Version Upgrade Error Message

[etneodeck]

While upgrading Identity server from version 4 to 6.3.8, we are getting the following error message:

Autofac.Core.DependencyResolutionException: An exception was thrown while activating Duende.IdentityServer.Services.DefaultSessionCoordinationService -> λ:Duende.IdentityServer.Stores.IServerSideSessionStore.
 ---> Autofac.Core.DependencyResolutionException: A delegate registered to create instances of 'Duende.IdentityServer.Stores.IServerSideSessionStore' returned null.
   at Autofac.Core.Activators.Delegate.DelegateActivator.ActivateInstance(IComponentContext context, IEnumerable`1 parameters)
   at Autofac.Core.Activators.Delegate.DelegateActivator.<ConfigurePipeline>b__2_0(ResolveRequestContext context, Action`1 next)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
   --- End of inner exception stack trace ---
   at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action`1 next)
   at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext context)
   at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest request)
   at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest request)
   at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable`1 parameters, Object& instance)
   at Autofac.ResolutionExtensions.ResolveOptionalService(IComponentContext context, Service service, IEnumerable`1 parameters)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.GetService(IServiceProvider sp, Type type, Type middleware)
   at lambda_method836(Closure , Object , HttpContext , IServiceProvider )
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<UseMiddleware>b__2(HttpContext context)
   at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in /_/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 95
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 50
   at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

We confirm that the service keeps running but if I try to open identity in a browser, is where the error shows up.

We note that we use .net 6 but we don't use the ServerSide Session service.

Please, let us know what is causing this error message and how we can proceed with the upgrade.

Thank you.

[josephdecock]

IdentityServer internally uses a pattern of dependency injection in which services can be optional, and when an optional service is not present, a null value for that service is used. This pattern is supported by the default service provider implementation in ASP.NET - the Microsoft.Extensions.DependencyInjection.ServiceProvider. However some other service provider implementations, such as Autofac, don't allow this kind of injection. Our recommendation is to use the default service provider instead of Autofac. I'd be curious to know why you're using Autofac over the default service provider. In the past I've seen folks using Autofac because of its support for keyed services, but .NET 8 added IKeyedServiceProvider to add support for that feature in .NET 8 (supported by the newly released IdentityServer 7).

[etneodeck]

Hello, We use Autofac because our Identity Server depends on many NuGet packages that are developed by us, and most of these packages use Autofac to register their dependencies. In the previous version Identity Server 4, Autofac worked without any issues. Is there any way we can work around this? We don't use the IServerSideSessionService, and removing Autofac from our project will be very difficult, as we've had this project running for so long and we need all of the services provided from our NuGet Packages. Respectfully, [cid:1b703f77-c748-4489-b4d7-1113a8a5f44d] This E-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error, please notify the sender by reply E-mail immediately and destroy all copies of the E-mail and any attachments.

…

________________________________ From: Joe DeCock ***@***.***> Sent: Wednesday, February 7, 2024 10:17 PM To: DuendeSoftware/Support ***@***.***> Cc: Edwin Torres ***@***.***>; Author ***@***.***> Subject: Re: [DuendeSoftware/Support] Version Upgrade Error Message (Issue #1102) IdentityServer internally uses a pattern of dependency injection in which services can be optional, and when an optional service is not present, a null value for that service is used. This pattern is supported by the default service provider implementation in ASP.NET - the [Microsoft.Extensions.DependencyInjection.ServiceProvider)[https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.serviceprovider?view=dotnet-plat-ext-8.0&viewFallbackFrom=net-8.0]. However some other service provider implementations, such as Autofac, don't allow this kind of injection. Our recommendation is to use the default service provider instead of Autofac. I'd be curious to know why you're using Autofac over the default service provider. In the past I've seen folks using Autofac because of its support for keyed services, but .NET 8 added IKeyedServiceProvider to add support for that feature in .NET 8 (supported by the newly released IdentityServer 7). — Reply to this email directly, view it on GitHub<#1102 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZCYYXARMETWBAMR7BPDZ4TYSQYT3AVCNFSM6AAAAABC6AVJU2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZTGI2TSNBQHE>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[josephdecock]

IdentityServer has been using this pattern for several major releases over the past few years, so any change that we make now we would need to do carefully to avoid breaking changes. That said, we've created DuendeSoftware/IdentityServer#1520 that we're tentatively considering for our 7.1 release.

[etneodeck]

Hello, We are looking forward to implementing the 7.1 release. Thanks a lot for your help. Respectfully, [cid:b6a82e75-29cc-4acd-b977-3d0365a2b224] This E-mail and any files transmitted with it are confidential, may contain sensitive information, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error, please notify the sender by reply E-mail immediately and destroy all copies of the E-mail and any attachments.

…

________________________________ From: Joe DeCock ***@***.***> Sent: Sunday, February 18, 2024 3:19 PM To: DuendeSoftware/Support ***@***.***> Cc: Edwin Torres ***@***.***>; Author ***@***.***> Subject: Re: [DuendeSoftware/Support] Version Upgrade Error Message (Issue #1102) IdentityServer has been using this pattern for several major releases over the past few years, so any change that we make now we would need to do carefully to avoid breaking changes. That said, we've created DuendeSoftware/IdentityServer#1520<DuendeSoftware/IdentityServer#1520> that we're tentatively considering for our 7.1 release. — Reply to this email directly, view it on GitHub<#1102 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AZCYYXHJBLHMIFJLW62EUMLYUJH5ZAVCNFSM6AAAAABC6AVJU2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJRGQYTSOJUGU>. You are receiving this because you authored the thread.Message ID: ***@***.***>