search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
740 stars 99 forks source link

Discovered issues. #661

Closed qq1176914912 closed 11 months ago

qq1176914912 commented 11 months ago

problem 1、The 5001 address revoke access button is not fully displayed and can only be fully displayed when the page is zoomed to 75%.There is this issue when running the project locally. image 2、Use the backend exit project (https://github.com/duendesoftware/samples/tree/main/identityserver/v7/sessionmanagement/backchannelclient) we mentioned earlier to test the refresh token function,I found that when changing the address of the request to refresh the token to your project's 5001 address, the scope in the new access token obtained after clicking refresh token three times is empty. The first two attempts were fine, and the scope became empty from the third attempt onwards. image Doubts 1、Regarding clicking on the exit button on the client side, it will redirect to 5001. Only when the client clicks on 'Revoke session' can the exit be achieved: image You may be doing this to prevent users from accidentally clicking on exit and causing the client to exit.But there is no cancel button on this page. I was wondering if it's possible to add a configuration to the client configuration:Do you need to click on "Revoke session"? I want to do a confirmation exit function on the front end of the client. What I want is for users to exit directly after clicking OK, instead of having to click on "Revoke session" again to exit. 2、I didn't understand the pending requests on the 5001 address. What should I do to make them display the effect? I tried for a while but didn't know how to make them display the effect. image 3、Before each login jump, a certificate selection will appear. What is the use of this? Can it be cancelled? image

qq1176914912 commented 11 months ago

Regarding the issue of deploying to Ubuntu I have downloaded your source code and would like to publish the "SimpleIdServer. IdServer. Startup" project on Ubuntu. I have published the project as a folder and uploaded it to Ubuntu. I have added the following content to the configuration file for domain access: image Then I used dotnet SimpleIdServer on Ubuntu IdServer Startup.dll ran the project and successfully accessed it from outside. image But when I published the "SimpleIdServer. IdServer. Website. Startup" project to Ubuntu using the same operation, it was not accessible from outside. Here is my configuration file: image

The internal error message is: image Do you know why? Do you have any deployment suggestions or steps? This issue seems to be caused by a certificate issue, as these two projects require interaction within the server. However, I tried to access the project address through curl within the server, but it displayed "SSL certificate problem: unable to get local issuer certificate"

simpleidserver commented 11 months ago

Revoke Button Not Displayed & Scope Disappears from Access Token

The CSS style of the Identity Server and the problem with the refresh token have both been fixed in the master branch.

Revoke session.

According to the OPENID-Connect FrontChannel RFC (https://openid.net/specs/openid-connect-frontchannel-1_0.html), when a session is revoked by the user, a UI must be displayed by the Identity Server. It must contain a hidden iframe element with an src attribute equal to the FrontChannelLogoutUrl of the client I added a property in the Client Details screen; you can disable the Revoke session button by setting the Manual action is required to revoke a session property to false. When this property is false, the user's session will end after 3 seconds, and the user will be redirected to the client. The duration can be set in the property EndSessionRedirectionTimeInMS of the IdServerHostOptions class.

Pending requests.

When another user wants to access a specific resource of a user, such as his picture, a pending request is created and will be displayed in this table. This concept comes from the User-Managed Access (UMA) 2.0. For more information, you can refer to this documentation: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html

Hide the popup message (MiCe Root CA)

In the IdServer project, edit the appsettings.json file and set the ClientCertificateMode property to NoCertificate.

Issue of deploying to Ubuntu (certificate problem).

The Administration Website cannot read the OPENID Configuration endpoint because the certificate used by the IdServer is not trusted by your machine. Try installing the certificate into the trust store location (https://ubuntu.com/server/docs/security-trust-store). Another solution is to edit the appsettings.json file of the Administration Website and set the property DefaultSecurityOptions.IgnoreCertificateError to true. Note that this solution is not recommended and is a workaround :).

qq1176914912 commented 11 months ago

I found that the current registration process is unable to successfully register users, there are no errors, and it was still usable before. image

qq1176914912 commented 11 months ago

Revoke Button Not Displayed & Scope Disappears from Access Token

The CSS style of the Identity Server and the problem with the refresh token have both been fixed in the master branch.

Revoke session.

