api/TokenAuth/Authenticate "Internal Server Error" #3269

riaan created 7 years ago

Hi,

(Article [https://aspnetzero.com/Documents/Development-Guide-Core#authentication]) refers)

On a fast connection (PC) I'm able to get a token back when making a call to "https://mysite.xyz/api/TokenAuth/Authenticate" as per the above article.

On a slow connection (high latency) the response I get back is "Internal Server Error".

The slow connection is either when making the dynamic WebAPI call from our app running on a mobile phone or a shaped internet connection.

How/where can I increase the timeout in my ASPNETZERO app in order to allow for slow request/response?

Thanks,

Riaan

7 Answer(s)

0

ismcagdas created 7 years ago
Support Team

Hi,

This might be related to different timeouts. Can you check in your Logs.txt file where do you get timeout exception ?

Thanks.

riaan created 7 years ago

Hi ismcagdas,

I checked the logs and found the following during the api/TokenAuth/Authenticate process.

INFO  2017-05-26 13:35:36,584 [37   ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://app.my.url/api/TokenAuth/Authenticate application/json 68
DEBUG 2017-05-26 13:35:36,600 [37   ] NetCore.StaticFiles.StaticFileMiddleware - POST requests are not supported
DEBUG 2017-05-26 13:35:36,600 [37   ] osoft.AspNetCore.Routing.Tree.TreeRouter - Request successfully matched the route with name '(null)' and template 'api/TokenAuth/Authenticate'.
DEBUG 2017-05-26 13:35:36,600 [37   ] ore.Mvc.Internal.ControllerActionInvoker - Executing action Company.MyApp.Web.Controllers.TokenAuthController.Authenticate (MyCompany.MyApp.Web.Core)
INFO  2017-05-26 13:35:36,600 [37   ] idateAntiforgeryTokenAuthorizationFilter - Antiforgery token validation failed. The required antiforgery header value "X-XSRF-TOKEN" is not present.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present.
   at Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery.<ValidateRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ValidateAntiforgeryTokenAuthorizationFilter.<OnAuthorizationAsync>d__3.MoveNext()
INFO  2017-05-26 13:35:36,600 [37   ] ore.Mvc.Internal.ControllerActionInvoker - Authorization failed for the request at filter 'Abp.AspNetCore.Mvc.Antiforgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
INFO  2017-05-26 13:35:36,600 [37   ] icrosoft.AspNetCore.Mvc.StatusCodeResult - Executing HttpStatusCodeResult, setting HTTP status code 400

Note that I do have the HTTPS rewrite rule for the .netcore app in the web.config on in order to redirect all calls made to the website and dynamic wbapi endpoints to HTTPS instead of http. Would this have an effect?

The web.config as follow:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    </handlers>
    <aspNetCore processPath="dotnet" arguments=".\MyCompany.MyApp.Web.Mvc.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
	<rewrite>
		<rules>
			<rule name="HTTP to HTTPS redirect" stopProcessing="true">
				<match url="(.*)" />
					<conditions>
						<add input="{HTTPS}" pattern="off" ignoreCase="true" />
					</conditions>
				<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
	        </rule>
        </rules>
    </rewrite>
  </system.webServer>
</configuration>

and the appsettings.json as follow:

{
  "ConnectionStrings": {
    "Default": "sqlconnectionstring"
  },
  "App": {
    "WebSiteRootAddress": "http://app.my.url"
  },
  "Authentication": {
    "JwtBearer": {
      "IsEnabled": "true",
      "SecurityKey": "MyApp_8DEB2BA534E24D56",
      "Issuer": "MyApp",
      "Audience": "MyApp"
    },
  }
}

Thanks,

Riaan

0

ismcagdas created 7 years ago
Support Team

Hi,

Actually I don't know how url rewrite module works on IIS. Does it work when you remove this url redirect from web.config ?

Thanks.
0

riaan created 7 years ago

Hi.

Thanks. It appears the http rewrite rule in the web.config caused the issue.

Any best practice aspnetzero recommendation for implementing https only on an aspnetzero site? Apart from setting the site directory in the appsettings.json file to force https only, for mvc as well as static files?

Thx
0

ismcagdas created 7 years ago
Support Team

Hi @riaan,

We don't have any experience on this area. Maybe it is better to search on the web for a solution.

Thanks.
0

riaan created 7 years ago

Hi @ismcagdas,

The assistance you provided in solving the "INTERNAL SERVER ERROR" was invaluable and solved our 1st issue :)

Thanks for the feedback. I will look at the HTTPS redirects as suggested.

Kind Regards,

Riaan
0

ismcagdas created 7 years ago
Support Team

Thanks @riaan :)

Have an answer to this question? Log in and write your answer.