Activities of "viswajwalith"

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

The client secret you provided is wrong.

I dont think so, because it is getting autenticated in the next attept. If CLient Secret is the proble how come it can be authenticated from next time. If you I can share the screen and show u.

• ABP Framework version: v4.2.2
• UI type: MVC
• DB provider: EF Core / MongoDB
• Tiered (MVC) or Identity Server Separated (Angular): yes , Microservice Architecture
• Exception message and stack trace:

--- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync() 2021-04-12 18:17:38.608 +05:30 [INF] Request finished HTTP/2 GET https://localhost:451/ - - - 500 - - 12.5611ms 2021-04-12 18:23:16.287 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-12 18:23:16.293 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.293 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-12 18:23:16.299 +05:30 [ERR] Connection ID "17005592220331409569", Request ID "800000a2-0006-ec00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ After using IIS express development Certificate in IIS getting the below error ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2021-04-14 12:27:53.400 +05:30 [INF] Request starting HTTP/2 GET https://localhost:451/ - - 2021-04-14 12:27:53.403 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.403 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 12:27:53.412 +05:30 [ERR] Connection ID "17149707399817330746", Request ID "8000003b-0004-ee00-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

• Steps to reproduce the issue:

1. Created the solution with Microservice Architecture

2. Deployed all nesessary servier into Local IIS (for testing) with HTTPS and Local Signed certificate

3. Updated the relevent URLS across deployed projects appsettings.json

4. All of the Projects except (UI layer) is working fine with https calls

5. Access the WebURL (UI Layer) ,

6. How to resolve this issue any idea?

7. what if we need to use http in the place of https? what are the things we need to perfom at code level.

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

The client secret you provided is wrong.

I dont think so, because it is getting autenticated in the next attept. If CLient Secret is the proble how come it can be authenticated from next time. If you I can share the screen and show u.

Is the issue solved? IdentityServer doesn't throw random errors.

The logs below indicates that EmployeeManagement_Swagger client secret is wrong (probably doesn't exist).

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

Navigate to appsettings of your api gateway and check the IdentityServer section. There should be IdentityModel configuration like: <br>

"AuthServer": { 
  "Authority": "https://localhost:44322", 
  "RequireHttpsMetadata": "true", 
  "SwaggerClientId": "EmployeeManagement_Swagger", 
  "SwaggerClientSecret": "1q2w3e*" 
}, 

This is the configuration of AddAbpSwaggerGenWithOAuth.

Please, share your appsettings identityserver configuration and swaggerAuth configuration located in module if the problem still persists.

I think its better to have a screenshare session to explain the exact issue. Please advise.

There are 3 applications as you have noticed:

• AuthServer (IdentityServer)
• Public application (Razor/MVC)
• Web app (back-office application that can be Razor/Mvc-Angular-Blazor-BlazorServer)

What is your web app? Angular, Razor, Blazor or Blazor.Server?

We are getting the issue when running the UI layer with MVC. DO u have any more questions.

ng you can't lo

Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace ---

Please advise.

Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - - 2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition" 2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.

Not only the port, the protocol also you need to update. It should be http://localhost. It is still making requests to old url. Try recycling the application from the iis pool.

Although your main problem with https is with your IIS server. The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot. You need to trust your self signed certificate.

I tried those already but didnt worked. Will try with some work around and update you accordingly.

Hi @gterdem, My Auth Server is already running with https, in fact all of my services are running with https on my local IIS with IIS self signed certificate.

As you said I have updated by Web layer port to 4510(I dont think this is the issue) but still getting the below certificate error which I mentioned earlier.

2021-04-14 19:22:17.794 +05:30 [INF] Request starting HTTP/2 GET https://localhost:4510/ - -
2021-04-14 19:22:17.852 +05:30 [INF] Start processing HTTP request GET "https://localhost:450/api/abp/api-definition"
2021-04-14 19:22:17.852 +05:30 [INF] Sending HTTP request GET "https://localhost:450/api/abp/api-definition"
2021-04-14 19:22:17.915 +05:30 [ERR] Connection ID "17942340921349636135", Request ID "80000028-0001-f900-b63f-84710c7967bb": An unhandled exception was thrown by the application.

Not only the port, the protocol also you need to update. It should be http://localhost.
It is still making requests to old url. Try recycling the application from the iis pool.

Although your main problem with https is with your IIS server. The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot. You need to trust your self signed certificate.

I tried those already but didnt worked. Will try with some work around and update you accordingly.

Finally we are able to get that working after using the valid SSL certificate. but with IIS self signed and other generated certificates issue is still there.

I am closing this as it is working with actual SSL certificate. Thanks for the support.

• ABP Framework version: v3
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): MicroService
• Exception message and stack trace:
• Steps to reproduce the issue: Just create a App with Microservice template using ABP Suite

When I create a sample Application with Microservice template using ABP Suite , The solution is not compailing. The root cause is depended projects are not part of initial solution file. We dont have the .csproject files for AdministrationService and other dependent projects to add those. The one way is to add depended projects & test projects manually to the solution folder structure and give a try but that is a un necessary task on Template. Please advise..

Also I dont think this is a support ticket as it ws a bug in the 4.3 version. So please exclude this ticket from the count.

If possible please provide a syntax to create a MicroService Template using CLI so that we cangive a try.

It worked thanks, but had to do that multiple times one after other :)

It worked thanks, but had to do that multiple times one after other :)

I think there still some issues with micro service template, We have added the new service using "abp new OrderService -t microservice-service-pro -d mongodb. Message showed saying the Service is created with MongoDB but It got created with EF core only. After that we followed all steps in https://docs.abp.io/en/commercial/latest/startup-templates/microservice/add-microservice, In fact I am able to make changes to use MongoDB manually and initial setup is good. But Facing some issues with Permissions. I am able to see the permissions in UI and those are selected still when trying to access my newly created service getting permission issue

{ "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": {}, "validationErrors": null }

I cross verified the permission related data in Identity DB and looks good. Also If I comment Authroize attribute in my service. able to do CRUD operations.

Can you please help us.