Open Closed

Authserver Installation on Azure AppService Issue #3996


User avatar
0
jaye@theservicemanager.com created
  • ABP Framework version: 6.0.0

  • UI type: Blazor

  • DB provider: EF Core

  • Identity Server Separated

  • Exception message and stack trace:

    Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
    2022-11-03T05:03:23.940270224Z  ---> System.Security.Cryptography.CryptographicException: The owner of '/home/.dotnet/corefx/cryptography/x509stores/my' is not the current user.
    2022-11-03T05:03:23.940277724Z    at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.EnsureDirectoryPermissions(String path, UInt32 userId)
    2022-11-03T05:03:23.940283524Z    at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.AddCertToStore(ICertificatePal certPal)
    2022-11-03T05:03:23.940288924Z    at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.Add(ICertificatePal certPal)
    2022-11-03T05:03:23.940294224Z    at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
    2022-11-03T05:03:23.940320625Z    at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject)
    2022-11-03T05:03:23.940326125Z    at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate()
    2022-11-03T05:03:23.940330725Z    at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder)
    2022-11-03T05:03:23.940336625Z    at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration)
    2022-11-03T05:03:23.940341625Z    at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services)
    2022-11-03T05:03:23.940346425Z    at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context)
    2022-11-03T05:03:23.940351125Z    at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
    2022-11-03T05:03:23.940355825Z    at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
    2022-11-03T05:03:23.940360525Z    --- End of inner exception stack trace ---
    2022-11-03T05:03:23.940365025Z    at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
    2022-11-03T05:03:23.940369625Z    at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
    2022-11-03T05:03:23.940374225Z    at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
    2022-11-03T05:03:23.940379125Z    at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
    2022-11-03T05:03:23.940388425Z    at FireBird.Program.Main(String[] args) in D:\a\1\s\src\FireBird.AuthServer\Program.cs:line 39
    
    

    <br>

  • Hi, I would like to ask for assistance regarding the installation of the new ABP AuthServer using OpenIDC on Microsoft Azure as an App Service. We are getting an error as shown above when trying to start the app service, we also tried to follow this guide (https://brianmeeker.me/2022/08/29/setting-up-abp-with-openiddict-on-azure-app-services/) but to no avail, it still produces the same error. This only started as soon as we moved to ABP 6.0.0


4 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    AddDevelopmentEncryptionAndSigningCertificate cannot be used in applications deployed on IIS or Azure App Service: trying to use them on IIS or Azure App Service will result in an exception being thrown at runtime (unless the application pool is configured to load a user profile). To avoid that, consider creating self-signed certificates and storing them in the X.509 certificates store of the host machine(s). Please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-development-certificate

  • User Avatar
    0
    jaye@theservicemanager.com created

    hi

    AddDevelopmentEncryptionAndSigningCertificate cannot be used in applications deployed on IIS or Azure App Service: trying to use them on IIS or Azure App Service will result in an exception being thrown at runtime (unless the application pool is configured to load a user profile). To avoid that, consider creating self-signed certificates and storing them in the X.509 certificates store of the host machine(s). Please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-development-certificate

    Hello, we actually disable "AddDevelopmentEncryptionAndSigningCertificate", but it still throws an exception

  • User Avatar
    0
    maliming created
    Support Team

    hi

    The error logs show the method has still been called.

    Can you share a demo project that can reproduce the problem? liming.ma@volosoft.com

  • User Avatar
    0
    maliming created
    Support Team

    hi

    I will check your project and We have new advice from openiddict

    https://github.com/abpframework/abp/issues/14312#issuecomment-1304106494

Made with ❤️ on ABP v9.2.0-preview. Updated on January 22, 2025, 10:44