ng you can't lo
Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.
As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.
2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---
Please advise.
There are 3 applications as you have noticed:
- AuthServer (IdentityServer)
- Public application (Razor/MVC)
- Web app (back-office application that can be Razor/Mvc-Angular-Blazor-BlazorServer)
What is your web app? Angular, Razor, Blazor or Blazor.Server?
We are getting the issue when running the UI layer with MVC. DO u have any more questions.
2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.
The client secret you provided is wrong.
I dont think so, because it is getting autenticated in the next attept. If CLient Secret is the proble how come it can be authenticated from next time. If you I can share the screen and show u.
Is the issue solved? IdentityServer doesn't throw random errors.
The logs below indicates that EmployeeManagement_Swagger client secret is wrong (probably doesn't exist).
2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.
Navigate to appsettings of your api gateway and check the IdentityServer section. There should be IdentityModel configuration like: <br>
"AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "true", "SwaggerClientId": "EmployeeManagement_Swagger", "SwaggerClientSecret": "1q2w3e*" },
This is the configuration of
AddAbpSwaggerGenWithOAuth
.Please, share your appsettings identityserver configuration and swaggerAuth configuration located in module if the problem still persists.
I think its better to have a screenshare session to explain the exact issue. Please advise.
--- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync() 2021-04-12 18:17:38.608 +05:30 [INF] Request finished HTTP/2 GET https://localhost:451/ - - - 500 - - 12.5611ms 2021-04-12 18:23:16.287 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-12 18:23:16.293 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.293 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.299 +05:30 [ERR] Connection ID "17005592220331409569", Request ID "800000a2-0006-ec00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ After using IIS express development Certificate in IIS getting the below error ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2021-04-14 12:27:53.400 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-14 12:27:53.403 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.403 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.412 +05:30 [ERR] Connection ID "17149707399817330746", Request ID "8000003b-0004-ee00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---
Created the solution with Microservice Architecture
Deployed all nesessary servier into Local IIS (for testing) with HTTPS and Local Signed certificate
Updated the relevent URLS across deployed projects appsettings.json
All of the Projects except (UI layer) is working fine with https calls
Access the WebURL (UI Layer) ,
How to resolve this issue any idea?
what if we need to use http in the place of https? what are the things we need to perfom at code level.
2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.
The client secret you provided is wrong.
I dont think so, because it is getting autenticated in the next attept. If CLient Secret is the proble how come it can be authenticated from next time. If you I can share the screen and show u.
Auth ErrorError, error: invalid_client
Can you share the full error message?
Here suprise is from second attempt it is getting authenticated, here is the log
2021-04-06 10:13:38.255 +00:00 [INF] Request starting HTTP/2 POST https://localhost:44322/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DEmployeeManagement_Swagger%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44353%252Fswagger%252Foauth2-redirect.html%26scope%3DEmployeeManagement%26state%3DVHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ%253D%253D application/x-www-form-urlencoded 632 2021-04-06 10:13:38.259 +00:00 [INF] CORS policy execution failed. 2021-04-06 10:13:38.259 +00:00 [INF] Request origin https://localhost:44322 does not have permission to access the resource. 2021-04-06 10:13:38.263 +00:00 [INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed 2021-04-06 10:13:38.279 +00:00 [INF] No CORS policy found for the specified request. 2021-04-06 10:13:38.280 +00:00 [INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed 2021-04-06 10:13:38.281 +00:00 [INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed 2021-04-06 10:13:38.282 +00:00 [INF] Executing endpoint '/Account/Login' 2021-04-06 10:13:38.282 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login 2021-04-06 10:13:38.282 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2021-04-06 10:13:38.341 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync - ModelState is "Valid" 2021-04-06 10:13:38.463 +00:00 [WRN] Ldap login feature is not enabled! 