Steps to Reproduce
The returned page is not formatted properly and I get the following errors in the console of the browser.
The login page works, but the styling is missing due to the errors above.
I was able to resolve the issue for Azure App Service with the following code:
Added to PreConfigureServices in *HttpApiHostModule
#if RELEASE
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => options.AddDevelopmentEncryptionAndSigningCertificate = false);
string encryptionThumbprint = "******************";
string signingThumbprint = "**************";
var encryptionCertificate = GetX509Certificate2(encryptionThumbprint);
var signingCertificate = GetX509Certificate2(signingThumbprint);
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddEncryptionCertificate(encryptionCertificate);
builder.AddSigningCertificate(signingCertificate);
});
#endif
helper method referenced above
private X509Certificate2 GetX509Certificate2(string thumbprint)
{
bool validOnly = false;
using var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, validOnly);
var certificate = collection.OfType<X509Certificate2>().FirstOrDefault();
store.Close();
return certificate ?? throw new Exception($"Cannot find certificate with thumbprint {thumbprint}");
}
The self-signed certificates were generated based on the documentation available on https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html.
The certificates must be generated with a password instead of the empty password in the example in order for you to upload the PFX file to the Azure App Service.
You must also set the configuration setting for WEBSITE_LOAD_CERTIFICATES on the Azure App Service to either be * to load all certificates or have a comma separated list of certificates you want loaded.
I found this in the OpenIddict documentation. https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html. This should be included in the deployment documentation for the new version and referenced in the release notes.
@liangshiwei I am not following your answer. The default code provided in the template application exhibited the problem described above in my initial post. Are you saying that the initial application has a problem or the changes I highlighted are a problem. Please note, it was not working until I made the changes I highlighted. It is working as expected after those changes.
As a follow up, I made a couple of changes to the Swagger application configuration and it now works. I am not sure why this change removed the windows authentication prompt, but the result now matches the user experience we had with identity server.
I changed the client type to confidential and added a configuration variable to set the secret. With this in place, things now work just like they did in 5.x for me.
Trying to authorize from the Swagger UI is giving errors which I have not seen before. If I launch the angular project and login, I can eventually get the swagger UI to authenticate but only because I am already logged in.
This is the first error I received.
This is the second issue I encountered. Notice the windows login prompt for accessing the site. If I am already logged in via Angular, I can hit cancel on this and I have access to the authorized endpoints. However, nothing I enter in the prompted authentication works so far.
Is there a workaround prior to RC2?
I noticed a second issue after I opened the dotnet solution. Even though I specified the option "none" for mobile. It still created a .NET MAUI project in the solution.
I ran the following command after installing the v6.0.0-rc.1 version of the CLI abp new Anlar.Everest -t app-pro -u angular -m none --preview
Once this ran, the following error occurred when running yarn in the Host project.