Open Closed

Blazor Server as an Azure Web App: System.Security.Cryptography.CryptographicException: Access is denied. #4702


User avatar
0
sid@extranerds.com created

I searched the docs and reviewed several similar problems, but none seemed to pertain to the specific error I'm seeing below (or I couldn't find the support document).

I created a Blazor Server app named "ABPBlazor" using ABP Suite, used DbMigrator to set up the database on an Azure SQL database, pushed the code to an Azure DevOps Git repo where a build/package/deploy pipeline released it into an Azure app service. I am now trying to run the application and I'm getting an error. Thanks for your assistance.

  • ABP Framework version: v7.0.1
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace: See below
  • Steps to reproduce the issue: Visit https://abpblazorapp.azurewebsites.net/

Here is the error:

HTTP Error 500.30 - ASP.NET Core app failed to start

Application '/LM/W3SVC/719996520/ROOT' with physical root 'C:\home\site\wwwroot' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs: [18:45:42 INF] Starting web host. [18:45:46 FTL] Host terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=7.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: Access is denied. at System.Security.Cryptography.X509Certificates.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags) at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject) at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate() at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action1 optionsAction) at ABPBlazor.Blazor.Program.Main(String[] args) in D:\a\1\s\src\ABPBlazor.Blazor\Program.cs:line 36

Process Id: 16792. File Version: 17.0.22341.2. Description: IIS ASP.NET Core Module V2 Request Handler. Commit: 7c810658463f35c39c54d5fb8a8dbbfd463bf747


7 Answer(s)
  • User Avatar
    0
    onurpicakci created

    Hi, can you follow the related question?

    https://support.abp.io/QA/Questions/3537/OpenIddict-WindowsCryptographicException-Access-is-denied

  • User Avatar
    0
    sid@extranerds.com created

    As suggested in the linked question, I did the following:

    1. I create a console app to generate two self-signed certificates
    2. I uploaded both certificates into Azure
    3. I obtained the thumbnails of each certificate
    4. I added a WEBSITE_LOAD_CERTIFICATES app setting with a value of the two thumbprints, comma separated

    The application event log no longer reports an error. It now says the following: Application 'C:\home\site\wwwroot\' started successfully. Process Id: 2912. File Version: 17.0.22341.2. Description: IIS ASP.NET Core Module V2 Request Handler. Commit: 7c810658463f35c39c54d5fb8a8dbbfd463bf747

    However, when attempting to load the app in a browser I now see a different error.

    I obtained the source of the error from the logs. Here it is.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please output stdout to troubleshoot the problem.

    https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/logging-and-diagnostics?view=aspnetcore-7.0

  • User Avatar
    0
    sid@extranerds.com created

    After sending stdout to a log file I was able to see the source of the problem...

    Volo.Abp.AbpException: Could not find file '/libs/bootstrap/css/bootstrap.css'
    

    In my Azure app service my "wwwroot" folder did not have a libs folder, and this was the reason for the error. So I investigated to find out why the libs folder is missing. It turns out that the .gitignore file produced by ABP Suite contains the following...

    # Use abp install-libs to restore.
    **/wwwroot/libs/*
    

    So, when I committed my code, the contents of the "lib" folder were being ignored. I commented out the second line above and committed the entire contents of the "libs" folder to my code repo. Azure CI/CD then compiled, packaged, and deployed to the Azure app service. Finally the app loaded without errors.

    I would like to understand more about why the .gitignore file generated by ABP Suite is configured by default to ignore the libs folder when it is clearly needed for the app to function. Is there an assumption that the developer will execute abp install-libs in the Azure DevOps build pipeline or on the server where the application is ultimately deployed?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    You can check https://github.com/abpframework/abp/issues/8528

  • User Avatar
    0
    sid@extranerds.com created

    Thank you. Since the "libs" folder is not included in the code by default when pushing to a Git repo, can anyone provide steps (YAML code) to restore the contents of the "libs" folder during an Azure DevOps build pipeline?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Thank you. Since the "libs" folder is not included in the code by default when pushing to a Git repo, can anyone provide steps (YAML code) to restore the contents of the "libs" folder during an Azure DevOps build pipeline?

    You can install abp tooling and use abp install-libs command in your pipeline.

    It is not written on the stone :) I personally recommend removing from gitignore if you are using CI&CD pipeline.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09