openiddict.pfx issue #8322 | Support

tech37 created yesterday

ABP Framework version: v8.3.2
UI Type: Blazor Server
Database System: EF Core (SQL Server)
**Auth Server Separated ** *: yes
Exception message and full stack trace:
Steps to reproduce the issue:

I am having issues deploying my and running my Auth server on an azure app service and its got to with the signingcertificate openiddict.pfx

I have tried to create it within the console of the Azure app service using documented instructions and get the following error:

 C:\home\site\wwwroot>dotnet dev-certs https -v -ep authserver.pfx -p 00000000-0000-0000-0000-000000000000 (i am using the same Guid that is in the code of AuthServerModule.cs) 
 
[22] An error has occurred saving the certificate: System.Security.Cryptography.CryptographicException: The specified network password is not correct.
   at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
   at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
   at Microsoft.AspNetCore.Certificates.Generation.WindowsCertificateManager.SaveCertificateCore(X509Certificate2 certificate, StoreName storeName, StoreLocation storeLocation)
   at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.SaveCertificate(X509Certificate2 certificate)
   at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.EnsureAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter, String path, Boolean trust, Boolean includePrivateKey, String password, CertificateKeyExportFormat keyExportFormat, Boolean isInteractive).
There was an error saving the HTTPS developer certificate to the current user personal certificate store.

Any advice please?

6 Answer(s)

0

liangshiwei created 12 hours ago
Support Team Fullstack Developer

The specified network password is not correct.

dev-certs https -v -ep authserver.pfx -p 00000000-0000-0000-0000-000000000000

Don't use 00000000-0000-0000-0000-000000000000 as a network password. you should use an real GUID value.
0

tech37 created 9 hours ago

Hi

that was just a an example not to expose my the guid to public i used the guid that matches the one listed in the code
0

liangshiwei created 9 hours ago
Support Team Fullstack Developer

I have tried to create it within the console of the Azure app service

You don't need to create it in the Azure platform, you can generate it locally and include it in the published files

tech37 created 7 hours ago

Hi thank you for your respose.

I have the oppeniddict.pfx file now deployed to c:\home\site\wwwroot along with the other build files:

However when i do a dotnet run on the project dll i get the following error which is different to previous errors:

C:\home\site\wwwroot>dotnet Pekkish.PekkishPOS.AuthServer.dll
[08:38:31 INF] Starting Pekkish.PekkishPOS.AuthServer.
[08:38:32 FTL] Pekkish.PekkishPOS.AuthServer terminated unexpectedly!
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=8.3.2.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
 ---> System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
   at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
   at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilderExtensions.AddProductionEncryptionAndSigningCertificate(OpenIddictServerBuilder builder, String fileName, String passPhrase)
   at Pekkish.PekkishPOS.PekkishPOSAuthServerModule.<>c.<PreConfigureServices>b__0_2(OpenIddictServerBuilder serverBuilder) in D:\a\1\s\src\Pekkish.PekkishPOS.AuthServer\PekkishPOSAuthServerModule.cs:line 100
   at Volo.Abp.Options.PreConfigureActionList`1.Configure(TOptions options)
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options)
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.&lt;&gt;c__DisplayClass1_0.&lt;AddOpenIddictServer&gt;b__0(OpenIddictServerBuilder builder)
   at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration)
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services)
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context)
   at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
   at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
   --- End of inner exception stack trace ---
   at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
   at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
   at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
   at Pekkish.PekkishPOS.Program.Main(String[] args) in D:\a\1\s\src\Pekkish.PekkishPOS.AuthServer\Program.cs:line 36

0

liangshiwei created 7 hours ago
Support Team Fullstack Developer

Hi,

make sure you generate oppeniddict.pfx file correctly
0
tech37 created 6 hours ago
Hi

I was publishing via secure files on the azure pipeline and then referencing them in my build pipeline yml. that seemed to work and the file was visible in the deployment

- task: DownloadSecureFile@1 inputs: secureFile: 'openiddict.pfx' - script: | mkdir -p $(Build.SourcesDirectory)/src/Pekkish.PekkishPOS.AuthServer mv $(Agent.TempDirectory)/openiddict.pfx $(Build.SourcesDirectory)/src/Pekkish.PekkishPOS.AuthServer/ displayName: 'Move PFX File'

Using your example the openiddict.pfx is not deployed to the azure deployment and not showing in the build artefact

Any suggestions should i go back to the secure files option and then referencing it in the yml?

Have an answer to this question? Log in and write your answer.