Starting with a new 5.6.1 project (ASP.NET Core/Angular6), I enabled and configured OpenID Connect with Azure AD, spun up the app locally (visual studio 2017 debugger for back end; npm start for front end), and successfully authenticated by clicking the OpenID Connect icon on the login page.
Then I built the docker images and ran them, but now when I click the OpenID Connect icon I get this error.
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Any idea why this error is only occurring when using Docker?
Here is the full stack trace.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Abp.AspNetZeroCore.Web.Authentication.External.OpenIdConnect.OpenIdConnectAuthProviderApi.ValidateToken(String token, String issuer, IConfigurationManager`1 configurationManager, CancellationToken ct)
at Abp.AspNetZeroCore.Web.Authentication.External.OpenIdConnect.OpenIdConnectAuthProviderApi.GetUserInfo(String token)
at Stantec.DocView.Web.Controllers.TokenAuthController.GetExternalUserInfo(ExternalAuthenticateModel model)
at Stantec.DocView.Web.Controllers.TokenAuthController.ExternalAuthenticate(ExternalAuthenticateModel model)
at lambda_method(Closure , Object )
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
This seems to be the same issue: <a class="postlink" href="https://github.com/dotnet/corefx/issues/30313">https://github.com/dotnet/corefx/issues/30313</a>
Same here: "Sorry but you are not permitted to use the search system."
Indeed. I have since tried using Windows containers instead of Linux containers and have run into a new error.
System.DllNotFoundException: Unable to load DLL 'activeds.dll' or one of its dependencies: The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at System.DirectoryServices.Interop.UnsafeNativeMethods.IntADsOpenObject(String path, String userName, String password, Int32 flags, Guid& iid, Object& ppObject)
at System.DirectoryServices.Interop.UnsafeNativeMethods.ADsOpenObject(String path, String userName, String password, Int32 flags, Guid& iid, Object& ppObject)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.UpdateUserAsync(TUser user, TTenant tenant)
at Abp.Authorization.AbpLogInManager`3.TryLoginFromExternalAuthenticationSources(String userNameOrEmailAddress, String plainPassword, TTenant tenant)
at Abp.Authorization.AbpLogInManager`3.LoginAsyncInternal(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)
at Abp.Authorization.AbpLogInManager`3.LoginAsync(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)
at Abp.Threading.InternalAsyncHelper.AwaitTaskWithPostActionAndFinallyAndGetResult[T](Task`1 actualReturnValue, Func`1 postAction, Action`1 finalAction)
at Stantec.DocView.Web.Controllers.TokenAuthController.GetLoginResultAsync(String usernameOrEmailAddress, String password, String tenancyName)
at Stantec.DocView.Web.Controllers.TokenAuthController.Authenticate(AuthenticateModel model)
at lambda_method(Closure , Object )
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
My Dockerfile looks like this now too:
FROM microsoft/dotnet:2.1-runtime
WORKDIR /app
COPY . .
ENTRYPOINT ["dotnet", "Stantec.DocView.Web.Host.dll"]
I ran the base image (ie. microsoft/dotnet:2.1-runtime) and checked C:\Windows\System32 for activeds.dll -- it was not there. If I run the 'microsoft/dotnet-framework:4.7.2-runtime' image, activeds.dll exists, but this image is quite large (8.61 GB compared to 401 MB for the 'microsoft/dotnet:2.1-runtime' image).
So I am guessing that my current error would disappear if I used the dotnet-framework image, but is that the best/only solution I have here?
What would be nice is to have an image like microsoft/dotnet:2.1-runtime that included activeds.dll...
I'm using the AspNetZeroAngular2 v5.6.1 solution template and generated entities using the RAD tool. I get the following error when attempting to build the solution after successfully adding the entities. What is the fix for this?
Severity Code Description Project File Line Suppression State Error CS7036 There is no argument given that corresponds to the required formal parameter 'cacheManager' of 'EpPlusExcelExporterBase.EpPlusExcelExporterBase(ICacheManager)'
I had some general questions about the integration with Metronic and Asp.Net Zero. We are using the Angular/.Net Core ASP.Net Zero starter template
Is there a way to tell by looking at the Angular source code what version of Metronic we are on? I guessed v5.1 because that was the accompanying metronic zip download on the Asp.Net Zero size, but I was wondering if there was another way?
