Dear ABP Support Team,
I am writing to report an issue with installing ABP Framework version v7.0.1 on IIS with UI type Blazor and DB provider EF Core.
When attempting to install the application on IIS, I am encountering the following error:
"Application '/LM/W3SVC/1/ROOT' with physical root 'C:\inetpub\wwwroot' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs: [01:40:16 INF] Starting web host. [01:40:17 FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=7.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: Access is denied. at System.Security.Cryptography.X509Certificates.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags) at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate() at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action1 optionsAction) at ExtraNerds.EnergyTools.Blazor.Program.Main(String[] args) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\Program.cs:line 38"
It seems that the error is related to a "System.Security.Cryptography.CryptographicException: Access is denied" exception. I have tried to install a self-signed certificate on IIS, and I have also played with several configurations, but I still encounter the same error.
I have tried
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("EnergyTools");
options.UseLocalServer();
options.UseAspNetCore();
});`
Also
builder.AddServer(options =>
{
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
});
and many others with no luck. `
Could you please provide me with instructions on how to properly install this application on IIS?
Thank you for your help.
Best regards,
Christian Rios
13 Answer(s)
-
0
Hi,
You can check this:
https://support.abp.io/QA/Questions/4791/Publish-single-project-app-Net-Core-ABP-701-to-shared-hosting-get-50030-error
-
1
Hi,
You can check this:
https://support.abp.io/QA/Questions/4791/Publish-single-project-app-Net-Core-ABP-701-to-shared-hosting-get-50030-error
Per previous instructions, I ran
dotnet dev-certs https -v -ep authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED
created a certificate and added it to root C:\inetpub\wwwroot\I also added to this code
public override void PreConfigureServices(ServiceConfigurationContext context) { context.Services.PreConfigure<AbpMvcDataAnnotationsLocalizationOptions>(options => { options.AddAssemblyResource( typeof(EnergyToolsResource), typeof(EnergyToolsDomainModule).Assembly, typeof(EnergyToolsDomainSharedModule).Assembly, typeof(EnergyToolsApplicationModule).Assembly, typeof(EnergyToolsApplicationContractsModule).Assembly, typeof(EnergyToolsBlazorModule).Assembly ); }); PreConfigure<OpenIddictBuilder>(builder => { builder.AddValidation(options => { options.AddAudiences("EnergyTools"); options.UseLocalServer(); options.UseAspNetCore(); }); }); var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(builder => { builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); }); } private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, Microsoft.Extensions.Configuration.IConfiguration configuration) { var fileName = "authserver.pfx"; var passPhrase = "2D7AA457-5D33-48D6-936F-C48E5EF468ED"; var file = Path.Combine(hostingEnv.ContentRootPath, fileName); if (!File.Exists(file)) { throw new FileNotFoundException($"Signing Certificate couldn't found: {file}"); } return new X509Certificate2(file, passPhrase); }
But I still get the following exception.
Application '/LM/W3SVC/1/ROOT' with physical root 'C:\inetpub\wwwroot' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs: [15:24:29 INF] Starting web host. [15:24:31 FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=7.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan
1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan
1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at ExtraNerds.EnergyTools.Blazor.EnergyToolsBlazorModule.GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\EnergyToolsBlazorModule.cs:line 171 at ExtraNerds.EnergyTools.Blazor.EnergyToolsBlazorModule.<>c__DisplayClass0_0.<PreConfigureServices>b__3(OpenIddictServerBuilder builder) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\EnergyToolsBlazorModule.cs:line 128 at Volo.Abp.Options.PreConfigureActionList1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action
1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action
1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction) at ExtraNerds.EnergyTools.Blazor.Program.Main(String[] args) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\Program.cs:line 38 -
0
The system cannot find the file specified.
See: https://stackoverflow.com/questions/17840825/cryptographicexception-was-unhandled-system-cannot-find-the-specified-file
-
1
The system cannot find the file specified.
