selenium: [🐛 Bug]: User.Identity.IsAuthenticated and User.Identity.Name not working anymore since webDriver version 4.12

What happened?

I have OIDC authentication enabled in my API. When user gets authenticated via the swagger UI (or web client), I get correct values for _httpContextAccessor.HttpContext.User.Identity.Name _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated (=True) in my services.

When I add the following packages: <PackageReference Include="Selenium.Support" Version="4.11.0" /> <PackageReference Include="Selenium.WebDriver" Version="4.11.0" /> It still works fine.

But, if I upgrade above packages to the latest version 4.12.x, i.e.: <PackageReference Include="Selenium.Support" Version="4.12.0" /> <PackageReference Include="Selenium.WebDriver" Version="4.12.0" />

_httpContextAccessor.HttpContext.User.Identity.Name _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated stop returning correct values: …Identity.Name is always null, …Identity.IsAuthenticated is always False.

If I remove these 2 packages, or downgraded back to 4.11.0, correct values are back as well.

How can we reproduce the issue?

In Program.cs:

services.AddHttpContextAccessor();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(...);
services.AddScoped<IHttpClientFactory, HttpClientFactory>();
services.AddScoped<IUserAuthenticationService, UserAuthenticationService>();
services.AddSwaggerGen(options =>
        {
            var oidcAddress = "your jwt token server address";
            options.AddSecurityDefinition(AuthorizationSystems.Oidc.ToString(), new OpenApiSecurityScheme
            {
                Type = SecuritySchemeType.OAuth2,
                Flows = new OpenApiOAuthFlows
                {
                    AuthorizationCode = new OpenApiOAuthFlow
                    {
                        AuthorizationUrl = new Uri($"{oidcAddress}/auth/realms/master/protocol/openid-connect/auth"),
                        TokenUrl = new Uri($"{oidcAddress}/auth/realms/master/protocol/openid-connect/token")
                    }
                }
            })
            .AddSecurityRequirement(new OpenApiSecurityRequirement
            {
                {
                    new OpenApiSecurityScheme
                    {
                        Reference = new OpenApiReference
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = AuthorizationSystems.Oidc.ToString()
                        }
                    },
                    new List<string>()
                }
            });
        });
...

app.UseAuthentication();

In UserAuthenticationService.cs:
    public class UserAuthenticationService: IUserAuthenticationService
    {
        private readonly IHttpContextAccessor _httpContextAccessor;

        public UserAuthenticationService(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }

        bool IUserAuthenticationService.IsAuthenticated()
        {
            return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated;
        }

        string IUserAuthenticationService.GetUserId()
        {
            return _httpContextAccessor.HttpContext.User.Identity.Name;
        }
    }

In controller:
public class ExampleController : ControllerBase
    {
        private readonly IUserAuthenticationService _authService;

        public TestCaseController(IUserAuthenticationService authService)
        {
            _authService = authService;
        }

        [HttpPost("DoSomething")]
        [Produces("application/json")]
        [ProducesResponseType(typeof(IEnumerable<string>), (int)HttpStatusCode.OK)]
        [ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Unauthorized)]
        [ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Forbidden)]
        [ProducesResponseType(typeof(int), (int)HttpStatusCode.BadRequest)]
        //[Authorize(Policy = ServiceAuthorizationPolicy.Consumer)]
        public ActionResult<string> DoSomething()
        {
            if (!_authService.IsAuthenticated())
            {
                return Problem(
                title: "Unauthenticated",
                detail: $"User '{_authService.GetUserId()}' is not authenticated.",
                statusCode: (int)HttpStatusCode.Unauthorized,
                instance: HttpContext.Request.Path);
            }
            ...
        }
    }

You can compare the result with or without installing
    <PackageReference Include="Selenium.WebDriver" Version="4.12.0" />
or 4.12 vs 4.11

Relevant log output

Without installing package "Selenium.WebDriver" , or with version 4.11:
_httpContextAccessor.HttpContext.User.Identity.Name has correct value,
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated is True, when user authenticated or logged in.

With 4.12:
_httpContextAccessor.HttpContext.User.Identity.Name  is null,
_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated is always False, even though the user is authenticated

Operating System

Windows 10

Selenium version

dotnet, 4.12.x

What are the browser(s) and version(s) where you see this issue?

Chrome, Edge

What are the browser driver(s) and version(s) where you see this issue?

Selenium.WebDriver 4.12.x

Are you using Selenium Grid?

N/A

About this issue

  • Original URL
  • State: closed
  • Created 10 months ago
  • Comments: 15 (7 by maintainers)

Most upvoted comments

Yay! 4.13.1 works, thanks for all your great work!

+1
fangwangse on Oct 2, 2023
Read more comments on GitHub
← selenium: [🐛 Bug]: unknown error: cannot find Chrome binary
selenium: [🐛 Bug]: UseWebView in EdgeOption not exists in Java →