Access violation/StackoverflowException in new .NET6.0 WebAPI application
See original GitHub issueDescribe the bug
I created an new ASP.NET Core Web API (.net 6.0) application and the only changes i made was trying to add google authentication.
using Microsoft.AspNetCore.Authentication.Google;
var builder = WebApplication.CreateBuilder(args);
var config = builder.Configuration;
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = GoogleDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddGoogle(GoogleDefaults.AuthenticationScheme, options =>
{
options.ClientId = config.GetSection("GoogleData:ClientId").Value;
options.ClientSecret = config.GetSection("GoogleData:ClientSecret").Value;
});
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(); var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseCookiePolicy();
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
I added the [Authorize] attribute to the default GetWeatherForecast api endpoint and when i try to call the enpoint from Swagger or Postman the application crashes.
Exception thrown at 0x00007FFE2CAD1E2B (coreclr.dll) in [App_name].exe: 0xC0000005: Access violation writing location 0x000000BE97B00FF8. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. Unhandled exception at 0x00007FFE2CAD1E2B (coreclr.dll) in [App_name].exe: 0xC0000005: Access violation writing location 0x000000BE97B00FF8. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging.
the debug output ends with
The program ‘[11428] [App_name].exe’ has exited with code 3221225477 (0xc0000005) ‘Access violation’.
Environment
Visual Studio Community 2022 (64-bit) - Version 17.2.6 Windows 11
Issue Analytics
- State:
- Created a year ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Right this is because Google is an external OAuth and challenge only, the idea is you are supposed to set a sign in scheme to something like cookies.
Without something that’s able to persist the successful signin, you will get an infinite loop like this as authenticate will trigger a challenge and just loop infinitely,
See https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/samples/SocialSample/Startup.cs#L41 for an example of how setting a cookie as the default scheme and also have google as a sign in option.
Is your app properly handling forbidden by returning a 403? Because if your app is sending a challenge to google instead of returning 403, you will get an infinite loop since it will try authenticate (which will succeed), but you will still be forbidden, and it will just keep looping