See: https://stackoverflow.com/questions/17840825/cryptographicexception-was-unhandled-system-cannot-find-the-specified-file
I tried setting the user Load User Profile to true and started getting this exception
Application '/LM/W3SVC/1/ROOT' with physical root 'C:\inetpub\wwwroot\' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs: [01:59:34 INF] Starting web host. [01:59:35 FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=7.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.UriFormatException: Invalid URI: The URI is empty. at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions) at System.Uri..ctor(String uriString) at ExtraNerds.EnergyTools.Blazor.EnergyToolsBlazorModule.<>c__DisplayClass0_0.<PreConfigureServices>b__3(OpenIddictServerBuilder builder) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\EnergyToolsBlazorModule.cs:line 131 at Volo.Abp.Options.PreConfigureActionList`1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction) at ExtraNerds.EnergyTools.Blazor.Program.Main(String[] args) in D:\projects\ExtraNerds.EnergyTools\src\ExtraNerds.EnergyTools.Blazor\Program.cs:line 38
which refers to this line
builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
so I added to my appsettings.json
"AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "true", "ClientId": "MyProjectName_Web", "ClientSecret": "1q2w3e*" },
before that I tried just adding new Uri("https://localhost")
but then, now I dont even get an HTTP Error 500.30 - ASP.NET Core app failed to start with an exception in Event Viewer.
I just get a page with This page isn’t working right nowlocalhost can't currently handle this request. HTTP ERROR 500 and a refresh button
-
0
-
0
-
1
I have the same error message with my deployment on Azure.
First the certificate was not in the correct directory and I got the error message: System.IO.FileNotFoundException: Signing certificate couldn't found: C:\home\site\wwwroot\authserver-signing-certificate.pfx
Then I copied it to the root directory of the Blazor project and so it was found, but then the error message came: System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
The error happens here:
new X509Certificate2(file, passPhrase);
Can it be that it has to do with some missing permissions?
I don't think "Load User Profile" solves the real problem, but is just a workaround to get around the whole certificate thing. Because with this flag set, it also works with the development certificates (i.e. without the pfx files).
-
0
Hi, @ageiter
I don't think "Load User Profile" solves the real problem, but is just a workaround to get around the whole certificate thing. Because with this flag set, it also works with the development certificates (i.e. without the pfx files).
The app templates provide the most basic way.
The best place to store your certificates will depend on your host:
- For IIS applications, storing the certificates in the machine store is the recommended option.
- On Azure, certificates can be uploaded and exposed to Azure App Service applications using the special WEBSITE_LOAD_CERTIFICATES flag. For more information, visit Use a TLS/SSL certificate in your code in Azure App Service.
Some useful links
- https://support.abp.io/QA/Questions/3537/OpenIddict-WindowsCryptographicException-Access-is-denied
- https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
- https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-certificate-recommended-for-production-ready-scenarios
-
0
On Azure, certificates can be uploaded and exposed to Azure App Service applications using the special WEBSITE_LOAD_CERTIFICATES flag. For more information, visit Use a TLS/SSL certificate in your code in Azure App Service.
Unfortunately, this is not possible if the AppService is running in the App Service plan "Free". And "Load User Profile" is not applicable in this mode either. That's why I wanted to read the certificates when they are simply in wwwroot.
Is there any other way to run the ABP app on Azure in App Service plan "Free"? I don't want to spend a lot of money for my test sites yet.
-
1
@ageiter
You can use the
ephemeral key
for testing: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-an-ephemeral-keyPreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(builder => { builder.AddEphemeralEncryptionKey(); builder.AddEphemeralSigningKey(); });
BTW, I recommend you to read this document: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
-
0
That works, thank you @liangshiwei!
-
2
-
0
Hi,
There are the steps:
- Remove all about
Telerik
, because I don't have the license - Run the
DbMigrator
to create a database. - Use the
dotnet publish
command to publish the Blazor project and copy theauthserver.pfx
to the publish folder - Create an IIS website and make the IISUSER has read and write permissions to the publish folder
- Remove all about