Closed jorgearana closed 1 year ago
josephdecock
commented
1 year ago You need to configure data protection for you application. Data protection is a core service of ASP.NET that provides encryption and signing. In a local dev environment, the default configuration works fine, but to deploy it usually requires more configuration. IdentityServer makes pretty extensive use of data protection, so you'll definitely want to configure it. See more details here.
jorgearana
commented
1 year ago Thanks for the reply.
It never ceases to amaze me how difficult it is to work with your software, since it is added by Visual Studio and it does not tell us how complicated it is going to be to use it.
I see in the link this configuration, but it does not indicate if this is possible to place it in a blazor wasm core hosted project
var builder = services.AddIdentityServer(options => { // set path to store keys options.KeyManagement.KeyPath = "/home/shared/keys"; });
The folder key is in the blazor server project, but i don't know if "/home/shared/keys" should be the right path.
Please let me know if there is any video about set your software, i am surfing for your web page, but the more I browse your website, the less I understand what I should do.
Thanks again
Ing. Jorge A. Arana Neyra 980 599 023 www.jorgearananeyra.comhttp://www.jorgearananeyra.com "Bienvenido a la nube, programas y datos que pueden ser vistos por todos sin gastar en servidores "
De: Joe DeCock @.> Enviado: lunes, 26 de junio de 2023 13:42 Para: DuendeSoftware/Support @.> Cc: Joge Arana @.>; Author @.> Asunto: Re: [DuendeSoftware/Support] The key was not found in the key ring (Issue #734)
You need to configure data protection for you application. Data protection is a core service of ASP.NET that provides encryption and signing. In a local dev environment, the default configuration works fine, but to deploy it usually requires more configuration. IdentityServer makes pretty extensive use of data protection, so you'll definitely want to configure it. See more details herehttps://docs.duendesoftware.com/identityserver/v6/deployment/data_protection/.
— Reply to this email directly, view it on GitHubhttps://github.com/DuendeSoftware/Support/issues/734#issuecomment-1608036825, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABWB2QOAATTEV4CFIIIAGO3XNHJ2LANCNFSM6AAAAAAZMLIS44. You are receiving this because you authored the thread.Message ID: @.***>
brockallen
commented
1 year ago It never ceases to amaze me how difficult it is to work with your software, since it is added by Visual Studio and it does not tell us how complicated it is going to be to use it.
If you did not choose to use it, then perhaps it's not the right tool for what you're trying to do? We provide a document explaining about this here: https://docs.duendesoftware.com/identityserver/v6/upgrades/spa_to_duende/
jorgearana
commented
1 year ago Thanks Brock i will read the document.
Ing. Jorge A. Arana Neyra 980 599 023 www.jorgearananeyra.comhttp://www.jorgearananeyra.com "Bienvenido a la nube, programas y datos que pueden ser vistos por todos sin gastar en servidores "
De: Brock Allen @.> Enviado: jueves, 29 de junio de 2023 10:39 Para: DuendeSoftware/Support @.> Cc: Joge Arana @.>; Author @.> Asunto: Re: [DuendeSoftware/Support] The key was not found in the key ring (Issue #734)
It never ceases to amaze me how difficult it is to work with your software, since it is added by Visual Studio and it does not tell us how complicated it is going to be to use it.
If you did not choose to use it, then perhaps it's not the right tool for what you're trying to do? We provide a document explaining about this here: https://docs.duendesoftware.com/identityserver/v6/upgrades/spa_to_duende/
— Reply to this email directly, view it on GitHubhttps://github.com/DuendeSoftware/Support/issues/734#issuecomment-1613430855, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABWB2QN3E4DOHJUO2KMXWADXNWOT7ANCNFSM6AAAAAAZMLIS44. You are receiving this because you authored the thread.Message ID: @.***>
josephdecock
commented
1 year ago Is anything further needed on this issue, or should we close it?
jorgearana
commented
1 year ago Well, you can close it, but, i could't find a solution.
I am looking for another way to authenticate the users
Thanks
Obtener Outlook para Androidhttps://aka.ms/AAb9ysg
From: Joe DeCock @.> Sent: Saturday, July 8, 2023 12:54:54 PM To: DuendeSoftware/Support @.> Cc: Joge Arana @.>; Author @.> Subject: Re: [DuendeSoftware/Support] The key was not found in the key ring (Issue #734)
Is anything further needed on this issue, or should we close it?