2021-04-06 10:13:38.851 +00:00 [DBG] Augmenting SignInContext 2021-04-06 10:13:38.852 +00:00 [DBG] Adding idp claim with value: local 2021-04-06 10:13:38.852 +00:00 [DBG] Adding auth_time claim with value: 1617704018 2021-04-06 10:13:38.854 +00:00 [INF] Identity.Application was not authenticated. Failure message: Unprotect ticket failed 2021-04-06 10:13:38.864 +00:00 [INF] AuthenticationScheme: Identity.Application signed in. 2021-04-06 10:13:38.999 +00:00 [DBG] Added 0 entity changes to the current audit log 2021-04-06 10:13:39.000 +00:00 [DBG] Added 0 entity changes to the current audit log 2021-04-06 10:13:39.006 +00:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"74a01d76-3202-1bdd-8710-39fb6504f180","DisplayName":"admin","Endpoint":"UI","ClientId":null,"Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"8000000e-0000-f800-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:39.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"UserLoginSuccessEvent"} 2021-04-06 10:13:39.008 +00:00 [INF] Executed handler method OnPostAsync, returned result Microsoft.AspNetCore.Mvc.RedirectResult. 2021-04-06 10:13:39.009 +00:00 [INF] Executing RedirectResult, redirecting to /connect/authorize/callback?response_type=code&client_id=EmployeeManagement_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44353%2Fswagger%2Foauth2-redirect.html&scope=EmployeeManagement&state=VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ%3D%3D. 2021-04-06 10:13:39.009 +00:00 [INF] Executed page /Account/Login in 726.8532ms 2021-04-06 10:13:39.009 +00:00 [INF] Executed endpoint '/Account/Login' 2021-04-06 10:13:39.149 +00:00 [DBG] Added 0 entity changes to the current audit log 2021-04-06 10:13:39.149 +00:00 [DBG] Added 0 entity changes to the current audit log 2021-04-06 10:13:39.155 +00:00 [INF] Request finished HTTP/2 POST https://localhost:44322/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DEmployeeManagement_Swagger%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44353%252Fswagger%252Foauth2-redirect.html%26scope%3DEmployeeManagement%26state%3DVHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ%253D%253D application/x-www-form-urlencoded 632 - 302 - - 899.7578ms 2021-04-06 10:13:39.158 +00:00 [INF] Request starting HTTP/2 GET https://localhost:44322/connect/authorize/callback?response_type=code&client_id=EmployeeManagement_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44353%2Fswagger%2Foauth2-redirect.html&scope=EmployeeManagement&state=VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ%3D%3D - - 2021-04-06 10:13:39.172 +00:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize 2021-04-06 10:13:39.174 +00:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint 2021-04-06 10:13:39.174 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback 2021-04-06 10:13:39.176 +00:00 [DBG] Start authorize callback request 2021-04-06 10:13:39.179 +00:00 [DBG] User in authorize request: 74a01d76-3202-1bdd-8710-39fb6504f180 2021-04-06 10:13:39.179 +00:00 [DBG] Start authorize request protocol validation 2021-04-06 10:13:39.193 +00:00 [DBG] client configuration validation for client EmployeeManagement_Swagger succeeded. 2021-04-06 10:13:39.193 +00:00 [DBG] Checking for PKCE parameters 2021-04-06 10:13:39.193 +00:00 [DBG] No PKCE used. 2021-04-06 10:13:39.205 +00:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator 2021-04-06 10:13:39.206 +00:00 [DBG] ValidatedAuthorizeRequest {"ClientId":"EmployeeManagement_Swagger","ClientName":"EmployeeManagement_Swagger","RedirectUri":"https://localhost:44353/swagger/oauth2-redirect.html","AllowedRedirectUris":["https://localhost:44353/swagger/oauth2-redirect.html"],"SubjectId":"74a01d76-3202-1bdd-8710-39fb6504f180","ResponseType":"code","ResponseMode":"query","GrantType":"authorization_code","RequestedScopes":"EmployeeManagement","State":"VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ==","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":"74187765FF2D5C75B66CE7BF5BA49B12","Raw":{"response_type":"code","client_id":"EmployeeManagement_Swagger","redirect_uri":"https://localhost:44353/swagger/oauth2-redirect.html","scope":"EmployeeManagement","state":"VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ=="},"$type":"AuthorizeRequestValidationLog"} 2021-04-06 10:13:39.281 +00:00 [DBG] Client is configured to not require consent, no consent is required 2021-04-06 10:13:39.284 +00:00 [DBG] Creating Authorization Code Flow response. 2021-04-06 10:13:39.385 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","ClientName":"EmployeeManagement_Swagger","RedirectUri":"https://localhost:44353/swagger/oauth2-redirect.html","Endpoint":"Authorize","SubjectId":"74a01d76-3202-1bdd-8710-39fb6504f180","Scopes":"EmployeeManagement","GrantType":"authorization_code","Tokens":[{"TokenType":"code","TokenValue":"****22C4","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"80000009-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:39.