Activities of "gterdem"

If you want to use self-signed certificate, you need to use openssl. You can check Create Developer Certificates docs.

What is the point of using Antiforgery token for GET Requests? You should never change your application state in GET Requests anyway.

You are adding extra overhaul to your application. Although, if you have to put XSRF/CSRF protection for your GET request in your application it means you have bigger problems in your design.

Share application logs please.

Tiered (MVC) or Identity Server Separated (Angular): yes

Do you used separated identityserver project? Do you use Resource Owner Flow?

-We are sure that “host.docker.internal “ is reachable from container because we reach the DB and the broker by the same way.

You want tokens to be validated by the connections in between docker network since it doesn't make sense otherwise. However, https://host.docker.internal/.well-known/openid-configuration endpoint must be reachable from outside (www).

So it needs to be a valid domain that can be reached from anywhere since it is an openid provider (just like https://accounts.google.com/.well-known/openid-configuration).

Also please check identityserver deployment guide, it may help.

It is default Microsoft Identity library behavior when you sign in from an external resource; AbpUser will be saved without password and AbpUserLogin will be saved with the login provider and provider key.

I couldn't reproduce your error.

I created the application:

auth-server logs:

Back-office blazor-server application:

It may be related with your OS privillages may be. Can you try in a different PC if it occurs again? Maybe related with network privillages.

Can you check the logs of rabbitmq container with docker logs rabbitmq? Also please share AuthServer RabbitMQ configurations. Do you have any problems reaching localhost:15672? Can you login using default guest user? Do you get same logs in Public Web application as well?

You can not create access, identity or refresh tokens manually. They are generated after validated processes under security protocols based on IETF. Token generation is based on flows.

Can you explain more about what you want to do?

ProductServiceHttpApiHostModule has some missing configuration for mapping metrics end point.

Please update OnApplicationInitialization method:

app.UseConfiguredEndpoints();

to

app.UseConfiguredEndpoints(endpoints => endpoints.MapMetrics());

This is fixed and will be available from next version.