I can run my application on Visual Studio 2017 but when I load it on to IIS I get localhost connection refused error. It is an app with login page and I created this with identity scaffold.Could you please help!!!
IdentityHostingStartup.cs
public class IdentityHostingStartup : IHostingStartup
{
public void Configure(IWebHostBuilder builder)
{
builder.ConfigureServices((context, services) => {
services.AddDbContext<StockControlContext>(options =>
options.UseSqlServer(
context.Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<StockControlUser>()
.AddEntityFrameworkStores<StockControlContext>().AddDefaultTokenProviders().AddDefaultUI();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = false;
options.Password.RequiredLength = 0;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Password.RequiredUniqueChars = 0;
});
services.Configure<IISOptions>(options =>
{
options.ForwardClientCertificate= false;
});
});
}
}
}
startup.cs
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var environment = services.BuildServiceProvider().GetRequiredService<IHostingEnvironment>();
services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
});
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
/* services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();*/
services.AddDbContext<BAR_ERPContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddMvc().AddSessionStateTempDataProvider();
services.AddSession(options => {
options.Cookie.HttpOnly = true;
});
services.AddBootstrapPagerGenerator(options =>
{
// Use default pager options.
options.ConfigureDefault();
});
services.Configure<PagerOptions>(Configuration.GetSection("Pager"));
services.Configure<IISOptions>(options =>
{
options.ForwardClientCertificate = false;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseSession();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
program.cs
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
I added below code for both startup.cs and IdentityHostingStartup.cs
services.Configure<IISOptions>(options =>
{
options.ForwardClientCertificate = false;
});
I also tried creating new project without login page in asp.net core. It worked fine on IIS. But asp.net core project with scafolded identity anonymous login is not working on IIS, however it works fine on VS 2017.
Could you please help thx.
Related
I am new to Identity server, recently set it up for a project, but I keep getting the following error
Sorry, there was an error : invalid_scope Invalid scope
These are the components that comprise the application.
Web Client -> ASPNETCORE Razor Pages application (Port: 7091)
Ocelot -> API Gateway
Identity Server 6 (Port: 5001)
StripeDotNet -> API
Basket -> API
My configurations/code are as follows:
Identity Server
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
// new IdentityResources.Email(),
};
public static IEnumerable<ApiScope> ApiScopes =>
new List<ApiScope>
{
new ApiScope("stripedotnetapi", "StripeDotNet API")
};
public static IEnumerable<Client> Clients =>
new List<Client>
{
// interactive ASP.NET Core MVC client
new Client
{
ClientId = "razorweb",
ClientName = "Razor Web",
ClientSecrets = { new Secret("secret".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
// where to redirect to after login
RedirectUris = { "https://localhost:7091/signin-oidc" },
//FrontChannelLogoutUri = "https://localhost:7091/signout-callback-oidc",
// where to redirect to after logout
PostLogoutRedirectUris = { "https://localhost:7091/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
// IdentityServerConstants.StandardScopes.Email,
"stripedotnetapi"
}
}
};
}
Identity Server: Hosting Extensions
builder.Services
.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
// see https://docs.duendesoftware.com/identityserver/v6/fundamentals/resources/
options.EmitStaticAudienceClaim = true;
})
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryClients(Config.Clients)
.AddAspNetIdentity<ApplicationUser>();
StripeDotNet API
public static IServiceCollection AddSecurityServices(this IServiceCollection services)
{
services.AddAuthentication("Bearer")
.AddJwtBearer(options =>
{
options.Authority = "https://localhost:5001";
options.TokenValidationParameters.ValidateAudience = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy("ApiScope", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", "stripedotnetapi");
});
});
return services;
}
StripeDotNet API: Controller Code
[Route("api/[controller]")]
[Authorize("ApiScope")]
public class CheckoutController : BaseController
{
private readonly ICheckoutService _checkoutService;
public CheckoutController(ICheckoutService checkoutService)
{
_checkoutService = Guard.Against.Null(checkoutService, nameof(checkoutService));
}
[HttpGet]
public async Task<IActionResult> CreateCheckoutSession([FromBody] CreateCheckoutSessionRequest req)
{
var response = await _checkoutService.CreateCheckoutSessionAsync(req.TenantId, req.PriceId,
req.SuccessUrl, req.CancelUrl);
return Ok(response);
}
[HttpGet("{sessionId}")]
public async Task<IActionResult> GetCheckoutSession(string sessionId)
{
