In the github Actions logs, the certificate is generated correctly, the problem is a routing issue that the ABP code cannot locate the generated certificate.
This is the GitHubActions code:
name: Deploy all webapps in pre environment.
on:
push:
branches:
- development
workflow_dispatch:
env:
ASPNETCORE_ENVIRONMENT: Staging
AbpLicenseCode: ${{ secrets.ABP_COMMERCIAL_LICENSE }}
jobs:
Deploy_Apps:
runs-on: ubuntu-latest
env:
DOTNET_ROOT: /home/runner/.dotnet
steps:
- uses: actions/checkout@v2
# notify on each build event like starting and finishing a build
- uses: toko-bifrost/ms-teams-deploy-card@master
if: always()
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MICROSOFT_TEAMS_WEBHOOK_URI }}
- name: Setup .NET Core SDK
uses: actions/setup-dotnet@v1
with:
dotnet-version: '6.0.x'
- name: Install ABP CLI
run: dotnet tool install -g Volo.Abp.Cli --version 6.0.1
- name: Install ABP libs
run: abp install-libs
- name: Az CLI login
id: az_login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Prepare Migrations
run: cd src/Cincaporc.WebApp.DbMigrator && dotnet publish -c Release && cd
- name: Run Migrations
run: cd src/Cincaporc.WebApp.DbMigrator && dotnet bin/Release/net6.0/publish/Cincaporc.WebApp.DbMigrator.dll --Environment Staging --configuration Release && cd
- name: Publish CincaPorc WebApp.Auth.Server.
run: dotnet publish --configuration Release --output WebApp.Auth.Server src/Cincaporc.WebApp.AuthServer/Cincaporc.WebApp.AuthServer.csproj
- name: Generate openiddict.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/Cincaporc.WebApp.AuthServer/openiddict.pfx -p 00000000-0000-0000-0000-000000000000
- name: Deploy APP WebApp.Auth.Server
uses: azure/webapps-deploy@v2.2.3
with:
app-name: extranetIdentity-dev
package: WebApp.Auth.Server
- name: Publish CincaPorc WebApp.HttpApi.Host.
run: dotnet publish --configuration Release --output WebApp.HttpApi.Host src/Cincaporc.WebApp.HttpApi.Host/Cincaporc.WebApp.HttpApi.Host.csproj
- name: Deploy APP WebApp.HttpApi.Host
uses: azure/webapps-deploy@v2.2.3
with:
app-name: extranetappapi-dev
package: WebApp.HttpApi.Host
- name: Publish CincaPorc WebApp.Web.
run: dotnet publish --configuration Release --output WebApp.Web src/Cincaporc.WebApp.Web/Cincaporc.WebApp.Web.csproj
- name: Deploy APP WebApp
uses: azure/webapps-deploy@v2.2.3
with:
app-name: extranetapp-dev
package: WebApp.Web
- name: Publish CincaPorc WebApp.Web.Public.
run: dotnet publish --configuration Release --output WebApp.Web.Public src/Cincaporc.WebApp.Web.Public/Cincaporc.WebApp.Web.Public.csproj
- name: Deploy APP WebApp.Web.Public
uses: azure/webapps-deploy@v2.2.3
with:
app-name: IntegradosApp-dev
package: WebApp.Web.Public
- name: Az Logout.
if: ${{ always() && steps.az_login.conclusion == 'success' }}
run: |
az logout
az cache purge
az account clear
We have followed the example of the official documentation: https://abp.io/docs/latest/deployment/configuring-openiddict
This is the code that we have added to the ABP project:
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
namespace Microsoft.Extensions.DependencyInjection;
public static class OpenIddictServerBuilderExtensions
{
public static OpenIddictServerBuilder AddProductionEncryptionAndSigningCertificate(this OpenIddictServerBuilder builder, string fileName, string passPhrase)
{
if (!File.Exists(fileName))
{
throw new FileNotFoundException($"Signing Certificate couldn't found: {fileName}");
}
var certificate = new X509Certificate2(fileName, passPhrase);
builder.AddSigningCertificate(certificate);
builder.AddEncryptionCertificate(certificate);
return builder;
}
}
18 Answer(s)
-
0
hi
, the problem is a routing issue that the ABP code cannot locate the generated certificate.
What is this mean? do you have any error logs?
-
0
These are the logs generated by the Identity:
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.IO.FileNotFoundException: Signing Certificate couldn't found: openiddict.pfx at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilderExtensions.AddProductionEncryptionAndSigningCertificate(OpenIddictServerBuilder builder, String fileName, String passPhrase) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/OpenIddictServerBuilderExtensions.cs:line 13 at Cincaporc.WebApp.WebAppAuthServerModule.<>c__DisplayClass0_0.<PreConfigureServices>b__2(OpenIddictServerBuilder serverBuilder) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/WebAppAuthServerModule.cs:line 96 at Volo.Abp.Options.PreConfigureActionList`1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
These are the logs generated by the GitHubActions:
Run dotnet dev-certs https -v -ep /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx -p 00000000-0000-0000-0000-000000000000 [1] Listing certificates from CurrentUser\My [2] Found certificates: 1 certificate 1) 85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [3] Checking certificates validity [4] Valid certificates: 1 certificate 1) 85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [5] Invalid certificates: no certificates [6] Finished listing certificates. [1] Listing certificates from LocalMachine\My [7] An error occurred while listing the certificates: System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. ---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. --- End of inner exception stack trace --- at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags) at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.ListCertificates(StoreName storeName, StoreLocation location, Boolean isValid, Boolean requireExportable) [8] Filtered certificates: 1 certificate 1) 85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [9] Excluded certificates: no certificates [14] Valid certificates: 1 certificate 1) 85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [15] Selected certificate: 85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [23] Saving certificate '85401136598E5431084B7F11E2486FA96A65D658 - CN=localhost - Valid from 2024-08-09 10:24:49Z to 2025-08-09 10:24:49Z - IsHttpsDevelopmentCertificate: true - IsExportable: true' to /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx with private key. [25] Creating directory /home/runner/.dotnet/Cincaporc.WebApp.AuthServer. [27] Writing the certificate to: /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx. A valid HTTPS certificate is already present. The certificate was exported to /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx
-
0
hi
The certificate was exported to /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx
/home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/OpenIddictServerBuilderExtensions.cs
Can you check the files to make sure the
Cincaporc.WebApp.AuthServer
project andopeniddict.pfx
exist in the same folder? -
0
Inside the Cincaporc.WebApp.AuthServer folder we have the openiddict file.
-
0
hi
I have no idea about this. You can get the pfx file from a virtual file instead of a folder.
https://abp.io/docs/latest/framework/infrastructure/virtual-file-system
-
0
Sorry about what I told you, in githubActions every time we make a pull request we want to create the certificate, right here - name: Generate openiddict.pfx run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/Cincaporc.WebApp.AuthServer/openiddict.pfx -p 00000000-0000-0000-0000-000000000000, I don't know how you would put it, but I I have realized that the problem has to be because of the path that I am giving it, because the one I should give is this /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/openiddict.pfx and the one it was giving me is this /home/runner/.dotnet/Cincaporc.WebApp.AuthServer/openiddict.pfx, that's why it didn't tell me that it couldn't find the certificate, in your case how would you present it in a more optimal way.
-
0
So your problem is solved. Right?
-
0
It is not correct to do it as I told you about the route, now I have another problem, when making a pull request in githubaction I get this error message [7] An error occurred while listing the certificates: System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. ---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. and at the end of the pull request, the auth logs of the application when I open it, I get this, 2024-08-12 09:19:01.116 +02:00 [INF] [] [] Starting Cincaporc.WebApp.AuthServer. 2024-08-12 09:19:11.875 +02:00 [FTL] [] [] Cincaporc.WebApp.AuthServer terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.IO.FileNotFoundException: Signing Certificate couldn't found: openiddict.pfx at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilderExtensions.AddProductionEncryptionAndSigningCertificate(OpenIddictServerBuilder builder, String fileName, String passPhrase) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/OpenIddictServerBuilderExtensions.cs:line 13 at Cincaporc.WebApp.WebAppAuthServerModule.<>c__DisplayClass0_0.<PreConfigureServices>b__2(OpenIddictServerBuilder serverBuilder) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/WebAppAuthServerModule.cs:line 96 at Volo.Abp.Options.PreConfigureActionList
1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action
1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action
1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction) at Cincaporc.WebApp.Program.Main(String[] args) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/Program.cs:line 55 -
0
You already have reading permissions to see the repository, I'll give you the link https://github.com/Cincaporc/Cincaporc.WebApp/tree/development, you have to be in the development branch, and you go to github/workFlow.
-
0
hi
Can you try to generate and move the
openiddict.pfx
file to https://github.com/Cincaporc/Cincaporc.WebApp/tree/development/src/Cincaporc.WebApp.AuthServer and test again? -
0
Hello, I just ran it with the development branch, and this is what I get in github actions
Run dotnet dev-certs https -v -ep src/Cincaporc.WebApp.AuthServer/openiddict.pfx -p 00000000-0000-0000-0000-000000000000 [1] Listing certificates from CurrentUser\My [2] Found certificates: 1 certificate 1) 45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [3] Checking certificates validity [4] Valid certificates: 1 certificate 1) 45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [5] Invalid certificates: no certificates [6] Finished listing certificates. [1] Listing certificates from LocalMachine\My [7] An error occurred while listing the certificates: System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. ---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. --- End of inner exception stack trace --- at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags) at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags) at Microsoft.AspNetCore.Certificates.Generation.CertificateManager.ListCertificates(StoreName storeName, StoreLocation location, Boolean isValid, Boolean requireExportable) [8] Filtered certificates: 1 certificate 1) 45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [9] Excluded certificates: no certificates [14] Valid certificates: 1 certificate 1) 45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [15] Selected certificate: 45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true [23] Saving certificate '45A52275A11B619AF8F44193C557B30DCEA9DAAD - CN=localhost - Valid from 2024-08-12 09:11:20Z to 2025-08-12 09:11:20Z - IsHttpsDevelopmentCertificate: true - IsExportable: true' to src/Cincaporc.WebApp.AuthServer/openiddict.pfx with private key. [25] Creating directory src/Cincaporc.WebApp.AuthServer. [27] Writing the certificate to: src/Cincaporc.WebApp.AuthServer/openiddict.pfx. A valid HTTPS certificate is already present. The certificate was exported to /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/openiddict.pfx
-
0
hi
You can generate the openiddict.pfx in your local computer, and copy it to your https://github.com/Cincaporc/Cincaporc.WebApp/tree/development/src/Cincaporc.WebApp.AuthServer
in this way you don't need to generate the pfx in your pipeline.
-
0
I just did it, and I still get an error, when I enter the logs in azure development, I get this error
2024-08-12 12:03:25.939 +02:00 [INF] [] [] Starting Cincaporc.WebApp.AuthServer. 2024-08-12 12:03:30.397 +02:00 [FTL] [] [] Cincaporc.WebApp.AuthServer terminated unexpectedly! Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.1.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.ArgumentNullException: Value cannot be null. (Parameter 'uriString') at System.Uri..ctor(String uriString) at Cincaporc.WebApp.WebAppAuthServerModule.<>c__DisplayClass0_0.<PreConfigureServices>b__2(OpenIddictServerBuilder serverBuilder) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/WebAppAuthServerModule.cs:line 97 at Volo.Abp.Options.PreConfigureActionList
1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action
1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action
1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction) at Cincaporc.WebApp.Program.Main(String[] args) in /home/runner/work/Cincaporc.WebApp/Cincaporc.WebApp/src/Cincaporc.WebApp.AuthServer/Program.cs:line 55I think that this part of code ---> System.ArgumentNullException: Value cannot be null. (Parameter 'uriString') at System.Uri..ctor(String uriString) is the problem
-
0
I'll show you how I have it configured in the code. public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); PreConfigure<OpenIddictBuilder>(builder => { builder.AddValidation(options => { options.AddAudiences("WebApp"); options.UseLocalServer(); options.UseAspNetCore(); }); }); /* * This configuration is used when the AuthServer is running on docker containers at localhost. * Configuring the redirectin URLs for internal network and the web */ if (!hostingEnvironment.IsDevelopment()) { PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(serverBuilder => { serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000"); serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!)); }); } }
-
0
hi
new Uri(configuration["AuthServer:Authority"]!
What is the value of
AuthServer:Authority
?Please check it in your all
src/Cincaporc.WebApp.AuthServer/appsettings.json(environment)
-
0
It is already working, it was because AuthServer:Authority had no value.
-
0
Good news.