: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary.
i am using the Angular/Core combined ANZ v10
we have a new customer that wants us to authenticate to their B2C server with OpenIdConnect. No matter what configuration settings i try, i still get Wrong Issuer on the front end after receiving the token. I placed logging in OpenIdConnectAuthProviderApi.ValidateToken but it doesn't seem to be getting that far.
Maybe it is a mapping issue? I don't know where to put their token_endpoint, if necessary. or their JW keys. Could you explain the JWTBearer parameters? Is that ClaimsMapping correct for ANZ to use email to login instead of username?
//from https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration
//"issuer": "https://theirnode.b2clogin.com/TheirTenantIdGuid/v2.0/",
//"authorization_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
//"token_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/token",
//"end_session_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
//"jwks_uri": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/discovery/v2.0/keys",
//"userinfo_endpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",
"IsEnabled": "true",
"ClientId": "OurGuid",
"ClientSecret": "OurSecret",
"Authority": "https://*theirnode*.b2clogin.com/*TheirTenantIdGuid*/v2.0",
"UserInfoEndpoint": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/openid/v2.0/userinfo",
"LoginUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize",
"LogoutUrl": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
"NotAuthorizedURL": "https://theirnode.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout",
"WellKnown": "https://*theirnode*.b2clogin.com/*theirnode*.onmicrosoft.com/b2c_1a_signup_signin/v2.0/.well-known/openid-configuration",
"ValidateIssuer": "false",
"ClaimsMapping": [
{
"claim": "email",
"key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
]
"JwtBearer": {
"IsEnabled": "true",
"SecurityKey": "*OurSecurityKey*",
"Issuer": "*SomeGuid*",
"Audience": "*SameGuidAsIssuer*"
}
NOTE: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary. (the support forum will not let me reply to your message)
we are using ANZ 10.0 Angular/Core combined version, hosted in Azure, published thru DevOps pipeline.
We have need of implementing things like DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) and SCA (Software Composition Analysis) into our development/build process(es). There are plenty of tools on the market to do these things, but before beginning a potentially lengthy search, does the ASP.NET Zero team use any specific tools like this? Do you recommend any particular ones to cover the above type(s) of automated testing?
the api could still be on one url. some users would have different urls to the same site, but the different urls would not indicate the tenant. for instance, group1.domain.com and group2.domain.com having the same tenant, or domain1.com and domain2.com sharing a published instance of the app.
we use ANZ10.1 Angular/Core combined
i would like to have two urls for the same published instance of our application. i have been able to accomplish this for multi-tenant by adding the tenancy placeholder. I would like to be able to do this for the root url. for instance, qa.domain.com and test.domain.com both pointing to the same instance. I don't know how to configure the serverrootaddress, approotaddress, remoteserverbaseurl, appbaseurl, etc
thanks, Rocco
we are using ANZ 10.1 Angular/Core combined
I have adapted our multi-tenant production environment to use the tenancy placeholder "ServerRootAddress": "{TENANCY_NAME}.domain.com/", "ClientRootAddress": "{TENANCY_NAME}.domain.com/", "CorsOrigins": "{TENANCY_NAME}.domain.com/", on our domain provider, i created a CNAME entry for each tenant. this is working to autoselect the tenantId for our production environment.
i would now like to apply this to our other environments. for example: "ServerRootAddress": "{TENANCY_NAME}.qa.domain.com/", "ClientRootAddress": "{TENANCY_NAME}.qa.domain.com/", "CorsOrigins": "{TENANCY_NAME}.qa.domain.com/",
I think my problem is in the domain definition for sub-sub-domain. Any suggestions on getting the url to actually get to the site?
we use ANZ 10.1 Angular/Core combined
Our application is multi-tenant with separate databases and a host db. I am in the process of setting up a CICD pipeline in Azure DevOps to build and publish our site when a merge request has been completed. This gets the hosted app up to date but migrations still need to be run on the database.
with the app publish automated, the database update also needs to be automated. what is the recommended process for running EF migrations in a CICD flow?
Thanks, Rocco
we are using ANZ 10.1 Angular/Core combined
When i publish, i need to go into Filezilla to delete the angular appconfig.json and replace it with the appropriate appconfig.environment.json otherwise it still tries touse localhost on our published sites instead of our hosted domain
i have set the ASPNETCORE_ENVIRONMENT for each environment. i thought that was supposed to be sufficient for Angular to look at the correct json file
What is the correct process for having Angular get the correct remoteServiceBaseUrl and appBaseUrl for the deployment slot?
thanks, Rocco
we found our solution. i'm posting it here for anyone that may read this thread.
Since azure expects the angular app to be in WWWROOT instead of WWWROOT/DIST, we can build it in wwwroot/ but only if angular knows not to delete the existing contents.
"outputPath": "wwwroot/",
"deleteOutputPath": false,
that automates the process, but does not remove the time to copy all of the files. it seems the files can't be generated in the place where they are expected to be used (./wwwroot/) so i was asking if we could use them where they are generated (./wwwroot/dist/). it seems very odd to me that we publish both the api and the angular to the webserver at the same time but only the api will run after publish. the entire angular app needs to be moved twice - to the correct folder and to azure.
is there a way to define the angular app's root folder as the dist folder?