i have an nginx acting as a proxy server and behind it there's an auth server (https://neoauth-uat-test.dawaa24.com/) hosted on IIS
i am requesting the endpoint https://neoauth-uat-test.dawaa24.com/connect/token to get the token and it's responding to me with 200 Status Code and give me access token and refresh token
those two tokens should be saved in the Auth Database
**The Problem is that it doesn't save any **
upon review the Auth logs i see this error
2024-05-05 14:23:46.556 +04:00 [ERR] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {9f5dc130-2567-47b5-93b6-328773960f1d} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
I don't know if it's related or not but how can i solve this issue
I followed the Microsoft docs for configuring the Nginx for dot net from this link Configure Nginx
I completely lost and spend two days troubleshooting without getting anywhere
if someone can help with this i would be very grateful
Additional Note: https://neoauth-uat-test.dawaa24.com/ from the Web UI i can login to the Auth Server Like in the Picture
Confirmed,
Kindly remove the response/Ticket
Done
Hi,
Ok, Although I don't recommend you to do this, it should be possible.
For example(this just is an idea):
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IDistributedCache))] public class MyRedisCache : IDistributedCache, ICacheSupportsMultipleItems { private readonly AbpRedisCache _cache; public MyRedisCache(AbpRedisCache cache) { _cache = cache; } public byte[]? Get(string key) { if (IsRedisAvailable()) { return _cache.Get(key); } return null; } protected virtual bool IsRedisAvailable() { // check redis connection return true; } ..... } public override void ConfigureServices(ServiceConfigurationContext context) { ..... context.Services.AddSingleton<AbpRedisCache>(); }
hi
thanks for quick response
I believe this check is performed after the initial start-up, in my case the app is not starting at all
on start application if Redis connection string is not available / URL not correct, how can i skip it and continue the start-up
because right now the application crashes if the Redis URL not available ? and the Try/Catch Solution didn't worked also
Hi,
I think you shouldn't stop the application from crashing if Redis server is not available
In distributed and microservice applications, distributed caching is necessary. It's like SQLServer. Imagine if the SQLServer is unavailable, will you choose to keep the application running?
You can check this: https://support.abp.io/QA/Questions/6344/Why-do-we-need-to-install-Redis-When-is-it-used-Why-Redis-is-needed
Hi liangshiwei
I already have a Redis cluster, But my point is that Redis is add-on for the application for optimization and therefore the application should consider it as optional,
let's say that for whatever reason the Redis server is not available or can't accept connection in that case can i skip it and get the data i want from my SQL DB server
because right now my application just crashes if redis is not there
I have an Application that uses the ABP Commercial Template,
in the appsettings.json i have a Redis server configured,
The current situation is when the application can't find the Redis server it will crash what i want is: when the application first start-up, if the Redis server is not available for some reason i want to skip it and continue to run and fetch Data from the SQL DB
Later on when the application try to fetch data it will check for Redis server availability if found it will fetch data from it, if not it will continue to the SQL DB Is that doable ?
Hi
this is the exact same configuration we have but we are using HTTPS instead of HTTP.
could you please run as HTTPS and confirm that it is working?
Hi
Changing the audience didn't make any difference.
Just to keep in mind this application is in production and it is operating well using the IIS web server.
This issue is related to the Kubernetes deployment where we need to add another endpoint to auth-server in order to communicate with it within the internal cluster, so the metadata address is the http://<k8s service name> and the authority is https://<the external domain name> when metadata address is added to the code the errors in ticket start to appear, while if we stick with the authority URL only it will not be reachable from inside the cluster.
I hope that this will clarify the situation we have.
Hi Anjali
actually, we don't have PreConfigureService
but this is ConfigureService if you want to check
and this is the configure authentication for adding the metadata URL
and from Swagger, i can execute any API with a 200 status code
but when we log in from the angular app it throws the following error
It requests the jwks from HTTPS while it is the auth-server is operating on HTTP in the local environment
requirehttpsmetadata is false in the angular environment.json, backend, and auth-server appsettings.json
this is where we reach tell now.
I hope that you can help us fix this issue.
thank you,