Open Closed

Azure 500.3 error Access Denied #3664


User avatar
0
mmoncrief created

I am trying to publish a blazor-server single tier app to Azure. The build works fine, the publish works. I have verified by pushing a simple blazor-server app non abp.io and serves up. When I publish our abp.io application the app tries to start but gets a 500.3 error. Stack Trace below. I have look at one post but I am completely new to the abp.io framwork; however, I have years of .net experience. I need help to know where to put the code in the application to satisfy the development branch and eventually the production branch.

I looked at this post AccessDenied Still don't know how to fix.

Thanks

Azure App Service Azure Sql Server

Application '/LM/W3SVC/1773641661/ROOT' with physical root 'C:\home\site\wwwroot' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs: [02:39:38 INF] Starting web host. [02:39:43 FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied. at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags) at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate() at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action1 optionsAction) at Rayzor.Blazor.Program.Main(String[] args) in D:\a\1\s\src\Rayzor.Blazor\Program.cs:line 36

Process Id: 14300. File Version: 16.0.22173.7. Description: IIS ASP.NET Core Module V2 Request Handler. Commit: 773e8cc3fbdc2c4ffbd57c1f53f21649ef94c35c

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

  • ABP Framework version: v6.0.3
  • UI type:BlazorServer
  • DB provider: EF Core / Azure Sql Server
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

1 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi, this problem is related to the certificatation. You need to set the AddDevelopmentEncryptionAndSigningCertificate as false and also set encryption and signing certificates for your application.


    So, open your module class and add the below code:

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
         var hostingEnvironment = context.Services.GetHostingEnvironment();
    
         if (!hostingEnvironment.IsDevelopment())
         {
             PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
             {
                 options.AddDevelopmentEncryptionAndSigningCertificate = false;
             });
    
             PreConfigure<OpenIddictServerBuilder>(builder =>
             {
                 // In production, it is recommended to use two RSA certificates, one for encryption, one for signing.
                 builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, context.Services.GetConfiguration()));
                 builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, context.Services.GetConfiguration()));
             });
         }
    }
    
            private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
            {
                var fileName = configuration["MyAppCertificate:X590:FileName"]; //*.pfx 
                var passPhrase = configuration["MyAppCertificate:X590:PassPhrase"]; // pass phrase (XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)
                var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
    
                if (!File.Exists(file))
                {
                    throw new FileNotFoundException($"Signing Certificate couldn't found: {file}");
                }
    
                return new X509Certificate2(file, passPhrase);
            }
    

    The self-signed certificates were generated based on the documentation available on https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38