var response = await _checkoutService.GetCheckoutSessionAsync(sessionId);
return Ok(response);
}
}
Ocelot API Gateway
var authenticationProviderKey = "IdentityApiKey";
builder.Services.AddAuthentication()
.AddJwtBearer(authenticationProviderKey, x =>
{
x.Authority = "https://localhost:5001"; // IDENTITY SERVER URL
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false
};
});
Ocelot API Gateway: Configuration file
{
"UpStreamPathTemplate": "/api/Checkout",
"UpstreamHttpMethod": [ "Get" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7056
}
],
"DownstreamPathTemplate": "/api/Checkout",
"AuthenticationOptions": {
"AuthenticationProviderKey": "IdentityApiKey",
"AllowedScopes": []
}
},
{
"UpStreamPathTemplate": "/api/Checkout/{sessionId}",
"UpstreamHttpMethod": [ "Get" ],
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 7056
}
],
"DownstreamPathTemplate": "/api/Checkout/{sessionId}",
"AuthenticationOptions": {
"AuthenticationProviderKey": "IdentityApiKey",
"AllowedScopes": []
}
},
Web Client
public static IServiceCollection AddSecurityServices(this IServiceCollection services)
{
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:5001";
options.ClientId = "razorweb";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
//options.Scope.Add("email");
options.Scope.Add("stripedotnetapi");
options.Scope.Add("offline_access");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
});
return services;
}
My discovery endpoint shows these items as valid scopes
"scopes_supported": [
"openid",
"profile",
"stripedotnetapi",
"offline_access"
],
The supported scopes appear to be setup correctly for the web client, but I keep getting an invalid scope error. Any guidance would be greatly appreciated.
Solved. I didnt pay close enough attention to the docs. Offline Access was not granted to the client.
AllowOfflineAccess = true,
What is the best way to get a jwt token from a running NodeJS server, in a C# .NET Windows app?
in .NET I use HttpClient to connect to an oauth2 server (and that succeeds), but how to get the very jwt token?
In NodeJS:
const express = require('express')
const https = require('https');
const axios = require('axios');
var url = require('url');
const app = express()
const port = 3000
const agent = new https.Agent({ rejectUnauthorized: false });
async function get_token() {
try {
let url = "https://oauthservername/token.oauth2";
let formfields = "client_id=cid&grant_type=password&validator_id=ourAuthNG&client_secret=secretstring&username=billy&password=xxxxxxxxx";
let response = await axios.post(url, formfields, { httpsAgent: agent });
console.log(response.data);
} catch (error) {
console.log(error);
}
}
app.get('/token', (req, res) => {
get_token();
res.send('Eureka!');
})
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`)
})
This is working. I am getting the "Eureka!", in Postman as well as in my .NET HttpClient call
In my console I am getting (x-ing original info...), (output from console.log(response.data);)
{
access_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
refresh_token: 'xxxxxxxxxxxxxxxxx',
token_type: 'Bearer',
expires_in: 28799
}
So, in my C# code I do this (also getting "Eureka!", I see it in the responseBody):
private async void cmdConnectServer_Click(object sender, EventArgs e)
{
//client is HttpClient
client.BaseAddress = new Uri("http://localhost:3000/");
HttpResponseMessage response = await client.GetAsync("http://localhost:3000/token");
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
}
But how to get the very token?
In NodeJS you never send the token result in the api response, modify it like this :
async function get_token() {
try {
let url = "https://oauthservername/token.oauth2";
let formfields = "client_id=cid&grant_type=password&validator_id=ourAuthNG&client_secret=secretstring&username=billy&password=xxxxxxxxx";
let response = await axios.post(url, formfields, { httpsAgent: agent });
console.log(response.data);
//Return the oauth2 result
return response.data;
} catch (error) {
console.log(error);
}
}
app.get('/token', (req, res) => {
//sending 'Eureka!' is pointless, instead send the token result
res.send(get_token());
})
In c#
using System;
using System.Runtime.Serialization;
using System.Text.Json;
... ...
//Class for response deserialization
[Serializable]
public class TokenResult
{
[DataMember]
public string access_token { get; set; }
[DataMember]
public string refresh_token { get; set; }
[DataMember]
public string token_type { get; set; }
[DataMember]
public long expires_in { get; set; }
}
private async void cmdConnectServer_Click(object sender, EventArgs e)
{
//client is HttpClient
client.BaseAddress = new Uri("http://localhost:3000/");
HttpResponseMessage response = await client.GetAsync("http://localhost:3000/token");
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
// Deserialize the token response and get access_token property
string token = JsonSerializer.Deserialize<TokenResult>(responseBody ).access_token;
}
Or just don't use node js and do everything in c#
using System;
using System.Runtime.Serialization;
using System.Text.Json;
... ...
