App is not able start on IIS crashing after startup #6796 | Support

surajlokhandemmew created 8 months ago

I hosted production version on cloud iis but now app is not starting getting following in log

Starting web host. 2024-03-03 12:14:52.873 +00:00 [FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=8.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilderExtensions.AddProductionEncryptionAndSigningCertificate(OpenIddictServerBuilder builder, String fileName, String passPhrase) at MyDhobi.Web.MyDhobiWebModule.<>c.<PreConfigureServices>b__0_3(OpenIddictServerBuilder serverBuilder) in

**ABP Framework version: v8.0.0

UI Type: MVC

Database System: MongoDB

Tiered (for MVC) or Auth Server Separated (for Angular): no

Exception message and full stack trace: let me know if you need complete log**

14 Answer(s)

0

liangshiwei created 8 months ago
Support Team Fullstack Developer

Hi,

The system cannot find the file specified.

You can check the document: https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict
0

surajlokhandemmew created 8 months ago

Hi that file is there , please confirm i should be generating that using this righht? dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000 then i have followed same steps i had succesfully hosted same setup earlier , just missing some thing at this time or dont know
0

liangshiwei created 8 months ago
Support Team Fullstack Developer

Hi,

Please replace the 00000000-0000-0000-0000-000000000000 with a GUID value. And it should be the same as AddProduction EncryptionAndSigningCertificate method parameter value:

PS: please remember to copy openiddict.pfx to the Content Root Folder
0

surajlokhandemmew created 8 months ago

yes thhe file is there still getting same error. can you take remote access and solve as its on high priority now
0

liangshiwei created 8 months ago
Support Team Fullstack Developer

Hi,

Can you see the openiddict.pfx file in the published folder?
0

surajlokhandemmew created 8 months ago

yes its there plz take remote access and let me know what's wrong so we can solve it
0
liangshiwei created 8 months ago
Support Team Fullstack Developer
Maybe related to this.

Go to IIS Manager

Go to the application pool instance

Click advanced settings

Under Process model, set Load User Profile to true

https://stackoverflow.com/questions/17840825/cryptographicexception-was-unhandled-system-cannot-find-the-specified-file/27242467#27242467

plz take remote access and let me know what's wrong so we can solve it

You can try the above solution, if it still doesn't work, I can check it remotely
0

surajlokhandemmew created 8 months ago

it should be documented right? why giving me ref from SO, anyways site is working now will test thoroughly and let you know.
0

liangshiwei created 8 months ago
Support Team Fullstack Developer

Hi

We mention this in the documentation
0

surajlokhandemmew created 8 months ago

i tried that , didn't work, creating a self signed certificate installed it with the key still there was same error. anyways what's the difference in both procedures? any security flaw?
0

darutter created 8 months ago

The only way I could get this to work was to put the code that is embedded in the call to AddProductionEncryptionAndSigningCertificate("openiddict.pfx", <passcode>) with the code that used to be in the WebModule.cs file and add the following additional parameters to the create certificate (X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet).

Because Azure seems to require those two flags on the new X509Certificate2() call, it would be nice if abp.io would go back to the previous way and let us add those parameters.
0

liangshiwei created 8 months ago
Support Team Fullstack Developer

i tried that , didn't work, creating a self signed certificate installed it with the key still there was same error. anyways what's the difference in both procedures? any security flaw?

There is no security flaw. Using a self-signed certificate is the recommended way by openiddict.
0

surajlokhandemmew created 8 months ago

Okay thanks a lot for your prompt reply.
0

liangshiwei created 8 months ago
Support Team Fullstack Developer

: )

Have an answer to this question? Log in and write your answer.