Open Closed

App is not able start on IIS crashing after startup #6796


User avatar
0
surajlokhandemmew created

I hosted production version on cloud iis but now app is not starting getting following in log

Starting web host. 2024-03-03 12:14:52.873 +00:00 [FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=8.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified. at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilderExtensions.AddProductionEncryptionAndSigningCertificate(OpenIddictServerBuilder builder, String fileName, String passPhrase) at MyDhobi.Web.MyDhobiWebModule.<>c.<PreConfigureServices>b__0_3(OpenIddictServerBuilder serverBuilder) in

**ABP Framework version: v8.0.0

UI Type: MVC

Database System: MongoDB

Tiered (for MVC) or Auth Server Separated (for Angular): no

Exception message and full stack trace: let me know if you need complete log**


14 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    The system cannot find the file specified.

    You can check the document: https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict

  • User Avatar
    0
    surajlokhandemmew created

    Hi that file is there , please confirm i should be generating that using this righht? dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000 then i have followed same steps i had succesfully hosted same setup earlier , just missing some thing at this time or dont know

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Please replace the 00000000-0000-0000-0000-000000000000 with a GUID value. And it should be the same as AddProduction EncryptionAndSigningCertificate method parameter value:

    PS: please remember to copy openiddict.pfx to the Content Root Folder

  • User Avatar
    0
    surajlokhandemmew created

    yes thhe file is there still getting same error. can you take remote access and solve as its on high priority now

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you see the openiddict.pfx file in the published folder?

  • User Avatar
    0
    surajlokhandemmew created

    yes its there plz take remote access and let me know what's wrong so we can solve it

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Maybe related to this.

    • Go to IIS Manager
    • Go to the application pool instance
    • Click advanced settings
    • Under Process model, set Load User Profile to true

    https://stackoverflow.com/questions/17840825/cryptographicexception-was-unhandled-system-cannot-find-the-specified-file/27242467#27242467

    plz take remote access and let me know what's wrong so we can solve it

    You can try the above solution, if it still doesn't work, I can check it remotely

  • User Avatar
    0
    surajlokhandemmew created

    it should be documented right? why giving me ref from SO, anyways site is working now will test thoroughly and let you know.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi

    We mention this in the documentation

  • User Avatar
    0
    surajlokhandemmew created

    i tried that , didn't work, creating a self signed certificate installed it with the key still there was same error. anyways what's the difference in both procedures? any security flaw?

  • User Avatar
    0
    darutter created

    The only way I could get this to work was to put the code that is embedded in the call to AddProductionEncryptionAndSigningCertificate("openiddict.pfx", <passcode>) with the code that used to be in the WebModule.cs file and add the following additional parameters to the create certificate (X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet).

    Because Azure seems to require those two flags on the new X509Certificate2() call, it would be nice if abp.io would go back to the previous way and let us add those parameters.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    i tried that , didn't work, creating a self signed certificate installed it with the key still there was same error. anyways what's the difference in both procedures? any security flaw?

    There is no security flaw. Using a self-signed certificate is the recommended way by openiddict.

  • User Avatar
    0
    surajlokhandemmew created

    Okay thanks a lot for your prompt reply.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    : )

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35