- ABP Framework version: v8.1.1
- UI Type: Angular
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
- Exception message and full stack trace:
- Steps to reproduce the issue:
After upgrade from 7.0 to 8.1.1 I unable to login as Host admin, it always redirects to login page in many time. Can you give any idea why this happens?
34 Answer(s)
-
0
hi
You can create a pfx file.
See
https://github.com/abpframework/abp/tree/dev/templates/app/aspnet-core#generating-a-signing-certificate https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict
In my another app (witt Blazor), it does not require me to store certificate in local. What is different?
The certificate file is required by OpenIddict(Authserver)
-
0
Hi maliming, As I understand, in development (run with Visual Studio) we do not need to add EncryptionAndSigningCertificate as it is added by default : "We've enabled AddDevelopmentEncryptionAndSigningCertificate by default on the development environment. It registers (and generates if necessary) a user-specific development encryption/development signing certificate. "
But when I run debug mode with Visual Studio I still get this error. What am I wrong?
! -
0
Yes,
AddDevelopmentEncryptionAndSigningCertificate(default: true): Registers (and generates if necessary) a user-specific development encryption/development signing certificate. This is a certificate used for signing and encrypting the tokens and for development environment only. You must set it to false for non-development environments.
AddDevelopmentEncryptionAndSigningCertificate cannot be used in applications deployed on IIS or Azure App Service: trying to use them on IIS or Azure App Service will result in an exception being thrown at runtime (unless the application pool is configured to load a user profile). To avoid that, consider creating self-signed certificates and storing them in the X.509 certificates store of the host machine(s). Please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-development-certificate
https://docs.abp.io/en/abp/latest/Modules/OpenIddict#abpopeniddictaspnetcoreoptions
Can you share your
PreConfigureServicesmethod code?Thanks
-
0
Yes here it is
public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); Console.WriteLine($"ContentRootPath: {hostingEnvironment.ContentRootPath}"); PreConfigure<OpenIddictBuilder>(builder => { builder.AddValidation(options => { options.AddAudiences("StaffApp"); // Replace with your application name options.UseLocalServer(); options.UseAspNetCore(); }); }); if (!hostingEnvironment.IsDevelopment()) { PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(serverBuilder => { serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "aQLqG31Yphq4yDZWOVoajqcT3T2vYn"); serverBuilder.SetAccessTokenLifetime(TimeSpan.FromHours(24)); serverBuilder.SetAuthorizationCodeLifetime(TimeSpan.FromHours(24)); serverBuilder.SetIdentityTokenLifetime(TimeSpan.FromHours(24)); }); } }Thank you
-
0
hi
Can you test to run your
authserverwebsite using thedotnet runcommand?If you still get the same exception, you can try setting
AddDevelopmentEncryptionAndSigningCertificateto false and adding a pfx certificate. -
0
Yeah, you are super man. It works now with adding pfx certificate. Do you know any reason why it does not add certificate to development by default? Anyway, it solved my problem Thank you
-
0
Your windows certificate might have something wrong. You can continue to use pfx. : )
-
0
Thank you @maliming
-
0
: ) 🦸