According to the OPENID-Connect FrontChannel RFC (https://openid.net/specs/openid-connect-frontchannel-1_0.html), when a session is revoked by the user, a UI must be displayed by the Identity Server. It must contain a hidden iframe element with an src attribute equal to the FrontChannelLogoutUrl of the client I added a property in the Client Details screen; you can disable the Revoke session button by setting the Manual action is required to revoke a session property to false. When this property is false, the user's session will end after 3 seconds, and the user will be redirected to the client. The duration can be set in the property EndSessionRedirectionTimeInMS of the IdServerHostOptions class.

Pending requests.

When another user wants to access a specific resource of a user, such as his picture, a pending request is created and will be displayed in this table. This concept comes from the User-Managed Access (UMA) 2.0. For more information, you can refer to this documentation: https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html

Hide the popup message (MiCe Root CA)

In the IdServer project, edit the appsettings.json file and set the ClientCertificateMode property to NoCertificate.

Issue of deploying to Ubuntu (certificate problem).

The Administration Website cannot read the OPENID Configuration endpoint because the certificate used by the IdServer is not trusted by your machine. Try installing the certificate into the trust store location (https://ubuntu.com/server/docs/security-trust-store). Another solution is to edit the appsettings.json file of the Administration Website and set the property DefaultSecurityOptions.IgnoreCertificateError to true. Note that this solution is not recommended and is a workaround :).

Issue of deploying to Ubuntu (certificate problem). I followed the steps to add the certificate for the domain name I used: home.hccie.com to Ubuntu, which can now be accessed through curl https://home.hccie.com:25001/master/.well -Know/open configuration and access information: image However, when accessing 5002 from outside, an error still appears: image I don't know if this is related to me setting the "ClientCertificate Mode" in 5001 to "NoCertificate". And I think these two projects are deployed on the same Ubuntu. Is there a need for certificate authentication between them? I think we can set the 'Default Security Options.' Set IgnoreCerticateError to 'true'.

qq1176914912 commented 11 months ago

I now want to expand third-party login. I see that you only have 'Facebook'. If I want to add Google, what should I do in your code?

simpleidserver commented 11 months ago

User Registration (Password)

The issue with user registration has been resolved in the 'master' branch.

Certificate Error

Certainly, you can set the 'IgnoreCertificateError' property to true :)

Google Support

Google authentication is now supported in the 'master' branch. You can review the changes in this commit. https://github.com/simpleidserver/SimpleIdServer/commit/19c762d1f4bfed47f91d8c128ff71de09ef04b92

qq1176914912 commented 11 months ago

User Registration (Password)

The issue with user registration has been resolved in the 'master' branch.

Certificate Error

Certainly, you can set the 'IgnoreCertificateError' property to true :)

Google Support

Google authentication is now supported in the 'master' branch. You can review the changes in this commit. 19c762d

Thank you again for your patient response. Thank you for your hard work. User Registration (Password) Yes, we can now register normally. Regarding registration, it is recommended to add a return button on the page after successful registration. The current situation is that after successful registration, there is no button and only the browser's built-in rollback button can be clicked to return. Google Support Thank you for supporting Google login, but how can I use it? Do I need to add it in this location(Currently, there is only one Facebook here): image If that's the case, can we provide a more flexible method here to facilitate adding third-party logins that you need later. 'Remember me' is not working I am on your testing website‘ https://website.simpleidserver.com/ ’Before logging in, I checked 'Remember me', but after logging out of the webpage, I still need to re-enter my account and password Certificate Authorities Unable to add client certificate image When there is no value filled in in the second step of 'Details', simply click Next. After clicking' Add ', the page will freeze and can only be refreshed image doubt Besides the previous one https://github.com/simpleidserver/simpleidserver/issues/648#issuecomment -Is there any other suggestion to add sqllite to 'Configure Storage' as mentioned in 1855585450? I found this while reviewing your code. Can I also add it here using sqllite? image

qq1176914912 commented 11 months ago

Where does the information configured in Authentications exist? Does it not exist in the database (I am currently using a sqlite database)? For example, when I configure SMS information, I find that after restarting the 5001 project, I need to reconfigure the SMS information. What should I do if I want to store this information in the database? image

qq1176914912 commented 11 months ago

When I click on the email in ACRS and pass the authentication image image The page displays as follows: image When I refresh, it will display: image Is this a normal display effect? I want to know what the correct effect looks like. Do I need to start any other projects besides the "SimpleIdServer. IdServer. Startup" and "SimpleIdServer. IdServer. Website. Startup" projects, or is it incorrect for me to do so?

simpleidserver commented 11 months ago

User Registration (Password)

A redirectUrl parameter can be included in the registration URL, as shown below: https://localhost:5001/master/registration?workflowName=pwd-webauthn&redirectUrl=http://google.com. When this parameter is specified, a Back button will be displayed. You can pass the URL of your website in the parameter.

