Release: 2.0.9.102 (Canary) 2024-08-02

ts678 · August 3, 2024, 8:12pm

Does your “invalid authentication” seem to correspond to terminal window putting out stuff like:

fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
      An unhandled exception has occurred while executing the request.
      Duplicati.WebserverCore.Exceptions.UnauthorizedException: Authorization failed due to missing cookie.
         at Duplicati.WebserverCore.Endpoints.V1.Auth.<>c.<<Map>b__3_0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Http.RequestDelegateFactory.<TaskOfTToValueTaskOfObject>g__ExecuteAwaited|92_0[T](Task`1 task)
         at Duplicati.WebserverCore.Middlewares.LanguageFilter.InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)
         at Microsoft.AspNetCore.Http.RequestDelegateFactory.<ExecuteValueTaskOfObject>g__ExecuteAwaited|129_0(ValueTask`1 valueTask, HttpContext httpContext, JsonTypeInfo`1 jsonTypeInfo)
         at Duplicati.WebserverCore.Middlewares.WebsocketExtensions.<>c__DisplayClass0_0.<<UseNotifications>b__0>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)

Mine is looking like above, and I (like you) haven’t seen any sign of a traditional password usage.
I’ve tried to encourage it with --webservice-password and Settings Change server passphrase.

What seems to work the best for me is to open from a TrayIcon, but that’s only one of many uses.
Running as a Windows service, or with Duplicati on a different system are other cases to support.

was a topic on its own (added to old one, being pursued), and also mentioned above in this topic.

EDIT:

The message posted above “seems” to happen when I leave the golden path of a tray icon open.
Even going to 127.0.0.1 instead of localhost does it, presumably due to lack of a refresh token.
I’m running Duplicati.GUI.TrayIcon.exe --webservice-interface=* --webservice-allowedhostnames=* while pursuing the other topic. The host header check is acting unusually.