Open Closed

I want to publish the three sites on IIS on port 443 with a subdirectory #2331


User avatar
0
mostafa_ibrahem22@hotmail.com created
  • ABP Framework version: V5.0 commercial

  • UI type: Angular

  • DB provider: EF Core

  • Tiered (MVC) or Identity Server Separated (Angular): yes

I publish the three sites on IIS
Identity Server Host: https://mabuhamad.mowe.gov.sa:12345/
API Host: https://mabuhamad.mowe.gov.sa:12346/swagger/index.html
Angular Host: https://mabuhamad.mowe.gov.sa:4400/
everything working ok

but I want to publish the three sites on IIS on port 443 with a subdirectory
Identity Server Host: https://mabuhamad.mowe.gov.sa/NaamaIdentityServer
API Host: https://mabuhamad.mowe.gov.sa/NaamaAPI
Angular Host: https://mabuhamad.mowe.gov.sa/NaamaAngular
after these settings, the Identity Server not working

Internal Server Error - UNAUTHORIZED_CLIENT
invalid issuer in discovery document expected: https://mabuhamad.mowe.gov.sa/NaamaIdentityServer current: https://mabuhamad.mowe.gov.sa/naamaidentityserver

image.png
image.png
image.png
image.png

and some resources not found 404
image.png


22 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    but I want to publish the three sites on IIS on port 443 with a subdirectory

    You should update your url in appsettings and re-seed it to database

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    hi,

    I updated all URLs in appsettings, you can show images in above

    image.png
    for test

    {
      "App": {
        "SelfUrl": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/",
    	"CorsOrigins": "https://mabuhamad.mowe.gov.sa/naamaangular,https://mabuhamad.mowe.gov.sa/naamaapi"
      },
      "AppSelfUrl": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/",
      "ConnectionStrings": {
        "Default": "Server=localhost;Database=NaamaMainUnder443;User Id=sa;Password=P@ssw0rd"
      },
      "Redis": {
        "Configuration": "127.0.0.1",
        "IsEnabled": false
      },
      "AuthServer": {
        "Authority": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/",
        "RequirehttpMetadata": "false",
        "ApiName": "ProductsPrices"
      },
      "IdentityServer": {
        "Clients": {
          "ProductsPrices_App": {
            "ClientId": "ProductsPrices_App",
            "ClientSecret": "1q2w3e*",
            "RootUrl": "https://mabuhamad.mowe.gov.sa/naamaangular"
          },
          "ProductsPrices_Swagger": {
            "ClientId": "ProductsPrices_Swagger",
            "ClientSecret": "1q2w3e*",
            "RootUrl": "https://mabuhamad.mowe.gov.sa/naamaapi"
          }
        }
      }
    }
    
    
    {
      "App": {
        "CorsOrigins": "https://mabuhamad.mowe.gov.sa/naamaangular,https://mabuhamad.mowe.gov.sa/naamaidentityserver"
      },
      "ConnectionStrings": {
        "Default": "Server=localhost;Database=NaamaMainUnder443;;User Id=sa;Password=P@ssw0rd",
        "ProductsPrices": "Server=localhost;Database=ProductsPrices_Module;;User Id=sa;Password=P@ssw0rd",
        "MainCore": "Server=localhost;Database=MainCore_Module;;User Id=sa;Password=P@ssw0rd"
      },
      "Redis": {
        "Configuration": "127.0.0.1",
        "IsEnabled": false
      },
      "AuthServer": {
        "Authority": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/",
        "RequirehttpMetadata": "false",
        "SwaggerClientId": "ProductsPrices_Swagger",
        "SwaggerClientSecret": "1q2w3e*"
      }
    }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    hi,
    i used angular project, I think FrontChannelUri and BackChannelUri are not used with angular and API, it's only used in web mvc

    Kindly please review DB and appsettings :

    DB and appsettings :
    https://app.box.com/s/xj9g2ai2r07tok54sq1l2qscg5vg1hqy

    and you can try these on local iis

    image.png

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the details error logs of the identity server project.

