Hi,
I published my app (asp.net core + angular) on my IIS server. I added my domain url to WebHostBuilder :
namespace ELEVEN_SOFT.Logisav.Web.Startup
{
public class Program
{
public static void Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.UseUrls("https:////mydomainname.com")
.Build();
host.Run();
}
}
}
Everything seems to work properly when testing the app. But on my log file, I have several exceptions linkked with identity server :
INFO 2017-08-12 10:58:37,432 [17 ] entication.JwtBearer.JwtBearerMiddleware - Successfully validated the token.
INFO 2017-08-12 10:58:37,432 [17 ] entication.JwtBearer.JwtBearerMiddleware - HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
INFO 2017-08-12 10:58:37,432 [17 ] entication.JwtBearer.JwtBearerMiddleware - Failed to validate the token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0IiwibmFtZSI6ImFkbWluIiwiQXNwTmV0LklkZW50aXR5LlNlY3VyaXR5U3RhbXAiOiI5MDc2MWU3MS00MTA5LTQ2ODktOGQzZS0wNDNhMWZhZmIzNTUiLCJyb2xlIjoiQWRtaW4iLCJodHRwOi8vd3d3LmFzcG5ldGJvaWxlcnBsYXRlLmNvbS9pZGVudGl0eS9jbGFpbXMvdGVuYW50SWQiOiIzIiwianRpIjoiYmY3MTc5NmYtMmUyMC00OTBiLTlhNTYtNjUxMzhlZGZkMjJjIiwiaWF0IjoxNTAyNTI0NDAwLCJuYmYiOjE1MDI1MjQ0MDAsImV4cCI6MTUwMjYxMDgwMCwiaXNzIjoiTG9naXNhdiIsImF1ZCI6IkxvZ2lzYXYifQ.KjUfCsnw3muqoIjWw3i7YkN6yK48gQsAapJeMzasp2Y.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId: 3c0acb9ccff2fa42456b471e8b8bc919
'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT"}.{"sub":"4","name":"admin","AspNet.Identity.SecurityStamp":"90761e71-4109-4689-8d3e-043a1fafb355","role":"Admin","http://www.aspnetboilerplate.com/identity/claims/tenantId":"3","jti":"bf71796f-2e20-490b-9a56-65138edfd22c","iat":1502524400,"nbf":1502524400,"exp":1502610800,"iss":"Logisav","aud":"Logisav"}'.
à System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
à System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
à Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
INFO 2017-08-12 10:58:37,432 [17 ] entication.JwtBearer.JwtBearerMiddleware - Bearer was not authenticated. Failure message: IDX10503: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey , KeyId: 3c0acb9ccff2fa42456b471e8b8bc919
'.
Exceptions caught:
''.
token: '{"alg":"HS256","typ":"JWT"}.{"sub":"4","name":"admin","AspNet.Identity.SecurityStamp":"90761e71-4109-4689-8d3e-043a1fafb355","role":"Admin","http://www.aspnetboilerplate.com/identity/claims/tenantId":"3","jti":"bf71796f-2e20-490b-9a56-65138edfd22c","iat":1502524400,"nbf":1502524400,"exp":1502610800,"iss":"Logisav","aud":"Logisav"}'.
I tried to remove "openid" settings from appsettings.json but still same exceptions.
I think it is due to an incorrect identityserver settings but don't how to correct it. On the log exception, it is also mentioned the url <a class="postlink" href="http://www.aspnetboilerplate.com/identity/claims/tenantId">http://www.aspnetboilerplate.com/identi ... s/tenantId</a> which should not be here actualy.
Can you guide me to fix this ?
6 Answer(s)
-
0
Hi @Ricavir,
It seems like we need to use "AddTemporarySigningCredential" when configuring Identity Server only for development time, see <a class="postlink" href="https://github.com/IdentityServer/IdentityServer4/issues/945">https://github.com/IdentityServer/Ident ... issues/945</a>.
Can you try this and see if it works. If it works, we can apply same to AspNet Zero repository.
Thanks.
-
0
I removed AddTemporarySigningCredential by AddSigningCredential by passing my SSL certificate but it doesn't work. App crash when trying to find the certificate. Do you have an other solution for your own servers ?
I will let AddTemporarySigningCredential for now but it would be better to add an IF ENDIF to remove it from production. Also, app-settings should be used to pass data to AddSigningCredential on production context.
Would it be possible to add something like that in next releases ?
-
0
Hi @Ricavir,
I have created an issue for this here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/387">https://github.com/aspnetzero/aspnet-ze ... issues/387</a>.
Thanks a lot for finding this problem.
-
0
Hi @ismcagdas,
I just saw that github issue 945 has been closed. In fact, I just deactivate IdentityServer from my appseetings file and this solve my problem.
But, I have to ask something that I didn't catch : how aspnetzero can authenticate users without IdentityServer ? I was thinking that it was a must have... Right now, in my current project, JwtBearer is the only authentication setting that is enable... If IdentityServer is not in charge of that, who is doing it ? an ASP.NET CORE package ?
That said, what is the benefit to add IdentityServer4 if we already have somehow an authentication module that is also able to authenticate angular client and third party application (like mobile apps) ?
-
0
Hi @Ricavir,
Yes, we closed the issue because if you want to use AddSigningCredential for Identity Server 4, you will need a valid certificate. In that case, we think developer must add this line and use the certificate.
But, I have to ask something that I didn't catch : how aspnetzero can authenticate users without IdentityServer ? I was thinking that it was a must have...
AspNet Zero uses ASP.NET Core Identity and Identity Server is not a must have.
Actually Identity Server and ASP.NET Identity are different things. AspNet Zero contains both of them.
ASP.NET Identity is used to authanticate/Authorize in app users but Identity Server 4 can be used for both inn app and external app users.
So, If you don't want to use your AspNet Zero website as an authentication/authorization server, you will not need Identity Server 4.
You can also search differences between ASP.NET Identity and Identity Server. This is another explanation <a class="postlink" href="https://stackoverflow.com/a/41936918/6681451">https://stackoverflow.com/a/41936918/6681451</a>.
-
0
thank you for clarification @ismcagdas