//Class for response deserialization
[Serializable]
public class TokenResult
{
[DataMember]
public string access_token { get; set; }
[DataMember]
public string refresh_token { get; set; }
[DataMember]
public string token_type { get; set; }
[DataMember]
public long expires_in { get; set; }
}
public string get_token()
{
HttpClientHandler OpenBarHandler = new HttpClientHandler { ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator };
HttpClient _httpClient = new HttpClient(OpenBarHandler);
_httpClient.BaseAddress = new Uri("https://oauthservername/token.oauth2");
HttpRequestMessage mess = new HttpRequestMessage();
mess.Method = HttpMethod.Post;
mess.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Dictionary<string, string> _parameters = new Dictionary<String, String>();
_parameters.Add("grant_type", "password");
_parameters.Add("username", "billy");
_parameters.Add("password", "xxxxxxxxx");
_parameters.Add("client_id", "cid");
_parameters.Add("client_secret", "secretstring");
_parameters.Add("validator_id", "ourAuthNG");
FormUrlEncodedContent encodedContent = new FormUrlEncodedContent(_parameters);
encodedContent.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
mess.Content = encodedContent;
HttpResponseMessage response = _httpClient.SendAsync(mess).Result;
if (response.IsSuccessStatusCode)
{
string strResp = response.Content.ReadAsStringAsync().Result;
return JsonSerializer.Deserialize<TokenResult>(strResp).access_token;
}
else
throw new Exception("Token retrieval failed");
}
Below is how I configured it:
1.Install nuget packagae Microsoft.Extensions.Logging.AzureAppServices, Version 3.1.2 and Microsoft.Extensions.Logging.Console, version 3.1.2
I enabled Application Logging in azure
in program.cs
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
{
logging.ClearProviders();
// We have to be precise on the logging levels
logging.AddConsole();
logging.AddDebug();
logging.AddAzureWebAppDiagnostics();
})
.ConfigureWebHostDefaults(builder =>
{
builder.ConfigureAppConfiguration((builderContext, config) =>
{
var env = builderContext.HostingEnvironment;
builder.UseStartup<Startup>()
.UseSerilog(); ;
}).ConfigureServices(services =>
{
services.Configure<AzureFileLoggerOptions>(options =>
{
options.FileName = "my-azure-diagnostics-";
options.FileSizeLimit = 50 * 1024;
options.RetainedFileCountLimit = 5;
});
}); ;
}
In startup.cs in ConfigureServices method
// Logging
services.AddLogging(builder => builder
.AddConsole()
.AddDebug()
.AddAzureWebAppDiagnostics()
.AddApplicationInsights())
// .AddConfiguration(Configuration.GetSection("Logging")))
;
AND I ADDED LOG MESSAGE
_logger.LogDebug("DEBUG message. GET enpoint was called.");
but I can't see my log what i'mm missing?
I am showing the code here which works for me. Please deploy and if that is not working then the App Service Logs is not configured correctly
Reference
Microsoft.Extensions.Logging (5.0.0),
Microsoft.Extensions.Logging.AzureAppServices(5.0.3)
in Program.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
{
logging.ClearProviders();
logging.AddConsole();
logging.AddDebug();
logging.AddAzureWebAppDiagnostics();
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
in Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
}
in appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
in index.cshtml.cs
public void OnGet()
{
_logger.LogInformation($"Logging {DateTime.Now.ToLongTimeString()}");
}
Configuration in Portal
I have created a web application following this guide https://auth0.com/blog/creating-beautiful-apps-with-angular-material/.
In the guide, they create auth0.ts file.
There, they mentioned setting my APPLICATION_CLIENT_ID and YOUR_AUTH0_DOMAIN.
I don't understand where to get these IDs from.
Here is the code for my auth.ts file.
import { Injectable } from '#angular/core';
import { Router } from '#angular/router';
import * as auth0 from 'auth0-js';
(window as any).global = window;
#Injectable()
export class AuthService {
auth0 = new auth0.WebAuth({
clientID: '<APPLICATION_CLIENT_ID>',
domain: '<YOUR_AUTH0_DOMAIN>',
responseType: 'token',
redirectUri: 'http://localhost:4200/',
scope: 'openid'
});
accessToken: String;
expiresAt: Number;
constructor(public router: Router) { }
public login(): void {
this.auth0.authorize();
}
public handleAuthentication(): void {
this.auth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken) {
window.location.hash = '';
this.accessToken = authResult.accessToken;
this.expiresAt = (authResult.expiresIn * 1000) + new Date().getTime();
this.router.navigate(['/dashboard']);
} else if (err) {
this.router.navigate(['/']);
console.log(err);
}
});
}
public logout(): void {
this.accessToken = null;
this.expiresAt = null;
this.router.navigate(['/']);
}
public isAuthenticated(): boolean {
return new Date().getTime() < this.expiresAt;
}
}
It sounds like you signed up for Auth0 and created an application.