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created
  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    Kindly any update

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi

    Can you try to update the URL in AllowedCorsOrigins?

    https://mabuhamad.mowe.gov.sa/naamaapi to https://mabuhamad.mowe.gov.sa

    2021-12-28 16:52:44.346 +03:00 [ERR] Invalid client configuration for client ProductsPrices_Swagger: AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi
    2021-12-28 16:52:44.354 +03:00 [INF] {"ClientId":"ProductsPrices_Swagger","ClientName":"ProductsPrices_Swagger","Category":"Error","Name":"Invalid Client Configuration","EventType":"Error","Id":3001,"Message":"AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi","ActivityId":"80000249-0006-fb00-b63f-84710c7967bb","TimeStamp":"2021-12-28T13:52:44.0000000Z","ProcessId":36476,"LocalIpAddress":"10.210.28.124:443","RemoteIpAddress":"10.210.28.124","$type":"InvalidClientConfigurationEvent"}
    2021-12-28 16:52:44.364 +03:00 [ERR] Unknown client or not enabled: ProductsPrices_Swagger
    {"ClientId":null,"ClientName":null,"RedirectUri":null,"AllowedRedirectUris":null,"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"ProductsPrices_Swagger","redirect_uri":"https://mabuhamad.mowe.gov.sa/naamaapi/swagger/oauth2-redirect.html","scope":"ProductsPrices","state":"VHVlIERlYyAyOCAyMDIxIDE2OjUyOjQ0IEdNVCswMzAwIChBcmFiaWFuIFN0YW5kYXJkIFRpbWUp"},"$type":"AuthorizeRequestValidationLog"}
    2021-12-28 16:52:44.367 +03:00 [ERR] Request validation failed
    
  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    hi,

    I Updated only in app.setting in NaamaIdentityServer and NaamaAPI
    "App": {
    "CorsOrigins": "https://mabuhamad.mowe.gov.sa"
    },

    2021-12-30 07:49:04.233 +03:00 [ERR] Invalid client configuration for client ProductsPrices_Swagger: AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi
    2021-12-30 07:49:04.238 +03:00 [INF] {"ClientId":"ProductsPrices_Swagger","ClientName":"ProductsPrices_Swagger","Category":"Error","Name":"Invalid Client Configuration","EventType":"Error","Id":3001,"Message":"AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi","ActivityId":"800004b5-0000-f100-b63f-84710c7967bb","TimeStamp":"2021-12-30T04:49:04.0000000Z","ProcessId":28292,"LocalIpAddress":"10.210.28.124:443","RemoteIpAddress":"10.210.28.124","$type":"InvalidClientConfigurationEvent"}
    2021-12-30 07:49:04.245 +03:00 [ERR] Unknown client or not enabled: ProductsPrices_Swagger
    {"ClientId":null,"ClientName":null,"RedirectUri":null,"AllowedRedirectUris":null,"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"ProductsPrices_Swagger","redirect_uri":"https://localhost/NaamaAPI/swagger/oauth2-redirect.html","scope":"ProductsPrices","state":"VGh1IERlYyAzMCAyMDIxIDA3OjQ5OjA0IEdNVCswMzAwIChBcmFiaWFuIFN0YW5kYXJkIFRpbWUp"},"$type":"AuthorizeRequestValidationLog"}
    2021-12-30 07:49:04.247 +03:00 [ERR] Request validation failed

    image.png

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please check your database tables of identiyt server and update the url.
    CorsOrigins does not support domain names with subdirectory.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    hi,

    Identity server it's ok but show other problems.