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"TokenIssuedSuccessEvent"} 2021-04-06 10:13:39.387 +00:00 [DBG] Authorize endpoint response {"SubjectId":"74a01d76-3202-1bdd-8710-39fb6504f180","ClientId":"EmployeeManagement_Swagger","RedirectUri":"https://localhost:44353/swagger/oauth2-redirect.html","State":"VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ==","Scope":"EmployeeManagement","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"} 2021-04-06 10:13:39.393 +00:00 [DBG] Augmenting SignInContext 2021-04-06 10:13:39.393 +00:00 [INF] AuthenticationScheme: Identity.Application signed in. 2021-04-06 10:13:39.410 +00:00 [INF] Request finished HTTP/2 GET https://localhost:44322/connect/authorize/callback?response_type=code&client_id=EmployeeManagement_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44353%2Fswagger%2Foauth2-redirect.html&scope=EmployeeManagement&state=VHVlIEFwciAwNiAyMDIxIDEwOjEzOjIwIEdNVCswMDAwIChHcmVlbndpY2ggTWVhbiBUaW1lKQ%3D%3D - - - 302 - - 251.5709ms 2021-04-06 10:13:39.642 +00:00 [INF] Request starting HTTP/2 OPTIONS https://localhost:44322/connect/token - - 2021-04-06 10:13:39.643 +00:00 [INF] CORS policy execution successful. 2021-04-06 10:13:39.645 +00:00 [INF] Request finished HTTP/2 OPTIONS https://localhost:44322/connect/token - - - 204 - - 3.3956ms 2021-04-06 10:13:39.647 +00:00 [INF] Request starting HTTP/2 POST https://localhost:44322/connect/token application/x-www-form-urlencoded 236 2021-04-06 10:13:39.648 +00:00 [INF] CORS policy execution successful. 2021-04-06 10:13:39.655 +00:00 [DBG] CORS request made for path: /connect/token from origin: https://localhost:44353 2021-04-06 10:13:39.698 +00:00 [WRN] Origin is not allowed: https://localhost:44353 2021-04-06 10:13:39.700 +00:00 [WRN] CorsPolicyService did not allow origin: https://localhost:44353 2021-04-06 10:13:39.701 +00:00 [INF] No CORS policy found for the specified request. 2021-04-06 10:13:39.702 +00:00 [DBG] Request path /connect/token matched to endpoint type Token 2021-04-06 10:13:40.007 +00:00 [DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint 2021-04-06 10:13:40.007 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token 2021-04-06 10:13:40.012 +00:00 [DBG] Start token request. 2021-04-06 10:13:40.015 +00:00 [DBG] Start client validation 2021-04-06 10:13:40.020 +00:00 [DBG] Start parsing Basic Authentication secret 2021-04-06 10:13:40.022 +00:00 [DBG] Start parsing for secret in post body 2021-04-06 10:13:40.023 +00:00 [DBG] Parser found secret: PostBodySecretParser 2021-04-06 10:13:40.023 +00:00 [DBG] Secret id found: EmployeeManagement_Swagger 2021-04-06 10:13:40.038 +00:00 [DBG] client configuration validation for client EmployeeManagement_Swagger succeeded. 2021-04-06 10:13:40.047 +00:00 [DBG] No matching hashed secret found. 2021-04-06 10:13:40.047 +00:00 [DBG] Secret validators could not validate secret 2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger. 2021-04-06 10:13:40.065 +00:00 [INF] Request finished HTTP/2 POST https://localhost:44322/connect/token application/x-www-form-urlencoded 236 - 400 - application/json;+charset=UTF-8 417.4008ms
@Neozzz, You are welcome. no idea on the additional issue you are facing. Try by chearing the cache or in incognito mode for verification.
@mailming , Thanks for the inputs. We are able to identify and fix the issue in UI on Friday. We are able to see the Permissions List showing up in UI and Swagger also getting Authenticated, but Authentication with SWAGGER is not consistent. Sometimes we are getting "Auth ErrorError, error: invalid_client", not sure why Swagger is not consisent
@Neozzz, we do faced similar issues and it got fixed afted adding the our module dependecny in src/<<FULLPROJECTNAME>>.AdministrationService/<<APPLICATIONNAME>>AdministrationServiceModule.cs
Ex- src/Acme.BookStore.AdministrationService/BookStoreAdministrationServiceModule.cs
Try it out it might be helpful for you.
HI,
- Steps to reproduce the issue:
Step 1: We created the Application using MicroService Template with Entity Core for SQL server & Angulat UI Step 2: Created a Sepearte Custom Module Step 3: Manually Included the Custom module with MongoDB (for this module) Step 4: Included the Project References for Custom module by compaing with Product Services Project Step 5: Made the entries into Identity and Administration Databases for Custom Module by compaing with Product Services Project Step 6: Trying to Authenticate the Custom Module API using Swagger, Then we are not able to autheticate. On top of it in UI premissions related to custom module is not showing in screen
Let me know if you need any more details.