— Reply to this email directly, view it on GitHubhttps://github.com/DuendeSoftware/Support/issues/734#issuecomment-1627443258, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABWB2QMO4GPBJLYQ2XSEBN3XPGNG5ANCNFSM6AAAAAAZMLIS44. You are receiving this because you authored the thread.Message ID: @.***>
Dear Sirs, i created a default blazor Wasm with IdentityServer. In my local pc it works, but when i deploy it, i receive the error "The key {} was not found in the key ring"
My program.cs is:
`var builder = WebApplication.CreateBuilder(args);
// Add services to the container. var connectionString = builder.Configuration.GetConnectionString("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found."); builder.Services.AddDbContext(options =>
options.UseSqlServer(connectionString));
builder.Services.AddDbContext(options =>
options.UseSqlServer( builder.Configuration.GetConnectionString("DefaultConnection"), sqlServerOptionsAction: sqlOptions => {
sqlOptions.EnableRetryOnFailure();
}), ServiceLifetime.Transient);
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddDefaultIdentity(options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequireDigit = true;
options.Password.RequireNonAlphanumeric = true;
options.Password.RequiredLength = 8;
options.Password.RequireLowercase = true;
}) .AddRoles()
.AddEntityFrameworkStores();
builder.Services.AddIdentityServer(options => { // new key every 30 days options.KeyManagement.RotationInterval = TimeSpan.FromDays(30);
}) //.AddApiAuthorization<ApplicationUser, ApplicationDbContext>() .AddApiAuthorization<ApplicationUser, ApplicationDbContext>(options => { options.IdentityResources["openid"].UserClaims.Add("role"); options.ApiResources.Single().UserClaims.Add("role"); });
// Need to do this as it maps "role" to ClaimTypes.Role and causes issues System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler .DefaultInboundClaimTypeMap.Remove("role");
builder.Services.AddAuthentication() .AddIdentityServerJwt();
builder.Services.AddControllersWithViews(); builder.Services.AddRazorPages();
builder.Services.AddSingleton();
builder.Services.AddTransient<IEmailSender, MailKitEmailSender>();
builder.Services.Configure(options =>
{
options.Host_Address = "mail.controlkd.com";
options.Host_Port = 8889; // por si acaso el ISP bloquee el puerto 25
options.Host_Username = "administrador@controlkd.com";
options.Host_Password = "xxxxxxxxx";
options.Sender_EMail = "administrador@controlkd.com";
options.Sender_Name = "administrador de Control KD";
});
builder.Services.AddAutoMapper(typeof(Program));
builder.Services.AddSwaggerGen();
//Esto evita las referencias circulares en la API builder.Services.AddControllers().AddJsonOptions(x => x.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles);
var app = builder.Build();
// Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseMigrationsEndPoint(); app.UseWebAssemblyDebugging(); app.UseSwagger(); app.UseSwaggerUI(); app.UseDeveloperExceptionPage(); //app.UseBrowserLink(); } else { app.UseExceptionHandler("/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); }
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles(); app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer(); app.UseAuthorization();
app.MapRazorPages(); app.MapControllers(); app.MapFallbackToFile("index.html");
app.Run(); `
In my local pc it works ok. But when i deploy it i received this message:
fail: Duende.IdentityServer.Services.KeyManagement.KeyManager[0] Error unprotecting key with kid 077E891A7FEAF095A5B233B9CD39B10F. System.Security.Cryptography.CryptographicException: The key {8c9348af-a2db-4e42-9713-40e0c9ac954d} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData) at Duende.IdentityServer.Services.KeyManagement.DataProtectionKeyProtector.Unprotect(SerializedKey key) in /_/src/IdentityServer/Services/Default/KeyManagement/DataProtectionKeyProtector.cs:line 56 at Duende.IdentityServer.Services.KeyManagement.KeyManager.b__200(SerializedKey x) in //src/IdentityServer/Services/Default/KeyManagement/KeyManager.cs:line 431
There are many lines similar to this are displayed.
This is finally shown
info: Duende.IdentityServer.Services.KeyManagement.KeyManager[0] Active signing key found with kid 045AA4B22F197100B7C10E4558847D35 for alg RS256. Expires in 59.23:59:54. Retires in 74.23:59:54 info: Duende.IdentityServer.Hosting.IdentityServerMiddleware[0] Invoking IdentityServer endpoint: Duende.IdentityServer.Endpoints.AuthorizeEndpoint for /connect/authorize info: Duende.IdentityServer.ResponseHandling.AuthorizeInteractionResponseGenerator[0] Showing login: User is not authenticated info: Duende.IdentityServer.ResponseHandling.AuthorizeInteractionResponseGenerator[0] Changing response to LoginRequired: prompt=none was requested info: Duende.IdentityServer.Endpoints.AuthorizeEndpoint[0] { "ClientId": "ProtegiaWasm.Client", "ClientName": "ProtegiaWasm.Client", "RedirectUri": "https://protegia.jorgearananeyra.com/authentication/login-callback", "AllowedRedirectUris": [ "/authentication/login-callback" ], "SubjectId": "anonymous", "ResponseType": "code", "ResponseMode": "query", "GrantType": "authorization_code", "RequestedScopes": "ProtegiaWasm.ServerAPI openid profile", "State": "a6eee0d4230d47a4aec3494c50acf4d3", "PromptMode": "none", "SessionId": "", "Raw": { "client_id": "ProtegiaWasm.Client", "redirect_uri": "https://protegia.jorgearananeyra.com/authentication/login-callback", "response_type": "code", "scope": "ProtegiaWasm.ServerAPI openid profile", "state": "a6eee0d4230d47a4aec3494c50acf4d3", "code_challenge": "UiYIxoO7zjzxcxfyF9FGx9AwWsY9LZdMsN-zhexbs_E", "code_challenge_method": "S256", "prompt": "none", "response_mode": "query" } } info: Duende.IdentityServer.Events.DefaultEventService[0] { "ClientId": "ProtegiaWasm.Client", "ClientName": "ProtegiaWasm.Client", "RedirectUri": "https://protegia.jorgearananeyra.com/authentication/login-callback", "Endpoint": "Authorize", "Scopes": "ProtegiaWasm.ServerAPI openid profile", "GrantType": "authorization_code", "Error": "login_required", "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "ActivityId": "0HMRGRKJOKCHC:00000002", "TimeStamp": "2023-06-19T15:52:29Z", "ProcessId": 2204, "LocalIpAddress": "127.0.0.1:40265", "RemoteIpAddress": "x.x.x.x"