Are there instructions on how we could upgrade the v5.1 Metronic code to v5.3 within the Asp.Net Zero framework? Or how to do Metronic upgrades in general?
I get this error when attempting to login to the application running as a Docker container with LDAP enabled.
System.PlatformNotSupportedException: System.DirectoryServices.AccountManagement is not supported on this platform.
at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, String userName, String password)
at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.CreatePrincipalContext(TTenant tenant)
at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.TryAuthenticateAsync(String userNameOrEmailAddress, String plainPassword, TTenant tenant)
at Abp.Authorization.AbpLogInManager`3.TryLoginFromExternalAuthenticationSources(String userNameOrEmailAddress, String plainPassword, TTenant tenant)
at Abp.Authorization.AbpLogInManager`3.LoginAsyncInternal(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)
at Abp.Authorization.AbpLogInManager`3.LoginAsync(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)
at Abp.Threading.InternalAsyncHelper.AwaitTaskWithPostActionAndFinallyAndGetResult[T](Task`1 actualReturnValue, Func`1 postAction, Action`1 finalAction)
at Stantec.DocView.Web.Controllers.TokenAuthController.GetLoginResultAsync(String usernameOrEmailAddress, String password, String tenancyName)
at Stantec.DocView.Web.Controllers.TokenAuthController.Authenticate(AuthenticateModel model)
at lambda_method(Closure , Object )
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
Does LDAP login work with Docker?
I am running Docker for Windows 18.06.0-ce-win72 (19098) on Windows 10 and using Linux containers.
Thanks for confirming.
Is there somewhere I can go to see the current road map?
Thanks! I had to make a few changes, so this is how I did it.
"angular\src\account\login\login.component.ts"
class LoginComponent {
ngOnInit() {
this.loginService.authenticateModel.userNameOrEmailAddress = 'foo';
this.loginService.authenticateModel.password = 'bar';
this.login();
}
}
"aspnet-core\src\ProjectName.Core\Authentication\AlwaysTrue\AlwaysTrueExternalAuthSource.cs"
public class AlwaysTrueExternalAuthSource: DefaultExternalAuthenticationSource<Tenant, User>, ITransientDependency
{
public override string Name => "AlwaysTrueExternalAuthSource";
public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant)
{
return Task.FromResult(true);
}
}
"aspnet-core\src\ProjectName.Core\ProjectNameCoreModule.cs"
public class ProjectNameCoreModule : AbpModule
{
public override void PreInitialize()
{
Configuration.Modules.Zero().UserManagement.ExternalAuthenticationSources.Add<AlwaysTrueExternalAuthSource>();
}
}
"aspnet-core\src\ProjectName.Web.Core\Controllers\TokenAuthController.cs"
public class TokenAuthController : ProjectNameControllerBase
{
[HttpPost]
public async Task<AuthenticateResultModel> Authenticate([FromBody] AuthenticateModel model)
{
var windowsIdentity = WindowsIdentity.GetCurrent();
model.UserNameOrEmailAddress = windowsIdentity.Name.ToLowerInvariant().Replace("\\","");
var loginResult = await GetLoginResultAsync(...)
}
}
There are 3 providers in the ConfigureExternalAuthProviders method of the WebHostModule (Facebook, Google, and Microsoft). I am interested in testing the Microsoft social login, but there is a comment above it.
//not implemented yet. Will be implemented with https://github.com/aspnetzero/aspnet-zero-angular/issues/5
if (bool.Parse(_appConfiguration["Authentication:Microsoft:IsEnabled"]))
{
...
There does not seem to be a GitHub repository named 'aspnet-zero-angular'...
Is Microsoft social login working?
I want to achieve the following feature in my ASP.NET Zero app (.NET Core & Angular 6).
Assume this is the first time I have accessed the app (ie. no user has been created for me yet).
After accessing the app for the first time, a user should be created for me with the default roles assigned (ie. just like what happens when logging in for the first time via the ASP.NET Zero LDAP feature).
To be clear, I have already successfully tested using my Windows credentials to log in as a first time user after enabling LDAP, but I want to skip the login process completely by using the fact that I have already authenticated myself when I logged into the Windows operating system.
How can I achieve this with ASP.NET Zero?