Hello We are using Asp.Net Core + angular, our product version is 6.5. i have made change for refresh token from backend side in the mention below files
1. TokenAuthController 2. JwtSecurityStampHandler (New) 3. IJwtSecurityStampHandler (New) 4. EnumTokenTypes (New) 5. PortalJwtSecurityTokenHandler 6. TokenAuthConfiguration
We are using identity server, so we have added additional identifier as an the claim.
the Authentication works fine giving me access & refresh token, but not able to access any other service data it's failed at validate token and throw SecurityTokenException
userManagerObject.IsTokenValidityKeyValidAsync(user, tokenValidityKeyClaim.Value)
Can you please let us know we did wrong or anything else that we are missing as soon as possible?
Hello,
I am trying to download the latest project Asp.net core & Angular (V8.1.0), but it allowing me to download the single solution. but as we need to migrate from V6.5. we need seperate solution for angular and asp.net core.
please look in the below attachment. [DELETED LINK] [DELETED LINK]
I check in the console and it gives me 500 server side error while creating project. [DELETED LINK]
Please let us know as soon as possible.
Thanks.
Hello,
I have added an Identity Server authorization code flow to my project (aspe.net core + angular). Everything works fine but when we refresshing token then after unable to logout. Getting Signature validation failed. Unable to match keys and status code 500. i have also configure UpdateAccessTokenClaimsOnRefresh to True , also AllowOfflineAccess to True on register client. but unable to to do logout as claim not matched.
Can you please help us to come out from this ?
Hi,
I'm trying to implement a custom API that should authenticate the user token through the main project (AspNetZero + IdentityServer4). Here is my scenario:
The user request an access_token to the AspNetZero:
curl -X POST \
http://localhost:22742/api/TokenAuth/Authenticate \
-H 'Abp.TenantId: 1' \
-H 'Accept: application/json' \
-H 'Authorization: Basic Y2xpZW50OmRlZjJlZGY3LTVkNDItNGVkYy1hODRhLTMwMTM2YzM0MGUxMw==' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 4ae44037-d9f6-4e39-ba38-6f6bcf709d63' \
-H 'cache-control: no-cache' \
-d '{
"usernameOrEmailAddress": "admin",
"password": "admin"
}'
And receive the token:
{
"result": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIyIiwibmFtZSI6ImFkbWluIiwiQXNwTmV0LklkZW50aXR5LlNlY3VyaXR5U3RhbXAiOiI4N2ExZjY1Yi1hMzcwLTM5MDgtMjVlMi0zOWViOGM0Z
TAwY2YiLCJyb2xlIjoiQWRtaW4iLCJodHRwOi8vd3d3LmFzcG5ldGJvaWxlcnBsYXRlLmNvbS9pZGVudGl0eS9jbGFpbXMvdGVuYW50SWQiOiIxIiwianRpIjoiZWU5ODZiNGItMWE4MC00NmQ4LTkxZjAtMjI1ZWVlZDkyZ
mE3IiwiaWF0IjoxNTU3MjI5NzQ5LCJ0b2tlbl92YWxpZGl0eV9rZXkiOiJiMTBlYjQyNS0yMTgyLTRhYzMtYmNkOS0yOGMyOGEzOWUyZTYiLCJ1c2VyX2lkZW50aWZpZXIiOiIyQDEiLCJuYmYiOjE1NTcyMjk3NDksImV4cCI6MT
U1NzMxNjE0OSwiaXNzIjoiUG9ydGFsIiwiYXVkIjoiUG9ydGFsIn0.fRIdw9z5ITgishY8PRg9XHs5e0yrnzZZ_s3Nul98tr8",
"encryptedAccessToken": "wNYmO41/48SHNstaLVXxHCCre29BZQl1NhC6NM3R3rwZiL572M4gBaHf6sHsTGZfcntBdt0YdGxxOmZDW4iy5jqe38W4yYK8C/ZyrckjUp2HPGDmagvdis58EyNMpU3nSRtiAxQDeAI9GbjKTv
JK8YVC74c0JREZ0QCsXHX2emQn3uNkO/VeFi83SknQb2JBZw3WAoXbZAnVA2bDQ7M5tiA+uqGj1xZcEAkqHOJoF2wiUZqLQtjB8p54MnQJ6EEdrmDqXBTzjz7MGRNMOPt3KU8bElGG/nVRkiA0s309BDbN+0elR5P7e0Gx/EEgEAMaLMORjg
