- ABP Framework version: V5.0 commercial
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
I publish the three sites on IIS Identity Server Host: https://mabuhamad.mowe.gov.sa:12345/ API Host: https://mabuhamad.mowe.gov.sa:12346/swagger/index.html Angular Host: https://mabuhamad.mowe.gov.sa:4400/ everything working ok
but I want to publish the three sites on IIS on port 443 with a subdirectory Identity Server Host: https://mabuhamad.mowe.gov.sa/NaamaIdentityServer API Host: https://mabuhamad.mowe.gov.sa/NaamaAPI Angular Host: https://mabuhamad.mowe.gov.sa/NaamaAngular after these settings, the Identity Server not working
Internal Server Error - UNAUTHORIZED_CLIENT invalid issuer in discovery document expected: https://mabuhamad.mowe.gov.sa/NaamaIdentityServer current: https://mabuhamad.mowe.gov.sa/naamaidentityserver
22 Answer(s)
-
0
hi
but I want to publish the three sites on IIS on port 443 with a subdirectory
You should update your url in
appsettings
and re-seed it to database -
0
hi,
I updated all URLs in appsettings, you can show images in above
{ "App": { "SelfUrl": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/", "CorsOrigins": "https://mabuhamad.mowe.gov.sa/naamaangular,https://mabuhamad.mowe.gov.sa/naamaapi" }, "AppSelfUrl": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/", "ConnectionStrings": { "Default": "Server=localhost;Database=NaamaMainUnder443;User Id=sa;Password=P@ssw0rd" }, "Redis": { "Configuration": "127.0.0.1", "IsEnabled": false }, "AuthServer": { "Authority": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/", "RequirehttpMetadata": "false", "ApiName": "ProductsPrices" }, "IdentityServer": { "Clients": { "ProductsPrices_App": { "ClientId": "ProductsPrices_App", "ClientSecret": "1q2w3e*", "RootUrl": "https://mabuhamad.mowe.gov.sa/naamaangular" }, "ProductsPrices_Swagger": { "ClientId": "ProductsPrices_Swagger", "ClientSecret": "1q2w3e*", "RootUrl": "https://mabuhamad.mowe.gov.sa/naamaapi" } } } } { "App": { "CorsOrigins": "https://mabuhamad.mowe.gov.sa/naamaangular,https://mabuhamad.mowe.gov.sa/naamaidentityserver" }, "ConnectionStrings": { "Default": "Server=localhost;Database=NaamaMainUnder443;;User Id=sa;Password=P@ssw0rd", "ProductsPrices": "Server=localhost;Database=ProductsPrices_Module;;User Id=sa;Password=P@ssw0rd", "MainCore": "Server=localhost;Database=MainCore_Module;;User Id=sa;Password=P@ssw0rd" }, "Redis": { "Configuration": "127.0.0.1", "IsEnabled": false }, "AuthServer": { "Authority": "https://mabuhamad.mowe.gov.sa/naamaidentityserver/", "RequirehttpMetadata": "false", "SwaggerClientId": "ProductsPrices_Swagger", "SwaggerClientSecret": "1q2w3e*" } }
-
0
-
0
-
0
hi
Please share the details error logs of the identity server project.
-
0
Hi Logs : https://app.box.com/s/xj9g2ai2r07tok54sq1l2qscg5vg1hqy
-
0
Kindly any update
-
0
hi
AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi
Can you try to update the URL in
AllowedCorsOrigins
?https://mabuhamad.mowe.gov.sa/naamaapi
tohttps://mabuhamad.mowe.gov.sa
2021-12-28 16:52:44.346 +03:00 [ERR] Invalid client configuration for client ProductsPrices_Swagger: AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi 2021-12-28 16:52:44.354 +03:00 [INF] {"ClientId":"ProductsPrices_Swagger","ClientName":"ProductsPrices_Swagger","Category":"Error","Name":"Invalid Client Configuration","EventType":"Error","Id":3001,"Message":"AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi","ActivityId":"80000249-0006-fb00-b63f-84710c7967bb","TimeStamp":"2021-12-28T13:52:44.0000000Z","ProcessId":36476,"LocalIpAddress":"10.210.28.124:443","RemoteIpAddress":"10.210.28.124","$type":"InvalidClientConfigurationEvent"} 2021-12-28 16:52:44.364 +03:00 [ERR] Unknown client or not enabled: ProductsPrices_Swagger {"ClientId":null,"ClientName":null,"RedirectUri":null,"AllowedRedirectUris":null,"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"ProductsPrices_Swagger","redirect_uri":"https://mabuhamad.mowe.gov.sa/naamaapi/swagger/oauth2-redirect.html","scope":"ProductsPrices","state":"VHVlIERlYyAyOCAyMDIxIDE2OjUyOjQ0IEdNVCswMzAwIChBcmFiaWFuIFN0YW5kYXJkIFRpbWUp"},"$type":"AuthorizeRequestValidationLog"} 2021-12-28 16:52:44.367 +03:00 [ERR] Request validation failed
-
0
hi,
I Updated only in app.setting in NaamaIdentityServer and NaamaAPI "App": { "CorsOrigins": "https://mabuhamad.mowe.gov.sa" },
2021-12-30 07:49:04.233 +03:00 [ERR] Invalid client configuration for client ProductsPrices_Swagger: AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi 2021-12-30 07:49:04.238 +03:00 [INF] {"ClientId":"ProductsPrices_Swagger","ClientName":"ProductsPrices_Swagger","Category":"Error","Name":"Invalid Client Configuration","EventType":"Error","Id":3001,"Message":"AllowedCorsOrigins contains invalid origin: https://mabuhamad.mowe.gov.sa/naamaapi","ActivityId":"800004b5-0000-f100-b63f-84710c7967bb","TimeStamp":"2021-12-30T04:49:04.0000000Z","ProcessId":28292,"LocalIpAddress":"10.210.28.124:443","RemoteIpAddress":"10.210.28.124","$type":"InvalidClientConfigurationEvent"} 2021-12-30 07:49:04.245 +03:00 [ERR] Unknown client or not enabled: ProductsPrices_Swagger {"ClientId":null,"ClientName":null,"RedirectUri":null,"AllowedRedirectUris":null,"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"ProductsPrices_Swagger","redirect_uri":"https://localhost/NaamaAPI/swagger/oauth2-redirect.html","scope":"ProductsPrices","state":"VGh1IERlYyAzMCAyMDIxIDA3OjQ5OjA0IEdNVCswMzAwIChBcmFiaWFuIFN0YW5kYXJkIFRpbWUp"},"$type":"AuthorizeRequestValidationLog"} 2021-12-30 07:49:04.247 +03:00 [ERR] Request validation failed
-
0
hi
Please check your database tables of identiyt server and update the url.
