Ends in:
7 DAYS
13 HRS
13 MIN
8 SEC
Ends in:
7 D
13 H
13 M
8 S

Activities of "nhontran"

Hi maliming,

No errors appear in the logs, but I noticed that there is no step for starting Hangfire:

[22:43:16 INF] Start installing Hangfire SQL objects... [22:43:16 INF] Hangfire SQL objects installed. [22:43:30 INF] Starting IdentityServer4 version 4.1.2+997a6cdd643e46cd5762b710c4ddc43574cbec2e [22:43:32 INF] Using the default authentication scheme Identity.Application for IdentityServer

Btw, I have shared the source code with you via email, could you please help us check.

Thank you.

Hi, I managed to override it already. Thanks

Hi @liangshiwei, I just tried it but it does not work, I feel the cookie is created at the front-end side (Angular) isn't it? I found these lines of code in angular:

Hi @liangshiwei, sorry if my question confused you, but I want to know what cookies are created by this method in abp.js

    abp.utils.setCookieValue = function (key, value, expireDate, path) {
        var cookieValue = encodeURIComponent(key) + '=';

        if (value) {
            cookieValue = cookieValue + encodeURIComponent(value);
        }

        if (expireDate) {
            cookieValue = cookieValue + "; expires=" + expireDate.toUTCString();
        }

        if (path) {
            cookieValue = cookieValue + "; path=" + path;
        }

        document.cookie = cookieValue;
    };

The purpose of using these cookies and do they contain any sensitive info?

Hi, what I want to achieve is instead of using RSA key, I want to use ECDSA key for signing credentials and encryption credentials. I find this is supported by OpenIddict in their documentation:

Encryption and signing credentials
To protect the tokens it issues, OpenIddict uses 2 types of credentials:

Signing credentials are used to protect against tampering. They can be either asymmetric (e.g a RSA or ECDSA key) or symmetric.
Encryption credentials are used to ensure the content of tokens cannot be read by malicious parties. They can be either asymmetric (e.g a RSA key) or symmetric.

but don't know why keep getting this error:

[09:54:04 DBG] An exception was thrown by OpenIddict.Server.OpenIddictServerHandlers+Protection+GenerateIdentityModelToken while handling the OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext event.
System.ArgumentNullException: IDX10000: The parameter 'privateKey' cannot be a 'null' or an empty object.  (Parameter 'privateKey')
   at Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider..ctor(SecurityKey privateKey, SecurityKey publicKey, String alg, String enc)

Is there any sample code using ECDSA key instead of RSA key?

Hi @maliming, thanks, I managed to add the encryption key into JWKS URL but I got the below error when using Angular UI to login to retrieve the access token:

[09:54:04 DBG] An exception was thrown by OpenIddict.Server.OpenIddictServerHandlers+Protection+GenerateIdentityModelToken while handling the OpenIddict.Server.OpenIddictServerEvents+GenerateTokenContext event.
System.ArgumentNullException: IDX10000: The parameter 'privateKey' cannot be a 'null' or an empty object.  (Parameter 'privateKey')
   at Microsoft.IdentityModel.Tokens.EcdhKeyExchangeProvider..ctor(SecurityKey privateKey, SecurityKey publicKey, String alg, String enc)

Even the security key I put into EncryptingCredentials already had the private key, I have provided you the source code through email, able to help us check?

Hi @maliming, is there a way to override the handler?

Hi @maliming, I have provided the source code via email, I also attached the ECDSA cert that we use for testing.

I tried AddSigningCertificate, it does not work with ECDSA cert.

Hi @maliming, ok, let me share the full code to you.

Hi, I did disable the development cert, below is my full PreConfigureServices:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
    var environment = context.Services.GetHostingEnvironment();
    var configuration = context.Services.GetConfiguration();

    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("DigitalPlatform");
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });

    // disable developer signing credential
    PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
    {
        options.AddDevelopmentEncryptionAndSigningCertificate = false;
    });

    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        // get ECDSA certificate
        var ecdsaCertificate = CertificateHelper.GetClientCertificate(configuration["Key:ThumbPrint"]);
        ECDsaSecurityKey ecdsaCertificatePublicKey = new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey());

        // add signing key
        builder.AddSigningKey(new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey()));

        // add encryption credentials
        var encryptionKey = JsonWebKeyConverter.ConvertFromECDsaSecurityKey(ecdsaCertificatePublicKey);
        encryptionKey.KeyId = "encryption_key_id";
        encryptionKey.Use = JsonWebKeyUseNames.Enc;
        builder.AddEncryptionCredentials(new EncryptingCredentials(encryptionKey, SecurityAlgorithms.EcdsaSha256, "ECDH-ES+A192KW"));
    });

    PreConfigure<IdentityBuilder>(builder =>
    {
        builder.AddSignInManager<CustomSignInManager>();
    });
}
Showing 21 to 30 of 139 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06