ABP Framework version: v7.3.2
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): Tiered and Auth Server not seperated
Exception message and full stack trace:
Exception: Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=7.3.2.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details. ---> System.Security.Cryptography.CryptographicException: The specified network password is not correct. at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan
1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags) at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at Enteqali.EnteqaliHttpApiHostModule.GetEncryptionCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration) in D:\SourceCode\Entiqali\src\Enteqali.HttpApi.Host\EnteqaliHttpApiHostModule.cs:line 388 at Enteqali.EnteqaliHttpApiHostModule.<>c__DisplayClass0_0.<PreConfigureServices>b__2(OpenIddictServerBuilder builder) in D:\SourceCode\Entiqali\src\Enteqali.HttpApi.Host\EnteqaliHttpApiHostModule.cs:line 84 at Volo.Abp.Options.PreConfigureActionList1.Configure(TOptions options) at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder) at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action1 configuration) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services) at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context) at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context) at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() --- End of inner exception stack trace --- at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync() at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction) at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction) at Program.$(String[] args) in D:\SourceCode\Entiqali\src\Enteqali.HttpApi.Host\Program.cs:line 15 Steps to reproduce the issue:
once I deploy my project on azure, while if i deploy it on my local dev server the pfx is working normally below is the code your support is highly appreciated
public override void PreConfigureServices(ServiceConfigurationContext context)
{
IWebHostEnvironment hostingEnvironment = context.Services.GetHostingEnvironment();
IConfiguration configuration = context.Services.GetConfiguration();
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("Enteqali");
options.UseLocalServer();
options.UseAspNetCore();
});
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddEncryptionCertificate(
GetEncryptionCertificate(hostingEnvironment, context.Services.GetConfiguration()));
builder.AddSigningCertificate(
GetSigningCertificate(hostingEnvironment, context.Services.GetConfiguration()));
builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
}
}
private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv,
IConfiguration configuration)
{
var fileName = $"cert-signing.pfx";
var passPhrase = "Enteqali";
var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
if (File.Exists(file))
{
var created = File.GetCreationTime(file);
var days = (DateTime.Now - created).TotalDays;
if (days > 180)
File.Delete(file);
else
return new X509Certificate2(file, passPhrase,
X509KeyStorageFlags.MachineKeySet);
}
// file doesn't exist or was deleted because it expired
using var algorithm = RSA.Create(keySizeInBits: 2048);
var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
var request = new CertificateRequest(subject, algorithm,
HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(
X509KeyUsageFlags.DigitalSignature, critical: true));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddYears(2));
File.WriteAllBytes(file, certificate.Export(X509ContentType.Pfx, string.Empty));
return new X509Certificate2(file, passPhrase,
X509KeyStorageFlags.MachineKeySet);
}
private X509Certificate2 GetEncryptionCertificate(IWebHostEnvironment hostingEnv,
IConfiguration configuration)
{
var fileName = $"cert-encryption.pfx";
var passPhrase = "Enteqali";
var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
if (File.Exists(file))
{
var created = File.GetCreationTime(file);
var days = (DateTime.Now - created).TotalDays;
if (days > 180)
File.Delete(file);
else
return new X509Certificate2(file, passPhrase,
X509KeyStorageFlags.MachineKeySet);
}
// file doesn't exist or was deleted because it expired
using var algorithm = RSA.Create(keySizeInBits: 2048);
var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
var request = new CertificateRequest(subject, algorithm,
HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
request.CertificateExtensions.Add(new X509KeyUsageExtension(
X509KeyUsageFlags.KeyEncipherment, critical: true));
var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddYears(2));
File.WriteAllBytes(file, certificate.Export(X509ContentType.Pfx, string.Empty));
return new X509Certificate2(file, passPhrase, X509KeyStorageFlags.MachineKeySet);
}
8 Answer(s)
-
0
hi
Is this error only happen when
file doesn't exist or was deleted because it expired? -
0
Hi
Actually the file exists on Azure and it has not expired
-
0
The specified network password is not correct.
hi
I guess the
passPhraseis incorrect. You can try with another password or re-generate a new pfx file. -
0
can you give me the correct step to generate pfx file
-
0
hi
dotnet dev-certs https -v -ep authserver.pfx -p YOURPASSWORD -
0
thanks i will try it and get back to you if it work or not
-
0
: )
-
0
it work thanks alot :)
