Replies: 1 comment
-
|
Hello, I deployed SimpleIdServer on Azure App Service and encountered the same issue when the JWKS endpoint was called. You received this exception: I have created a ticket #614 to update the documentation and provide instructions on deploying on IIS. Best regards, SID |
Beta Was this translation helpful? Give feedback.
-
Hello,
I'm currently trying to deploy on IIS under the default site but I'm struggling with the application pool & certificate private key.
When I run the project from my PC everything runs fine. When I'm trying to run on IIS on user profile page I have two different behaviours based on some settings
When the setting Load User Profile is enabled in the application pool, I can log in fine using https://localhost/SID but when im trying to log in from a client PC, im getting using https://SERVER/SID im getting (so I'm guessing that maybe? the application pool identity doesn't have access user rights on cert private key?)
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[7]
Cookies was not authenticated. Failure message: Unprotect ticket failed
When I disable the "Load User Profile" on the application pool SID logs :
fail: Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer[2]
Connection ID "17942340921349636565", Request ID "800001d7-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Import(ReadOnlySpan
1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at System.Security.Cryptography.CngPkcs8.ImportPkcs8(ReadOnlySpan1 keyBlob)at System.Security.Cryptography.CngPkcs8.ImportPkcs8PrivateKey(ReadOnlySpan
1 source, Int32& bytesRead) at System.Security.Cryptography.RSACng.ImportPkcs8PrivateKey(ReadOnlySpan1 source, Int32& bytesRead)at System.Security.Cryptography.PemKeyHelpers.ImportPem(ReadOnlySpan
1 input, FindImportActionFunc callback) at System.Security.Cryptography.X509Certificates.X509Certificate2.ExtractKeyFromPem[TAlg](ReadOnlySpan1 keyPem, String[] labels, Func1 factory, Func2 import)at System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(ReadOnlySpan
1 certPem, ReadOnlySpan1 keyPem)at SimpleIdServer.IdServer.PemImporter.ImportCertificate(PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 53
at SimpleIdServer.IdServer.PemImporter.Import[T](PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 32
at SimpleIdServer.IdServer.PemImporter.Import(PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 15
at SimpleIdServer.IdServer.Stores.InMemoryKeyStore.GetAllSigningKeys(String realm) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Stores\KeyStore.cs:line 43
at SimpleIdServer.IdServer.Api.Jwks.JwksRequestHandler.Get(String realm) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Api\Jwks\JwksRequestHandler.cs:line 28
at lambda_method218(Closure, Object, Object[])
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at SimpleIdServer.IdServer.Middlewares.MtlsAuthenticationMiddleware.InvokeAsync(HttpContext context) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Middlewares\MtlsAuthenticationMiddleware.cs:line 43
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.InvokeCore(HttpContext context, PathString matchedPath, PathString remainingPath)
at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
Any ideas?
Beta Was this translation helpful? Give feedback.
All reactions