Google Support

Google does not appear in the list because the ProviderDefinitions tables do not include this new identity provider. I have made some modifications to the Program.cs file to insert the missing identity provider.

Remember Me

I have made some modifications to persist the user's session cookie (AspNetCore.Session.<realm>). Previously, it was removed when the browser was closed :(.

UI Frozen

An unexpected exception was thrown by the identity server; this issue has been addressed and resolved.

Client Authorities

The subject name must start with CN=<value>, for example CN=aa.

Configure Centralized Configuration

If you are using SQLITE, you need to add a case statement in the switch instruction to store distributed configuration and storage into SQLITE. To achieve this, edit the ConfigureCentralizedConfiguration and ConfigureDistributedCache. You can use the Nuget package https://github.com/neosmart/SqliteCache to configure the distributed storage.

The SMTP configuration is not saved because you are using the in-memory implementation. After completing the modifications explained above, it should function correctly.

Documentation about Distributed configuration : https://simpleidserver.com/docs/iam/configuration Documentation about Distributed Caching : https://simpleidserver.com/docs/iam/caching

ACRS & Authentication

The links are used for testing purposes, and the access token can be displayed only once. Therefore, if the page is refreshed, an error access_denied will be displayed.

qq1176914912 commented 11 months ago

Thank you again for your patient response. ACRS 1、I was able to display it normally after email authentication yesterday, but I'm not sure what I did. Today, after authentication, it shows: image image Then I tried to use the new library, but when I clicked on the send verification code, this error occurred. I also tried your master's latest modified project, and it was the same: image 2、If I click on the email inside now and pass the authentication, what should this page display? image Will email be added to the AMR in the token after this step? Currently, there is still some confusion about the specific effects that may occur when using this feature. image About SQLite distributed caching I have referenced the "NeoSmart. Caching. Sqlite. AspNetCore" nuget package as you said, and then added the following configurations in the ConfigCentralizedConfiguration and ConfigDistributedCache, respectively: image image My configuration file is as follows: I have tried using different databases and the same database for these two "ConnectionStrings", image This error will occur in 5001 after startup image 5002 encountered this error: image This is my database file mydatabase.zip

qq1176914912 commented 11 months ago

I added another third-party login method according to the way you added Google. Unlike the other two, the new method has 4 parameters. I found that when I added this information and closed and restarted the project, the information I added disappeared and I had to fill it out again. Google does not have this problem. image

simpleidserver commented 11 months ago

ACR

The issue with the ACR value has been resolved in the Administration Website. The JSON was not parsed correctly. If your BackChannelClient sets the parameter acr to email, then the amr must be equal to email.

Distributed Caching

I have added the SQLITE package to the master branch. An exception was thrown by the Neosmart library because it checks the database structure to contain only 2 tables and one index. Therefore, another connection string must be used.

In your appsettings.json file, the connectionString must be the same.

Custom identity provider

Unfortunately, there is no documentation explaining how to add a new custom Identity Provider. I have created a ticket #666 for that. In the meantime, can you explain what you did to add your custom external identity provider?

qq1176914912 commented 11 months ago

ACR

The issue with the ACR value has been resolved in the Administration Website. The JSON was not parsed correctly. If your BackChannelClient sets the parameter acr to email, then the amr must be equal to email.

Distributed Caching

I have added the SQLITE package to the master branch. An exception was thrown by the Neosmart library because it checks the database structure to contain only 2 tables and one index. Therefore, another connection string must be used.

In your appsettings.json file, the connectionString must be the same.

Custom identity provider

Unfortunately, there is no documentation explaining how to add a new custom Identity Provider. I have created a ticket #666 for that. In the meantime, can you explain what you did to add your custom external identity provider?

Distributed Caching Does your current project already fully support sqlite? Now you only need to configure it in app settings? Custom identity provider I added another type of third-party authorization according to the method you used to add Google (I added WeChat), and added content to each of these classes: image If you need, I can write a complete set of steps next week on how to add the required third-party login, similar to how to add sqlite before.

simpleidserver commented 11 months ago

Indeed, the project fully supports SQLite! It can be useful if you write a complete set of steps on how to add the required third-party components

simpleidserver commented 11 months ago

I noticed that the NuGet package Myvas.AspNetCore.Authentication.WeixinAuth doesn't expose the handler as public and has a custom API class. Therefore, you cannot use the dynamic configuration proposed by SimpleIdServer. However, you can manually set the configuration as follows:

.AddAuthentication(callback: (a) =>
{
    a.Builder.AddWeixinAuth(o =>
    {
        o.ClientId = "clientId";
        o.ClientSecret = "secret";
    });
    a.AddMutualAuthentication(m =>
    {
        m.AllowedCertificateTypes = CertificateTypes.All;
        m.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
    });
});
qq1176914912 commented 11 months ago

I noticed that the NuGet package Myvas.AspNetCore.Authentication.WeixinAuth doesn't expose the handler as public and has a custom API class. Therefore, you cannot use the dynamic configuration proposed by SimpleIdServer. However, you can manually set the configuration as follows:

.AddAuthentication(callback: (a) =>
{
    a.Builder.AddWeixinAuth(o =>
    {
        o.ClientId = "clientId";
        o.ClientSecret = "secret";
    });
    a.AddMutualAuthentication(m =>
    {
        m.AllowedCertificateTypes = CertificateTypes.All;
        m.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
    });
});

I will provide a step on how to add a third-party login, but there may be an issue like me where I am unable to save the configuration. You can modify it above, and if there are additional parameters, how to configure them.

qq1176914912 commented 11 months ago

1、 Reference https://github.com/aspnet-contrib/aspnet.security.oauth.providers The project is SimpleIdServer IdServer Add third-party nuget packages that you want to add to the Startup project 2、Create the required third-party OptionsLite class in the Converters folder of the project "SimpleIdServer.IdServer.Startup". I added WeChat. image

3、In the OptionsLite class, call the Options class for third-party login and declare the parameters required for that third-party login.You can imitate the writing style of other third-party logins in this directory. image

4、Then, in the IdServerConfiguration.cs file of the project "SimpleIdServer.IdServer.Startup", create our third-party login: 4.1 First create it at the top, as follows: The first and second parameters in Create must be different. You can use uppercase and lowercase to distinguish them as I did. WeixinOptionsLite is the class we created in step 3. WeixinAuthenticationHandler is the xxxAuthenticationHandler method of the third-party login that we are referring to. Since I am referring to WeChat, it is here.

private static AuthenticationSchemeProviderDefinition Weixin = AuthenticationSchemeProviderDefinitionBuilder.Create("weixin", "Weixin", typeof(WeixinAuthenticationHandler), typeof(WeixinOptionsLite)).Build(); image

4.2 Then add the name of the AuthenticationSchemeProviderDefinition we just created to the ProviderDefinitions method. image

4.3 Then create in the Providers method below the ProviderDefinitions method: image

5、Then, in the SeedData method of the Program.cs file of the project "SimpleIdServer.IdServer.Startup", add the OptionsLite class we created in step 2 to the EnableIsolationLevel method. image

6、Finally, in the appsettings.json of "SimpleIdServer.IdServer.Startup", add the third-party login we created and its parameters. image 7、That's it, our third-party login is added.

qq1176914912 commented 11 months ago

1、When using sqlite as a cache:When I edit the configuration in 'Authentication methods', no matter which one is being updated, an error will appear when I click the' update 'button: image image 5001 ERROR: image 5002 ERROR: image

2、When I directly download your latest 'master' node project and configure it as sqlite in 'appsettings': image Starting the 5001 project will result in this error: image

qq1176914912 commented 11 months ago

I noticed that the NuGet package Myvas.AspNetCore.Authentication.WeixinAuth doesn't expose the handler as public and has a custom API class. Therefore, you cannot use the dynamic configuration proposed by SimpleIdServer. However, you can manually set the configuration as follows:

.AddAuthentication(callback: (a) =>
{
    a.Builder.AddWeixinAuth(o =>
    {
        o.ClientId = "clientId";
        o.ClientSecret = "secret";
    });
    a.AddMutualAuthentication(m =>
    {
        m.AllowedCertificateTypes = CertificateTypes.All;
        m.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck;
    });
});

Question:

When I use this method, when I successfully log in through a third party and jump back, I will report an error: image Notes:

  1. If this method is used, the third-party login method I mentioned cannot be used, otherwise it will result in login failure.
qq1176914912 commented 11 months ago

I published the project in the form of a folder and uploaded the files to the server. I launched the project in the form of dotnet xxx.dl: image Then, when accessing the remote address, I found that the content on page 5002 includes controls with text in the upper left corner of the input box as follows: image After publishing to the server, the remote access words disappear as follows: image Not only this page, but any page with text in the upper left corner of the space will not be displayed. Pop up window style has no effect, font still exists image What is the reason for this? There is no problem running locally.

qq1176914912 commented 11 months ago

How to modify the SMS template? If I use a different way of sending text messages than yours, I need to use the "Alibaba Cloud. SDK. Dysmessapi" nuget package to send text messages, which results in slightly different template parameters.

qq1176914912 commented 11 months ago

About ldap When both the database and cache use 'INMEMORY' image After clicking 'Launch', 'History' displays failed image The error content is as follows:

System.InvalidOperationException: Relational-specific methods can only be used when the context is using a relational database provider. at Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.GetFacadeDependencies(DatabaseFacade databaseFacade) at Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.GetDbConnection(DatabaseFacade databaseFacade) at EFCore.BulkExtensions.TableInfo.CreateInstance[T](DbContext context, Type type, IList1 entities, OperationType operationType, BulkConfig bulkConfig) at EFCore.BulkExtensions.DbContextBulkTransaction.ExecuteAsync[T](DbContext context, Type type, IList1 entities, OperationType operationType, BulkConfig bulkConfig, Action1 progress, CancellationToken cancellationToken) at SimpleIdServer.IdServer.Jobs.RepresentationExtractionJob1.Execute(String instanceId, String prefix) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\RepresentationExtractionJob.cs:line 81 at SimpleIdServer.IdServer.Jobs.RepresentationExtractionJob`1.Execute(String instanceId, String prefix) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\RepresentationExtractionJob.cs:line 79

But on the homepage, it shows' Success'. image

When the database uses SQLITE. After clicking 'Launch', 'History' displays failed The error content is as follows:

System.InvalidOperationException: An error was generated for warning 'Microsoft.EntityFrameworkCore.Database.Transaction.AmbientTransactionWarning': An ambient transaction has been detected, but the current provider does not support ambient transactions. See http://go.microsoft.com/fwlink/?LinkId=800142 This exception can be suppressed or logged by passing event ID 'RelationalEventId.AmbientTransactionWarning' to the 'ConfigureWarnings' method in 'DbContext.OnConfiguring' or 'AddDbContext'. at Microsoft.EntityFrameworkCore.Diagnostics.EventDefinition.Log[TLoggerCategory](IDiagnosticsLogger1 logger, Exception exception) at Microsoft.EntityFrameworkCore.Diagnostics.RelationalLoggerExtensions.AmbientTransactionWarning(IDiagnosticsLogger1 diagnostics, IRelationalConnection connection, DateTimeOffset startTime) at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.HandleAmbientTransactions() at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected) at EFCore.BulkExtensions.SqlAdapters.Sqlite.SqliteAdapter.OpenAndGetSqliteConnectionAsync(DbContext context, CancellationToken cancellationToken) at EFCore.BulkExtensions.SqlAdapters.Sqlite.SqliteAdapter.MergeAsync[T](DbContext context, Type type, IList1 entities, TableInfo tableInfo, OperationType operationType, Action1 progress, Boolean isAsync, CancellationToken cancellationToken) at EFCore.BulkExtensions.SqlAdapters.Sqlite.SqliteAdapter.MergeAsync[T](DbContext context, Type type, IList1 entities, TableInfo tableInfo, OperationType operationType, Action1 progress, CancellationToken cancellationToken) at EFCore.BulkExtensions.SqlBulkOperation.MergeAsync[T](DbContext context, Type type, IList1 entities, TableInfo tableInfo, OperationType operationType, Action1 progress, CancellationToken cancellationToken) at EFCore.BulkExtensions.DbContextBulkTransaction.ExecuteAsync[T](DbContext context, Type type, IList1 entities, OperationType operationType, BulkConfig bulkConfig, Action1 progress, CancellationToken cancellationToken) at SimpleIdServer.IdServer.Jobs.RepresentationExtractionJob1.Execute(String instanceId, String prefix) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\RepresentationExtractionJob.cs:line 81 at SimpleIdServer.IdServer.Jobs.RepresentationExtractionJob1.Execute(String instanceId, String prefix) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\RepresentationExtractionJob.cs:line 79

And the homepage also shows failure: image The error content is as follows:

System.InvalidOperationException: An error was generated for warning 'Microsoft.EntityFrameworkCore.Database.Transaction.AmbientTransactionWarning': An ambient transaction has been detected, but the current provider does not support ambient transactions. See http://go.microsoft.com/fwlink/?LinkId=800142 This exception can be suppressed or logged by passing event ID 'RelationalEventId.AmbientTransactionWarning' to the 'ConfigureWarnings' method in 'DbContext.OnConfiguring' or 'AddDbContext'. at Microsoft.EntityFrameworkCore.Diagnostics.EventDefinition.Log[TLoggerCategory](IDiagnosticsLogger1 logger, Exception exception) at Microsoft.EntityFrameworkCore.Diagnostics.RelationalLoggerExtensions.AmbientTransactionWarning(IDiagnosticsLogger1 diagnostics, IRelationalConnection connection, DateTimeOffset startTime) at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.HandleAmbientTransactions() at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable1.AsyncEnumerator.MoveNextAsync() at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable1 source, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable1 source, CancellationToken cancellationToken) at SimpleIdServer.IdServer.Jobs.ImportRepresentationJob.Import(String name, String realm) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\ImportRepresentationJob.cs:line 93 at SimpleIdServer.IdServer.Jobs.ImportRepresentationJob.Execute(String realm, String id) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Jobs\ImportRepresentationJob.cs:line 65

simpleidserver commented 11 months ago

Tutorial for Configuring WeChat

Firstly, thank you for your tutorial! I'll try it after my holidays :)

Using SQLite as a Cache

The connection string present in the appsettings.json file is incorrect; it should not contain server and must be similar to something like this:

Data Source=SidDb.db

Downloading the Latest Version

An exception was thrown (no such table Realms) because the migration script was not executed :(

The code has been uncommented in the master branch.

WexinAuth configuration problem

An exception is thrown by the Identity Server when a user is trying to connect because the claims are stored in the wrong cookie. The claims must be stored in the cookie with the name ExternalCookies. Update your configuration like this:

a.Builder.AddWeixinAuth(o => { o.ClientId = "clientId"; o.ClientSecret = "secret"; o.SignInScheme = "ExternalCookies"; });

Using Alibaba Cloud SDK Dysmessapi

I created a ticket #669 to explain how to replace the TWILIO library with another one.

But you can follow this tutorial:

  1. Create a DysmessapiUserNotificationService class and implement the interface ISmsUserNotificationService. Your class should contain the logic to send a text message to the user via SMS.
  2. Create a DysmessapiOptions class and implement the IOTPRegisterOptions interface. It MUST contain all the properties needed to send a text message via the Alibaba API.

Your DysmessageapiOptions will be used by the DysmessapiUserNotificationService service to send text messages. In the configuration of the dependency injection, don't forget to replace the SmsUserNotificationService with your new service.

Property name disappears

You have an issue because no translation can be found for the current language. Can you please check the value of Thread.CurrentThread.CurrentCulture.TwoLetterISOLanguageName and check if the table dbo.Translations contains translations for this language ? If not, can you update this column? I created a ticket #670 to fix this problem :)

Problem with LDAP and inmemory

I created a ticket #668 to fix this issue. This exception is thrown because Bulk Upload is not supported by Entity Framework INMEMORY and SQLITE. To improve performance, new users are inserted via Bulk Upload.

qq1176914912 commented 11 months ago

Using SQLite as a Cache What do you mean? Because my app settings were configured incorrectly, I reconfigured them as you said: image According to the method you used to add sqlite, configure in the configureDistributedCache method in Program.cs: image Here, appsetting and Program use the same cache library. After starting the project, 5001 reported an error:

Failed to process the job 'fe27323f-aa3a-41ad-8a4e-c1b081b5517d': an exception occurred. Retry attempt 1 of 10 will be performed in 00:00:25. System.IO.IOException: The process cannot access the file 'D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer.Startup\database\SidCache.db' because it is being used by another process. at System.IO.FileSystem.DeleteFile(String fullPath) at NeoSmart.Caching.Sqlite.SqliteCache.Connect(SqliteCacheOptions config, ILogger logger) at NeoSmart.Caching.Sqlite.SqliteCache..ctor(SqliteCacheOptions options, ILogger1 logger) at NeoSmart.Caching.Sqlite.SqliteCache..ctor(IOptions1 options, ILogger1 logger) at InvokeStub_SqliteCache..ctor(Object, Object, IntPtr*) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(Type serviceType) at System.Collections.Concurrent.ConcurrentDictionary2.GetOrAdd(TKey key, Func2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType) at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider) at NeoSmart.Caching.Sqlite.AspNetCore.SqliteCacheServiceCollectionExtensions.<>c.b0_0(IServiceProvider services) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass2_0.b0(ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.GetServiceOrCreateInstance(IServiceProvider provider, Type type) at Hangfire.AspNetCore.AspNetCoreJobActivatorScope.Resolve(Type type) at Hangfire.Server.CoreBackgroundJobPerformer.Perform(PerformContext context) at Hangfire.Server.BackgroundJobPerformer.<>cDisplayClass9_0.b0() at Hangfire.Server.BackgroundJobPerformer.InvokePerformFilter(IServerFilter filter, PerformingContext preContext, Func`1 continuation) at Hangfire.Server.BackgroundJobPerformer.<>cDisplayClass9_1.b2() at Hangfire.Server.BackgroundJobPerformer.PerformJobWithFilters(PerformContext context, IEnumerable`1 filters) at Hangfire.Server.BackgroundJobPerformer.Perform(PerformContext context) at Hangfire.Server.Worker.PerformJob(BackgroundProcessContext context, IStorageConnection connection, String jobId)

When the configureDistributedCache in the appsetting and Program methods is different (I removed the previous path in the configureDistributedCache): image When editing Authentications and clicking 'update', 5001 reports an error:

Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1] An unhandled exception has occurred while executing the request. System.AggregateException: One or more errors occurred. (SQLite Error 1: 'no such table: ConfigurationKeyPairValueRecords'.) ---> Microsoft.Data.Sqlite.SqliteException (0x80004005): SQLite Error 1: 'no such table: ConfigurationKeyPairValueRecords'. at Microsoft.Data.Sqlite.SqliteException.ThrowExceptionForRC(Int32 rc, sqlite3 db) at Microsoft.Data.Sqlite.SqliteCommand.PrepareAndEnumerateStatements(Stopwatch timer)+MoveNext() at Microsoft.Data.Sqlite.SqliteCommand.GetStatements(Stopwatch timer)+MoveNext() at Microsoft.Data.Sqlite.SqliteDataReader.NextResult() at Microsoft.Data.Sqlite.SqliteCommand.ExecuteReader(CommandBehavior behavior) at Microsoft.Data.Sqlite.SqliteCommand.ExecuteReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) at Microsoft.Data.Sqlite.SqliteCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable1.AsyncEnumerator.MoveNextAsync() at Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.SingleOrDefaultAsync[TSource](IAsyncEnumerable1 asyncEnumerable, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.SingleOrDefaultAsync[TSource](IAsyncEnumerable1 asyncEnumerable, CancellationToken cancellationToken) at SimpleIdServer.Configuration.EFKeyValueConnector.Set(String key, String value, CancellationToken cancellationToken) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.Configuration\IKeyValueConnector.cs:line 36 --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at System.Threading.Tasks.Task.Wait() at SimpleIdServer.Configuration.AutomaticConfigurationProvider.Set(String key, String value) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.Configuration\AutomaticConfigurationProvider.cs:line 52 at Microsoft.Extensions.Configuration.ConfigurationRoot.SetConfiguration(IList1 providers, String key, String value) at Microsoft.Extensions.Configuration.ConfigurationManager.set_Item(String key, String value) at SimpleIdServer.IdServer.Api.AuthenticationMethods.AuthenticationMethodsController.Update(String prefix, String amr, UpdateAuthMethodConfigurationsRequest request) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Api\AuthenticationMethods\AuthenticationMethodsController.cs:line 56 at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.gAwaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gLogged|17_1(ResourceInvoker invoker) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker) at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at SimpleIdServer.IdServer.Swagger.SidSwaggerUIMiddleware.Invoke(HttpContext httpContext) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer.Swagger\SIDSwaggerUIMiddleware.cs:line 73 at SimpleIdServer.IdServer.Swagger.SIDSwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer.Swagger\SIDSwaggerMiddleware.cs:line 37 at SimpleIdServer.IdServer.Middlewares.MtlsAuthenticationMiddleware.InvokeAsync(HttpContext context) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Middlewares\MtlsAuthenticationMiddleware.cs:line 43 at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at SimpleIdServer.IdServer.Middlewares.RealmMiddleware.InvokeAsync(HttpContext context) in D:\Aila\SimpleIdServer-master-Dec 22 2023\SimpleIdServer-master\src\IdServer\SimpleIdServer.IdServer\Middlewares\RealmMiddleware.cs:line 62 at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

