Activities of "duyan11110"

Hi,

Thank you so much for your prompt support. It works now.

I use HTTP not HTTPS. In AdministrationService, it has the same setting and work fine (no need HTTPS).

"AuthServer": {
    "Authority": "http://authserver:7000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger.DockerHttp"
  },
  "RemoteServices": {
    "AbpIdentity": {
      "BaseUrl": "http://identityservice.httpapi.host:7002/",
      "UseCurrentAccessToken": "false"
    }
  },
  "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials",
      "ClientId": "AdministrationService.DockerHttp",
      "ClientSecret": "1q2w3e*",
      "Authority": "http://authserver:7000",
      "Scope": "IdentityService"
    }
  },

• ABP Framework version: 7.0.3
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to http://authserver:7000/.well-known/openid-configuration. HTTPS required. Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to http:/authserver:7000/.well-known/openid-configuration. HTTPS required. at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName) at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.IdentityModel.Web.HttpContextIdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at MyService.TransactionReports.TransactionReportClientProxy.GenerateReportFileAsync() in ...\MyService.HttpApi.Client\ClientProxies\TransactionReportClientProxy.Generated.cs:line 150 at BackgroundWorker.MyService.ScanErrorFileWorker.SendReportFile() in ...\apps\background-workers\src\BackgroundWorker\MyService\ScanErrorFileWorker.cs:line 86 at BackgroundWorker.MyService.ScanErrorFileWorker.Execute(IJobExecutionContext context) in ...\apps\background-workers\src\BackgroundWorker\MyService\ScanErrorFileWorker.cs

Steps to reproduce the issue: I'm using Quartz background worker to call an authorized app service method with above error. Here's appsettings.json:

"RemoteServices": {
    "MyService": {
      "BaseUrl": "http://myservice.httpapi.host:7005/",
      "UseCurrentAccessToken": "false"
    }
  },
  "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials",
      "ClientId": "BackgroundWorker.DockerHttp",
      "ClientSecret": "1q2w3e*",
      "Authority": "http://authserver:7000",
      "Scope": "MyService"
    }
  }

[DependsOn(
    typeof(AbpAutofacModule),
    typeof(AbpBackgroundWorkersQuartzModule),
	typeof(AbpHttpClientIdentityModelWebModule),
	typeof(AbpIdentityHttpApiClientModule),
	...
)]
public class BackgroundWorkerModule : AbpModule
{
    public override Task OnApplicationInitializationAsync(ApplicationInitializationContext context)
    {
        var logger = context.ServiceProvider.GetRequiredService<ILogger<BackgroundWorkerModule>>();
        var configuration = context.ServiceProvider.GetRequiredService<IConfiguration>();
        logger.LogInformation($"MySettingName => {configuration["MySettingName"]}");

        var hostEnvironment = context.ServiceProvider.GetRequiredService<IHostEnvironment>();
        logger.LogInformation($"EnvironmentName => {hostEnvironment.EnvironmentName}");

        return Task.CompletedTask;
    }
}

OpenIdDictDataSeeder.cs

//Background Worker
await CreateApplicationAsync(
	name: "BackgroundWorker.DockerHttp",
	type: OpenIddictConstants.ClientTypes.Confidential,
	consentType: OpenIddictConstants.ConsentTypes.Implicit,
	displayName: "Background Worker",
	secret: "1q2w3e*",
	grantTypes: new List<string>
	{
		OpenIddictConstants.GrantTypes.ClientCredentials
	},
	
	scopes: commonScopes.Union(new[] { "MyService" }).ToList(),
	permissions: new List<string> { MyServicePermissions.TransactionReports.Default, MyServicePermissions.TransactionReports.GenerateFile }
);

How can I fix it? Thank you.

The escape character is added automatically when I copy and paste and then format it with code block. I saw the docker compose file of application template, it's the same as the one I created for microservice template. The problem is I can't trust the self-sign certificate which generated for each service domain name. Could you pls try to create a test app based on microservice template and configure docker compose for it to reproduce my issue?

Hi,

No more information?

Any update, pls?

I used host file to map like this: 127.0.0.1 mydomain.webgateway As you can see in my docker compose file:

volumes:
- ~/.aspnet/https:/https:ro

Is that correct way to map certificate file? I can see all mapped pfx files in https folder of the container.

I already generated pfx file with this command: New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "mydomain.webgateway" -FriendlyName "mydomain.webgateway" -NotAfter (Get-Date).AddYears(10) (because the URL is not localhost, they are container names instead), added to Trusted Root Certification Authorities on Local Machine and mounted successfully, but the error still occurs.

For linux, pfx is problematic as far as i know. You can use OpenSSL to generate self-signed certificate.