CorsOrigins
does not support domain names with subdirectory. -
0
https://github.com/IdentityServer/IdentityServer4/blob/main/src/IdentityServer4/src/Validation/Default/DefaultClientConfigurationValidator.cs
-
0
hi,
Identity server it's ok but show other problems.
2021-12-30 20:04:20.567 +03:00 [INF] Request starting HTTP/2 POST https://mabuhamad.mowe.gov.sa/naamaapi/api/main-core/sector application/json 83 2021-12-30 20:04:20.567 +03:00 [INF] CORS policy execution successful. 2021-12-30 20:04:20.571 +03:00 [INF] Executing endpoint 'Naama.MainCore.Lookups.Sectors.SectorController.CreateAsync (Naama.MainCore.HttpApi)' 2021-12-30 20:04:20.573 +03:00 [INF] Route matched with {area = "mainCore", action = "Create", controller = "Sector", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Naama.MainCore.Lookups.Sectors.SectorDto] CreateAsync(Naama.MainCore.Lookups.Sectors.CreateUpdateSectorDto) on controller Naama.MainCore.Lookups.Sectors.SectorController (Naama.MainCore.HttpApi). 2021-12-30 20:04:20.573 +03:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.wZ2TawYIeJ8" is not present. 2021-12-30 20:04:20.573 +03:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'. 2021-12-30 20:04:20.573 +03:00 [INF] Executing StatusCodeResult, setting HTTP status code 400 2021-12-30 20:04:20.573 +03:00 [INF] Executed action Naama.MainCore.Lookups.Sectors.SectorController.CreateAsync (Naama.MainCore.HttpApi) in 0.24
-
0
hi Kindly any update
-
0
Hi Kindly your support
-
0
hi
The cookies of these 3 websites should be isolated, and now they are sharing cookies.
Identity Server Host: https://mabuhamad.mowe.gov.sa/NaamaIdentityServer API Host: https://mabuhamad.mowe.gov.sa/NaamaAPI Angular Host: https://mabuhamad.mowe.gov.sa/NaamaAngular
Please configure path on the 3 websites(NaamaIdentityServer, NaamaAPI, NaamaAngular).
-
0
Kindly, please support me with the right solution in such cases.
I want to share all cookie paths with "/" Because the cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated.
I want only set names of cookies and paths like these, how to make these in ABP
services.AddAntiforgery(options => { options.Cookie.Name = "API_AntiforgeryCookie"; options.Cookie.Path = "/"; });
services.AddAntiforgery(options => { options.Cookie.Name = "IdSrv_AntiforgeryCookie"; options.Cookie.Path = "/"; });
app.AddAuthentication() .AddCookie(options => { options.Cookie.Name = "API_AuthCookie"; options.Cookie.Path = "/"; });
app.AddAuthentication() .AddCookie(options => { options.Cookie.Name = "IdSrv_AuthCookie"; options.Cookie.Path = "/"; });
-
0
Kindly, please support me with the right solution in such cases.
I try the above solution and the error anti-forgery cookie are fixed, but cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated.and I Have other problem angular for first time, the angular appear as authenticated user, but actual not authenticated, and after click or any link to nagivate authenticated url, angular redirect on sso, and return to angular app after authenticated
-
0
I try the above solution and the error anti-forgery cookie are fixed, but cookie path is case-sensitive the cookie is not sent by the browser if the case changes. Thereby, the user is not authenticated
https://stackoverflow.com/questions/59320702/case-sensitive-urls-has-to-be-exact-as-specified-in-sp-metadata?answertab=votes#tab-top
I Have other problem angular for first time, the angular appear as authenticated user, but actual not authenticated, and after click or any link to nagivate authenticated url, angular redirect on sso, and return to angular app after authenticated
Have you tried opening it in incognito mode?
-
0
Have you tried opening it in incognito mode? incognito mode is working fine, but end-user don't open incognito mode.
if there is any way to change cookies name options.Cookie.Name = "API_AuthCookie";options.Cookie.Path = "/"; please provide me
-
0
incognito mode is working fine, but end-user don't open incognito mode.
You can clear the localhost or your domain cache and cookies.
options.Cookie.Name = "API_AuthCookie";options.Cookie.Path = "/";
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-6.0#cookie-settings https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-6.0#configure-antiforgery-with-antiforgeryoptions https://docs.abp.io/en/abp/latest/CSRF-Anti-Forgery#configuration-customization
-
1
thanks
maliming
for support, I will try all the notes on a real server. many thanks -
0
Waiting for good news.