If you go to your Application Dashboard you'll see your app listed.
Click on the application's name and you'll enter the application settings page. The little icons on the right let you copy the information you need.
If you haven't signed up, you can sign up for free.
Once logged in and you need to create a new application, click on "+ New Application". From here you can follow the built-in guide to create a Single-Page Application inside Auth0.
Once you've created your application, you can copy the aforementioned configuration into the auth.ts file.
If you were to copy the settings from my screenshot, your auth.ts file would look like this:
import { Injectable } from '#angular/core';
import { Router } from '#angular/router';
import * as auth0 from 'auth0-js';
(window as any).global = window;
#Injectable()
export class AuthService {
auth0 = new auth0.WebAuth({
clientID: 'c45ij324tg345bjnfojo2u6b4352',
domain: 'your-auth0-domain.auth0.com',
responseType: 'token',
redirectUri: 'http://localhost:4200/',
scope: 'openid'
});
accessToken: String;
expiresAt: Number;
constructor(public router: Router) { }
public login(): void {
this.auth0.authorize();
}
public handleAuthentication(): void {
this.auth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken) {
window.location.hash = '';
this.accessToken = authResult.accessToken;
this.expiresAt = (authResult.expiresIn * 1000) + new Date().getTime();
this.router.navigate(['/dashboard']);
} else if (err) {
this.router.navigate(['/']);
console.log(err);
}
});
}
public logout(): void {
this.accessToken = null;
this.expiresAt = null;
this.router.navigate(['/']);
}
public isAuthenticated(): boolean {
return new Date().getTime() < this.expiresAt;
}
}
Disclosure: I work for Auth0.
I'm new to .NETCore and am using IdentityServer4 for authentication in a .NETCore web app and I need to be able to either dynamically set the ClientId or redirectUrls (from the login/logout page) based on the url of the web app. But there is no way to access HttpContext within ConfigureServices method or access the AddAuthentication options outside of ConfigureServices - I'm really stuck!
public void ConfigureServices(IServiceCollection services)
{
services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddScoped<ISessionHelper, SessionHelper.SessionHelper>();
services.AddSingleton<PortalSetup>();
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie("Cookies", options =>
{
options.LoginPath = "/account/login";
options.LogoutPath = "/account/logoff";
})
.AddOpenIdConnect(options =>
{
options.SignInScheme = Configuration["Oidc:SignInScheme"];
options.Authority = Configuration["Oidc:Authority"];
options.MetadataAddress = $"{Configuration["Oidc:Authority"]}/.well-known/openid-configuration";
options.RequireHttpsMetadata = Convert.ToBoolean(Configuration["Oidc:RequireHttpsMetadata"]);
options.ClientId = Configuration["Oidc:ClientId"];
options.ResponseType = Configuration["Oidc:ResponseType"];
options.SaveTokens = Convert.ToBoolean(Configuration["Oidc:SaveTokens"]);
options.GetClaimsFromUserInfoEndpoint = Convert.ToBoolean(Configuration["Oidc:GetClaimsFromUserEndpoint"]);
options.ClientSecret = Configuration["Oidc:ClientSecret"];
foreach (var s in Configuration["Oidc:Scopes"].Split(','))
{
options.Scope.Add(s);
}
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.Configure<IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
iis.ForwardClientCertificate = false;
});
services.AddScoped<ActionExceptionFilter>();
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromMinutes(5); // set the time for session timeout here
});
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(Configuration["keysDirectory"]));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ISessionHelper session)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseFileServer(new FileServerOptions
{
FileProvider = new PhysicalFileProvider(Configuration["ImageDirectory"]),
EnableDirectoryBrowsing = false,
RequestPath = new PathString("/desimages")
});
//enable session before mvc
app.UseSession();
app.UseMiddleware<PortalSetup>();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Store}/{id?}");
});
}
I ended up customising the standard OIDC middleware to take those parameters at runtime via the ChallengeAsync call. It’s actually pretty straight forward.