The Authentication service is configured primarly for usage in Vokabulář webový, so it has some predefined values for this usage.
The Authentication service project is consists of the three important parts:
The configuration for local Development is prepared directly in the solution.
It is highly recommended to disable NPM and Bower restore in Visual Studio and use Yarn instead of it.
Development environment is using app setting files with name "LocalDebug", e.g.
appsettings.LocalDebug.json
ormodules.LocalDebug.json
YarnInstall.ps1
in root folder)LocalDebug
environmentLocalDebug
configurationDeployment to Production or Staging server requires creating specific configurations. The app configuration can be placed in C:\Pool\itjakub-secrets\Auth
and C:\Pool\itjakub-secrets\DatabaseMigratorAuth
folder on build computer. The configuration is separated to avoid commiting sensitive files to git. The files in this folder are included to publish package during build.
Default deployment script assumes that the Authentication Service will be placed in Default Web Site/Auth
site, e.g. https://localhost/Auth
.
modules.Production.json
and so onThe Authentication service is using
IocComponentsRegistrationExtensions.RegisterMessageSenders()
method for registering component able to sending some notification messages. Defaultly there are registeredNullSmsSender
andNullEmailSender
which discards all messages.
- Sending e-mails can be enabled by registering component
SmtpEmailSender
instead ofNullEmailSender
- There is no implementation for sending SMS because each gateway have different API
IISRESET
command will be requiredGenerateSigningCertificate.ps1 {ENVIRONMENT_NAME}
in Solution/Ridics.Authentication.Service, fill password, copy to deploy server e.g. into C:\intehub\certs\
. Configure IdentityServer
in appsettings.{ENVIRONMENT_NAME}.json
Load User Profile
to True
(required for storing loaded certificates)modules-autogenerated.xml
with content <configuration></configuration>
in {AUTH_SERVICE_FOLDER}
logs
folder to {AUTH_SERVICE_FOLDER}
DeleteObjBinFolders.ps1
script to allow perform a clean build (optional but recommended step).BuildSolution.ps1 {ENVIRONMENT_NAME}
. Environment names are Development, Production, etc.build\Publish-{ENVIRONMENT_NAME}
to target server.
Ridics.Authentication.Database.Migrator\Migrate.ps1 {ENVIRONMENT_NAME}
to update database.Deploy.AuthService.cmd
.This configuration can be performed in GUI after login:
Not working login to Auth service on linux with application in insecure mode using $env:ASPNETCORE_DISABLE_HTTPS_REDIRECT=true
Problem: YarnInstall (yarn) can not fetch/download packages
Problem: Unable to start application in IIS.
Problem: Logging doesn't work on IIS.
Problem: (IIS Express) Unable to start process dotnet.exe. The web server request failed with status code 403.
applicationUrl
in launchSettings.json
to use HTTPS version.Problem: Load certificate from disk using X509Certificate2 constructor throws CryptographicException: Access denied (probably in IIS)
Problem: Logging doesn't work - no logs are appended to the log file.
Problem: Communication with auth service failed with status 405.
Common HTTP Features > WebDAV Publishing
is not installed in IIS.Problem: Automatic logout from clients when user signs out from auth service does not work
Problem: Application loads first page slowly when deployed to IIS (app is idle after some period of time).
Start Mode
to AlwaysRunning
and Idle Time-out (minutes)
to 0
.Problem: Unable to login on production server if deployed behind proxy server (infinite redirect between WebHub and Authentication service).
Problem: Unable to start ASP.NET Core application InProcess in IIS.
Problem: Auth service failed to start with InvalidOperationException: No service for type 'LiveManager' has been registered
.
ConfigureServices()
method in Startup
class. These exceptions are not propagated to Program
class, so this exception is not logged.