Activities of "NH-Support"
Not working Also
I have recorded a video for the issue (30 second) https://drive.google.com/file/d/1x9ZBnr3B5QQdOMbN3C7LTzWdr20X_71f/view?usp=sharing
Please check
Hi,
You can check this: https://stackoverflow.com/questions/63316682/the-key-was-not-found-in-the-key-ring-unable-to-validate-token
I guess the cookies are not being forwarded correctly
can you please replicate the issue from your side if you have a running auth server, you just need to put an nginx infront of it
here is my nginx config
============ upstream backend { # This is my backend Server IP # which has the Auth Server Running # You can put either IP or FQDN server 10.X.X.X; }
server{ listen 80; listen 443 ssl; server_name neoauth-uat-test.dawaa24.com; ssl_certificate /etc/nginx/fullchain.pem; ssl_certificate_key /etc/nginx/cert.key; location / { proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Cookie $http_cookie; } }
===========
Hi,
You can check this: https://stackoverflow.com/questions/63316682/the-key-was-not-found-in-the-key-ring-unable-to-validate-token
I guess the cookies are not being forwarded correctly
Hi @liangshiwei
Thanks for taking the time to answer
I've reviewed the link you provided, i already have the Data Protection Enabled in my application some says that you need to turn on "Load User Profile" on the IIS App Pool Level, I have done this Also but still not working
I inspected the Cookies that are being sent and received from a working Auth and it's the same as this one
======== Request and Response on the Current Auth Server ========
--header 'CONTENT-TYPE: application/x-www-form-urlencoded' \
--header 'Cookie: .AspNetCore.Antiforgery.7_7oYfNDO6o=CfDJ8LtEv6zYqhpBq8QoCOZvwRj3hMqmMyh66vLfrMAVYCv148iHN5tPU_bzT2X6HCUVVi-JUTtug8b1qj_lSkd1IjjzyfSTDqjdY_q8mlehq8dNo9W59nIjd_yZF-BhDhL3n7V3aQvnZviKIhGNlk4oXsc; XSRF-TOKEN=CfDJ8LtEv6zYqhpBq8QoCOZvwRjQKVLtds_flAMclBCWYxLMIwMvzs_ULBhOFK9G39SIsqa8Ro6psCiApU2jyQBkd-NzwEbEOPis-lq3vdDsjfcJkIJWOWJLZDV7TXjUDd1f-wHym2b5E13Y70-othvbhFw' \
--data-urlencode 'client_id=Dawaa24Neo_App' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=********' \
--data-urlencode 'scope=offline_access Dawaa24Neo SharedAuth'`
Response:
{ "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDXXXXXXXXXXXXXXXXXXXXXXXXXXXX" }
and it's not being saved in the Database
DB OpenIddictTokens table counts after response is the same
======== Screenshot from a working Local Auth Server ========
`curl --location --request POST 'https://dawaa24neoauthqa.nh.local/connect/token' \
--header 'CONTENT-TYPE: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=Dawaa24Neo_App' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=**********' \
--data-urlencode 'scope=offline_access Dawaa24Neo SharedAuth'`
Response
{ "access_token": "eyJhbGciOiJSUzI1NiIsImtpXXXXXXXXXXXXXXXXXx", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCXXXXXXXXXXXXXXXXXXXXXXXXXXXx" }
and it's saved correctly in the DB
All headers seems to be there what am i missing here ?
- ABP Framework version: v8.0
- UI Type: Angular
- Database System: SQL Server,
- Tiered (for MVC) or Auth Server Separated (for Angular): https://neoauth-uat-test.dawaa24.com/
- Exception message and full stack trace:
- Steps to reproduce the issue:
i have an nginx acting as a proxy server and behind it there's an auth server (https://neoauth-uat-test.dawaa24.com/) hosted on IIS
i am requesting the endpoint https://neoauth-uat-test.dawaa24.com/connect/token to get the token and it's responding to me with 200 Status Code and give me access token and refresh token
those two tokens should be saved in the Auth Database
**The Problem is that it doesn't save any **
upon review the Auth logs i see this error
2024-05-05 14:23:46.556 +04:00 [ERR] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {9f5dc130-2567-47b5-93b6-328773960f1d} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
I don't know if it's related or not but how can i solve this issue
I followed the Microsoft docs for configuring the Nginx for dot net from this link Configure Nginx
I completely lost and spend two days troubleshooting without getting anywhere
if someone can help with this i would be very grateful
Additional Note: https://neoauth-uat-test.dawaa24.com/ from the Web UI i can login to the Auth Server Like in the Picture
Confirmed,
Kindly remove the response/Ticket
Done
Hi,
Ok, Although I don't recommend you to do this, it should be possible.
For example(this just is an idea):
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IDistributedCache))] public class MyRedisCache : IDistributedCache, ICacheSupportsMultipleItems { private readonly AbpRedisCache _cache; public MyRedisCache(AbpRedisCache cache) { _cache = cache; } public byte[]? Get(string key) { if (IsRedisAvailable()) { return _cache.Get(key); } return null; } protected virtual bool IsRedisAvailable() { // check redis connection return true; } ..... } public override void ConfigureServices(ServiceConfigurationContext context) { ..... context.Services.AddSingleton<AbpRedisCache>(); }
hi
thanks for quick response
I believe this check is performed after the initial start-up, in my case the app is not starting at all
on start application if Redis connection string is not available / URL not correct, how can i skip it and continue the start-up
because right now the application crashes if the Redis URL not available ? and the Try/Catch Solution didn't worked also
Hi,
I think you shouldn't stop the application from crashing if Redis server is not available
In distributed and microservice applications, distributed caching is necessary. It's like SQLServer. Imagine if the SQLServer is unavailable, will you choose to keep the application running?
You can check this: https://support.abp.io/QA/Questions/6344/Why-do-we-need-to-install-Redis-When-is-it-used-Why-Redis-is-needed
Hi liangshiwei
I already have a Redis cluster, But my point is that Redis is add-on for the application for optimization and therefore the application should consider it as optional,
let's say that for whatever reason the Redis server is not available or can't accept connection in that case can i skip it and get the data i want from my SQL DB server
because right now my application just crashes if redis is not there
I have an Application that uses the ABP Commercial Template,
in the appsettings.json i have a Redis server configured,
The current situation is when the application can't find the Redis server it will crash what i want is: when the application first start-up, if the Redis server is not available for some reason i want to skip it and continue to run and fetch Data from the SQL DB
Later on when the application try to fetch data it will check for Redis server availability if found it will fetch data from it, if not it will continue to the SQL DB Is that doable ?
Hi
this is the exact same configuration we have but we are using HTTPS instead of HTTP.
could you please run as HTTPS and confirm that it is working?