IdentityModel.OidcClient.Samples | samples use a demo instance | OAuth library

In our application we have a WPF client and an ASP.NET Core server, both of which uses .NET 5.

We store all our DLLs on server and the client downloads all the necessary DLLs from server when user logs in. Originally, the client has been independent of any third-party libraries, our other projects, etc. which allowed us, in certain situations, to download the client as DLL (using another application – which I will be calling a loader – specifically designed for this purpose), load the client using Assembly.Load(binaryData) and execute the login method.

Side note: What has been so far referred to as client is actually just a simple application which authenticates the user and downloads the DLLs for the actual client which consists of multiple assemblies and allows us to work with the data on server. For the sake of simplicity, however, I won't distinguish between them as they both stand on the client side.

Recently, I've implemented single sign-on using OpenID Connect based on NetCoreConsoleClient sample from IdentityModel and, as a result, a few references to other assemblies have been added to the client. Now, in order for the SSO to work, the loader has to download these assemblies together with the client.

Currently, the client uses some of the assemblies from Microsoft.AspNetCore.App shared framework. According to this SO question & answer it should be working on my machine since the runtime is installed – the framework is present on my machine in: C:\Program Files\dotnet\packs\Microsoft.AspNetCore.App.Ref\5.0.0. However, when I try logging in using the client downloaded via loader I'm getting System.IO.FileNotFoundException: 'Could not load file or assembly 'Microsoft.AspNetCore.Hosting, Version=5.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. The system cannot find the file specified.'

Also, if I take the DLL from the path mentioned above and try to load the Microsoft.AspNetCore.Hosting assembly manually, using Assembly.Load(binaryData), I'm getting System.BadImageFormatException: 'Could not load file or assembly 'Microsoft.AspNetCore.Hosting, Version=5.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'. Reference assemblies should not be loaded for execution. They can only be loaded in the Reflection-only loader context. (0x80131058)'

I tried searching online and discovered that it might be caused by 32-bit/64-bit architecture conflict. I tried creating a simple demo application where I tried changing between the architectures but had no success.

I also have found a few mentions of the exception I'm getting when loading the assembly manually but none of them seems to be relevant for my specific case.

Am I using the Microsoft.AspNetCore.App shared framework wrong? How to use it properly?

Is there a way how to actually use Microsoft.AspNetCore.Hosting and other assemblies from Microsoft.AspNetCore.App as a regular DLL so that I can load them using Assembly.Load(binaryData)?

I've been trying to figure out why my console application fails the instant I introduce a new package. Using IdentityModel.OidcClient and Microsoft.AspNetCore.Server.Kestrel only works, but when adding Microsoft.Extensions.Configuration.Json it throws exception. I don't reference the new package in code either, I just add it to the project.

Steps to reproduce:

1. Clone https://github.com/IdentityModel/IdentityModel.OidcClient.Samples.git

2. Upgrade NetCoreConsoleClient to .NET 5 (update packages).

3. Remove Serilog.Sinks.Literate obsolete package.

4. Remove call to .WriteTo.LiterateConsole for SeriLog in Program.cs and add using IdentityModel.Client.

5. Add CancellationToken cancellationToken = new CancellationToken() parameter for InvokeAsync method in SystemBrowser class. The signature for the IBrowser interface has changed, the new method should look like this: public async Task InvokeAsync(BrowserOptions options, CancellationToken cancellationToken = new CancellationToken())

6. Run application and login with alice/alice. Acquiring token is successful.

7. Add package Microsoft.Extensions.Configuration.Json.

8. Run application. It now throws exception Object reference not set to an instance of an object when writing to the http response.

The exception occurs in LoopbackHttpListener.SetResult when writing to the response: ctx.Response.WriteAsync("

Why does adding a package only, have such an impact to the runtime?

Project file: