Hi We are getting below error and refresh token is getting expired and token has been revokes successfully error appearing when we browse from the menu item. On the application TAB OF BROWSER token is getting cleared every time requesting for api. [ { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": null, "validationErrors": null } ]
When I try to authorize for accessing the ABP swagger api documentation, it is throwing 400 bad request error rather than going to login page. API has been hosted in Azure App service.
We have an api hosted in the Azure App service. When we are trying to browse the api, it is throwing System.Security.Cryptography.CryptographicException: Keyset does not exist issue . Below is the detailed about the error.
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Hon.IFS.SiteHost.SiteHostHttpApiHostModule, Hon.IFS.SiteHost.HttpApi.Host, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
---> System.Security.Cryptography.CryptographicException: Keyset does not exist
at Hon.IFS.SiteHost.SiteHostHttpApiHostModule.ConfigureServices(ServiceConfigurationContext context) in C:\ProjectName \HttpApiHostModule.cs:line 169
at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
--- End of inner exception stack trace ---
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction)
at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
Below code has been written under ConfigureServices().
// Path to your .pfx file (e.g., placed in the root or wwwroot folder) string certPath = Path.Combine(hostingEnvironment.ContentRootPath, "certs", "openiddict.pfx"); string certPassword = "Admin@12345"; // Read from config/secret manager in prod
if (!File.Exists(certPath)) { throw new FileNotFoundException("Certificate file not found.", certPath); }
var cert = new X509Certificate2( certPath, certPassword, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable );
if (!cert.HasPrivateKey) { throw new InvalidOperationException("Certificate does not have a private key."); }
if (!cert.HasPrivateKey) throw new InvalidOperationException("Certificate does not have a private key.");
var rsa = cert.GetRSAPrivateKey(); if (rsa == null) throw new InvalidOperationException("Certificate private key is inaccessible.");
context.Services.AddOpenIddict() .AddServer(options => { options.SetTokenEndpointUris("/connect/token");
// Use correct algorithm matching your certificate
options.AddSigningCertificate(cert);
options.AllowClientCredentialsFlow();
options.RegisterScopes(OpenIddictConstants.Scopes.Email,
OpenIddictConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
});
