Replies: 1 comment
-
|
Hello, I deployed SimpleIdServer on Azure App Service and encountered the same issue when the JWKS endpoint was called. You received this exception: I have created a ticket #614 to update the documentation and provide instructions on deploying on IIS. Best regards, SID |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm currently trying to deploy on IIS under the default site but I'm struggling with the application pool & certificate private key.
When I run the project from my PC everything runs fine. When I'm trying to run on IIS on user profile page I have two different behaviours based on some settings
When the setting Load User Profile is enabled in the application pool, I can log in fine using https://localhost/SID but when im trying to log in from a client PC, im getting using https://SERVER/SID im getting (so I'm guessing that maybe? the application pool identity doesn't have access user rights on cert private key?)
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[7]
Cookies was not authenticated. Failure message: Unprotect ticket failed
When I disable the "Load User Profile" on the application pool SID logs :
fail: Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer[2]
Connection ID "17942340921349636565", Request ID "800001d7-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Import(ReadOnlySpan
1 keyBlob, String curveName, CngKeyBlobFormat format, CngProvider provider) at System.Security.Cryptography.CngPkcs8.ImportPkcs8(ReadOnlySpan1 keyBlob)at System.Security.Cryptography.CngPkcs8.ImportPkcs8PrivateKey(ReadOnlySpan
1 source, Int32& bytesRead) at System.Security.Cryptography.RSACng.ImportPkcs8PrivateKey(ReadOnlySpan1 source, Int32& bytesRead)at System.Security.Cryptography.PemKeyHelpers.ImportPem(ReadOnlySpan
1 input, FindImportActionFunc callback) at System.Security.Cryptography.X509Certificates.X509Certificate2.ExtractKeyFromPem[TAlg](ReadOnlySpan1 keyPem, String[] labels, Func1 factory, Func2 import)at System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(ReadOnlySpan
1 certPem, ReadOnlySpan1 keyPem)at SimpleIdServer.IdServer.PemImporter.ImportCertificate(PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 53
at SimpleIdServer.IdServer.PemImporter.Import[T](PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 32
at SimpleIdServer.IdServer.PemImporter.Import(PemResult content, String keyId) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\PemImporter.cs:line 15
at SimpleIdServer.IdServer.Stores.InMemoryKeyStore.GetAllSigningKeys(String realm) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Stores\KeyStore.cs:line 43
at SimpleIdServer.IdServer.Api.Jwks.JwksRequestHandler.Get(String realm) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Api\Jwks\JwksRequestHandler.cs:line 28
at lambda_method218(Closure, Object, Object[])
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at SimpleIdServer.IdServer.Middlewares.MtlsAuthenticationMiddleware.InvokeAsync(HttpContext context) in C:\agent_work\24\s\SidServer-4.0.5\IdServer\SimpleIdServer.IdServer\Middlewares\MtlsAuthenticationMiddleware.cs:line 43
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.InvokeCore(HttpContext context, PathString matchedPath, PathString remainingPath)
at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
Any ideas?
Beta Was this translation helpful? Give feedback.
All reactions