    image.png

    2021-12-30 20:04:20.567 +03:00 [INF] Request starting HTTP/2 POST https://mabuhamad.mowe.gov.sa/naamaapi/api/main-core/sector application/json 83
    2021-12-30 20:04:20.567 +03:00 [INF] CORS policy execution successful.
    2021-12-30 20:04:20.571 +03:00 [INF] Executing endpoint 'Naama.MainCore.Lookups.Sectors.SectorController.CreateAsync (Naama.MainCore.HttpApi)'
    2021-12-30 20:04:20.573 +03:00 [INF] Route matched with {area = "mainCore", action = "Create", controller = "Sector", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Naama.MainCore.Lookups.Sectors.SectorDto] CreateAsync(Naama.MainCore.Lookups.Sectors.CreateUpdateSectorDto) on controller Naama.MainCore.Lookups.Sectors.SectorController (Naama.MainCore.HttpApi).
    2021-12-30 20:04:20.573 +03:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.wZ2TawYIeJ8" is not present.
    2021-12-30 20:04:20.573 +03:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
    2021-12-30 20:04:20.573 +03:00 [INF] Executing StatusCodeResult, setting HTTP status code 400
    2021-12-30 20:04:20.573 +03:00 [INF] Executed action Naama.MainCore.Lookups.Sectors.SectorController.CreateAsync (Naama.MainCore.HttpApi) in 0.24

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    hi
    Kindly any update

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    Hi
    Kindly your support

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The cookies of these 3 websites should be isolated, and now they are sharing cookies.

    Identity Server Host:     https://mabuhamad.mowe.gov.sa/NaamaIdentityServer
    API Host:                 https://mabuhamad.mowe.gov.sa/NaamaAPI
    Angular Host:             https://mabuhamad.mowe.gov.sa/NaamaAngular
    

    Please configure path on the 3 websites(NaamaIdentityServer, NaamaAPI, NaamaAngular).

    image.png

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    Kindly, please support me with the right solution in such cases.

    I want to share all cookie paths with "/" Because the cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated.

    I want only set names of cookies and paths like these, how to make these in ABP

    services.AddAntiforgery(options =>
    {
        options.Cookie.Name = "API_AntiforgeryCookie";
        options.Cookie.Path = "/";
    });
    

    services.AddAntiforgery(options =>
    {
    options.Cookie.Name = "IdSrv_AntiforgeryCookie";
    options.Cookie.Path = "/";
    });

    app.AddAuthentication()
        .AddCookie(options =>
        {
            options.Cookie.Name = "API_AuthCookie";
            options.Cookie.Path = "/";
        });
    

    app.AddAuthentication()
    .AddCookie(options =>
    {
    options.Cookie.Name = "IdSrv_AuthCookie";
    options.Cookie.Path = "/";
    });

    and in the ABP framework, how changed the Expiration date
    image.png

    • there is another problem in an angular application for the first call after authenticated from SSO, but i click for any authenticated page redirect on SSO and return on angular app to store new cookies
      image.png

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    Kindly, please support me with the right solution in such cases.

    I try the above solution and the error anti-forgery cookie are fixed, but cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated.and I Have other problem angular for first time, the angular appear as authenticated user, but actual not authenticated, and after click or any link to nagivate authenticated url, angular redirect on sso, and return to angular app after authenticated

    image.png

    image.png

    the first call angular
    image.png

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I try the above solution and the error anti-forgery cookie are fixed, but cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated

    https://stackoverflow.com/questions/59320702/case-sensitive-urls-has-to-be-exact-as-specified-in-sp-metadata?answertab=votes#tab-top

    I Have other problem angular for first time, the angular appear as authenticated user, but actual not authenticated, and after click or any link to nagivate authenticated url, angular redirect on sso, and return to angular app after authenticated

    Have you tried opening it in incognito mode?

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    Have you tried opening it in incognito mode?
    incognito mode is working fine, but end-user don't open incognito mode.

    if there is any way to change cookies name
    options.Cookie.Name = "API_AuthCookie";options.Cookie.Path = "/";
    please provide me

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
  • User Avatar
    1
    mostafa_ibrahem22@hotmail.com created

    thanks maliming for support, I will try all the notes on a real server.
    many thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Waiting for good news.

Made with ❤️ on ABP v9.2.0-preview. Updated on January 23, 2025, 12:17