bLvp5x1xbap5QmheyPVsYzD8qHkG0EMcHz2sUvdqEaf5EurGrgAsjN5FlDuTtNE+GBa5sXekwXbdj3lRSIvh0IGJxajpOPBKhQIt/SzQeS+mtSq82k4xrgK+quEnT1FL1EvHqlGFWKKku+oaiyqCvT3o2yIr5FPKd26daRbuuyM5YhE3mEkVmhqfHo8K
IWRzcg4I+55bBx5N3+hsqCif7+THNtxePu7z7e0kcAjSzLBooQJ+0AWubkvil4jrs9AfjsDDefWvnvlC4n7OwHdxBXheQxKwzn0wawkFIVV35rVo5SC5baNHI2hrzlN1n80lUNyKf7SrksdLtzo/U/EP1Ztw5ah1z34ezshlaqvJKc78pZwHGUGxNbq
JqcyGG7Ovqy/fLAtPmmZKHdEgy3uqQpYA9mPovMc1Me6AFnJc3yQJWfGYErIGLaJRV2i3kI
yfKsPe9eEw5YpMZM1KxPhhmK0UgMlFBzDMKnZuo=",
"expireInSeconds": 86400,
"shouldResetPassword": false,
"passwordResetCode": null,
"userId": 2,
"requiresTwoFactorVerification": false,
"twoFactorAuthProviders": null,
"twoFactorRememberClientToken": null,
"returnUrl": null
},
"targetUrl": null,
"success": true,
"error": null,
"unAuthorizedRequest": false,
"__abp": true
}
Once he received the token, he request the information to the custom API:
curl -X GET \
https://localhost:5001/api/values -k -v \
-H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIyIiwibmFtZSI6ImFkbWluIiwiQXNwTmV0LklkZW50aXR5LlNlY3VyaXR5U3RhbXAiOiI4N2ExZjY1Yi1hMzcwLTM5MDgtMjVlMi0zOW
ViOGM0ZTAwY2YiLCJyb2xlIjoiQWRtaW4iLCJodHRwOi8vd3d3LmFzcG5ldGJvaWxlcnBsYXRlLmNvbS9pZGVudGl0eS9jbGFpbXMvdGVuYW50SWQiOiIxIiwianRpIjoiZWU5ODZiNGItMWE4MC00NmQ4LTkxZjAtM
jI1ZWVlZDkyZmE3IiwiaWF0IjoxNTU3MjI5NzQ5LCJ0b2tlbl92YWxpZGl0eV9rZXkiOiJiMTBlYjQyNS0yMTgyLTRhYzMtYmNkOS0yOGMyOGEzOWUyZTYiLCJ1c2VyX2lkZW50aWZpZXIiOiIyQDEiLCJuYmYiOjE1NTcyMj
k3NDksImV4cCI6MTU1NzMxNjE0OSwiaXNzIjoiUG9ydGFsIiwiYXVkIjoiUG9ydGFsIn0.fRIdw9z5ITgishY8PRg9XHs5e0yrnzZZ_s3Nul98tr8'
The Custom API should validate the token with the AspNetZero project:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.Authority = "http://localhost:22742";
o.Audience = "default-api";
o.RequireHttpsMetadata = false;
});
But when I try to do it, I receive the following exception:
40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: '[PII is hidden]'.
Exceptions caught:
'[PII is hidden]'.
token: '[PII is hidden]'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: '[PII is hidden]'.
Exceptions caught:
'[PII is hidden]'.
token: '[PII is hidden]'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
[40m[32minfo[39m[22m[49m: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Bearer was not authenticated. Failure message: IDX10503: Signature validation failed. Keys tried: '[PII is hidden]'.
Exceptions caught:
'[PII is hidden]'.
token: '[PII is hidden]'.
Bearer was not authenticated. Failure message: IDX10503: Signature validation failed. Keys tried: '[PII is hidden]'.
Exceptions caught:
'[PII is hidden]'.
token: '[PII is hidden]'.
Here's the configuration from my AspNetZero project:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("default-api", "Default (all) API")
{
Description = "AllFunctionalityYouHaveInTheApplication",
//ApiSecrets= {new Secret("secret") }
}
};
}
"Clients": [
{
"ClientId": "client",
"AllowedGrantTypes": [
"hybrid",
"password"
],
"ClientSecrets": [
{
"Value": "def2edf7-5d42-4edc-a84a-30136c340e13"
}
],
"AllowedScopes": [
"default-api",
"openid",
"profile"
],
"RedirectUris": [
"http://localhost:22742/signin-oidc"
],
"PostLogoutRedirectUris": [
"http://localhost:22742/signout-callback-oidc"
]
}
It should be easy to do this, I have a different project doing the same. Any ideas about what could be wrong?
Thanks,