9" />
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.12.2" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.12.2" />

I do see your PR of moving the dependency of Microsoft.IdentityModel.Tokens, hopefully this will solve the issue. I’m looking forward to the new release 😊
Thank you!