Do you mean linux for host or container? I use Windows host but linux container. Do I have to use OpenSSL to generate certificate? If yes, how to use that certificate in docker-compose file?

• ABP Framework version: 7.0.3
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) System.Net.Security.SslStream.ForceAuthenticationAsync(bool receiveFirst, byte[] reAuthenticationData, CancellationToken cancellationToken) System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, bool async, Stream stream, CancellationToken cancellationToken) HttpRequestException: The SSL connection could not be established, see inner exception. System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, bool async, Stream stream, CancellationToken cancellationToken) System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken) System.Threading.Tasks.ValueTask.get_Result() System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken) System.Threading.Tasks.ValueTask.get_Result() System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem) System.Threading.Tasks.TaskCompletionSourceWithCancellation.WaitWithCancellationAsync(CancellationToken cancellationToken) System.Threading.Tasks.ValueTask.get_Result() System.Net.Http.HttpConnectionPool+HttpConnectionWaiter.WaitForConnectionAsync(bool async, CancellationToken requestCancellationToken) System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, bool async, bool doRequestAuth, CancellationToken cancellationToken) System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, bool async, CancellationToken cancellationToken) System.Threading.Tasks.ValueTask.get_Result() System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, bool async, CancellationToken cancellationToken) Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken) Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendCoreAsync(HttpRequestMessage request, Context context, CancellationToken cancellationToken) Polly.Retry.AsyncRetryEngine.ImplementationAsync(Func&lt;Context, CancellationToken, Task> action, Context context, CancellationToken cancellationToken, ExceptionPredicates shouldRetryExceptionPredicates, ResultPredicates shouldRetryResultPredicates, Func&lt;DelegateResult, TimeSpan, int, Context, Task> onRetryAsync, int permittedRetryCount, IEnumerable sleepDurationsEnumerable, Func&lt;int, DelegateResult, Context, TimeSpan> sleepDurationProvider, bool continueOnCapturedContext) Polly.AsyncPolicy.ExecuteAsync(Func&lt;Context, CancellationToken, Task> action, Context context, CancellationToken cancellationToken, bool continueOnCapturedContext) Microsoft.Extensions.Http.PolicyHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.g__Core|5_0(HttpRequestMessage request, CancellationToken cancellationToken) System.Net.Http.HttpClient.g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, bool disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext) AbpRemoteCallException: An error occurred during the ABP remote HTTP request. (The SSL connection could not be established, see inner exception.) See the inner exception for details. Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext) Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(ClientProxyRequestContext requestContext) Volo.Abp.Http.Client.ClientProxying.ClientProxyBase.RequestAsync(string methodName, ClientProxyRequestTypeValue arguments) Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync(ApplicationConfigurationRequestOptions options) Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetRemoteConfigurationAsync() Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.b__16_0() Volo.Abp.Caching.DistributedCache&lt;TCacheItem, TCacheKey>.GetOrAddAsync(TCacheKey key, Func&lt;Task> factory, Func optionsFactory, Nullable hideErrors, bool considerUow, CancellationToken token) Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync() Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync() Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync() Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass6_1+<b__1>d.MoveNext() Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
• Steps to reproduce the issue:"
• Docker compose file:

    version: '3.4'

services:
mydomain.authserver:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7000
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.authserver\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7000:7000"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro

mydomain.web:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7004
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.web\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7004:7004"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro

mydomain.webgateway:
environment:
\- ASPNETCORE\_ENVIRONMENT=Development
\- ASPNETCORE\_URLS=https://\+:7500
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Path=/https/mydomain\.webgateway\.pfx
\- ASPNETCORE\_Kestrel\_\_Certificates\_\_Default\_\_Password=
ports:
\- "7500:7500"
volumes:
\- \~/\.aspnet/https:/https:ro
\- $\{APPDATA\}/Microsoft/UserSecrets:/root/\.microsoft/usersecrets:ro

appsettings.json for Web project

{
"App": {
"SelfUrl": "[https://mydomain.web:7004"](https://mydomain.web:7004%22)
},
"AuthServer": {
"Authority": "[https://mydomain.authserver:7000"](https://mydomain.authserver:7000%22),
"RequireHttpsMetadata": "true",
"ClientId": "Web.Docker",
"ClientSecret": "1q2w3e\*",
"IsOnK8s": "false",
"MetaAddress": "[https://mydomain.authserver:7000"](https://mydomain.authserver:7000%22)
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "\*",
"RemoteServices": {
"Default": {
"BaseUrl": "https:/mydomain.webgateway:7500"
}
}
}

I tried to add above pfx files to Trusted Root on my machine and the guide here: https://ubuntu.com/server/docs/security-trust-store but it didn't work. Pls help