search

XacronDevelopment / oauth-aspnet

An ASP.NET Core compatible port of the OAuth Authorization Server Middleware from Microsoft's Project Katana (Microsoft.Owin.Security.OAuth)
Apache License 2.0
25 stars 16 forks source link

System.UnauthorizedAccessException is thrown when trying to log in #5

Open gisek opened 9 years ago

gisek commented 9 years ago

I gave a try to your solution, but it seems not to work on Azure. Actually neither does it work locally unless I ran VS as admin.

I get an error when I click "Grant" button in popup window from ImplicitGrantClient2 (running ImplicitGrantClient2 , AuthorizationServer, ResourceServer2):

System.UnauthorizedAccessException
Access to the path 'C:\WINDOWS\TEMP' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) 
at System.IO.FileSystemEnumerableIterator<TSource>.CommonInit() 
at System.IO.FileSystemEnumerableIterator<TSource>..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler<TSource> resultHandler, Boolean checkHost)
at System.IO.DirectoryInfo.EnumerateFileSystemInfos(String searchPattern, SearchOption searchOption) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.<GetAllElementsCore>d__15.MoveNext() 
at System.Collections.Generic.List<T>..ctor(IEnumerable<T> collection) 
at System.Linq.Enumerable.ToList<TSource>(IEnumerable<TSource> source) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.GetAllElements() 
at Microsoft.AspNet.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNet.DataProtection.KeyManagement.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRing() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)

I guess the problem is the default value for:

OAuthAuthorizationServerOptions.TokenDataProtector

Set here:

OAuthAuthorizationServerMiddleware

In this line:

Options.TokenDataProtector = new DataProtectionProvider(new DirectoryInfo(Environment.GetEnvironmentVariable("Temp", EnvironmentVariableTarget.Machine))).CreateProtector("OAuth.AspNet.AuthServer");

I'm not sure if this qualifies as a bug, but I couldn't find another implementation of IDataProtector to work with ASP.Net 5 MVC 6. Also this way I couldn't make it work on Azure.

Xacron commented 9 years ago

@gisek you are correct that this behavior is due to the default DataProtectionProvider. I believe the local admin requirement is as a result of IIS Express, when deployed to IIS you would provide your own instance of DataProtectionProvider using a directory that you have provisioned your app pools to have rights to.

I haven't tired running this solution in Azure but I can do some research to figure out how to configure ASP.NET Data Protection for that environment and get back to you.

gisek commented 9 years ago

@Xacron That would be great. Thanks.