simpleidserver commented 11 months ago

The connection string present in the appsettings.json file must be consistent. Could you please set DistributedCacheConfiguration.ConnectionString to Data Source=./database/mydatabase.db ? In the Startup.cs file, the cach path must not match the connection string.

qq1176914912 commented 11 months ago

The connection string present in the appsettings.json file must be consistent. Could you please set DistributedCacheConfiguration.ConnectionString to Data Source=./database/mydatabase.db ? In the Startup.cs file, the cach path must not match the connection string.

Thank you for your guidance. You are right, I have set it to be the same: image And I noticed that the CachePath path of SQLITE specified in the 'Configure Distributed Cache' method in 'Program' cannot be the same as the location configured in appsettings, otherwise it will report an error of database occupancy. Therefore, I modified it to: image

qq1176914912 commented 11 months ago

Using Alibaba Cloud SDK Dysmessapi I imitated your SMS and created the relevant classes used: image And change all references to the original 'IdServerSmsOptions' and' SmsUserNotificationService 'to the new classes I created. image My SMS actually only requires a few parameters to successfully send text messages: image I don't know what the remaining parameters for 'OTPType' are. Question 1: Another question is, the configuration there determines the number of parameters needed to draw the page, which is where to control the required parameters for drawing the 5002 page? My initial 'ALiSmsOptions' only mentioned the parameters I needed and did not include parameters such as' otp'. However, when I started the page, I found that the parameters I wrote were indeed a few: image When I deleted some of the data in 'ALiSmsOptions', I restarted the project and found that the fixed parameters on the page were still there.I tried to add parameters such as OTP to my ALiSmsOptions, but these parameters did not appear on the page. Question 2 After configuring the parameters I needed, I clicked on SMS on the 5001 page. When I entered my phone number, I clicked on send SMS and reported an error:

ullReferenceException: Object reference not set to an instance of an object. SimpleIdServer.IdServer.UI.BaseOTPRegisterController.Index(string prefix, OTPRegisterViewModel viewModel) in BaseOTPRegisterController.cs var optAlg = options.OTPAlg; Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments) System.Threading.Tasks.ValueTask.get_Result() Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.gAwaited|12_0(ControllerActionInvoker invoker, ValueTask actionResultValueTask) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gAwaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gLogged|17_1(ResourceInvoker invoker) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker) Microsoft.AspNetCore.Routing.EndpointMiddleware.gAwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) SimpleIdServer.IdServer.Swagger.SidSwaggerUIMiddleware.Invoke(HttpContext httpContext) in SIDSwaggerUIMiddleware.cs await _staticFileMiddleware.Invoke(httpContext); SimpleIdServer.IdServer.Swagger.SIDSwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) in SIDSwaggerMiddleware.cs await _next(httpContext); SimpleIdServer.IdServer.Middlewares.MtlsAuthenticationMiddleware.InvokeAsync(HttpContext context) in MtlsAuthenticationMiddleware.cs await _next.Invoke(context); Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) SimpleIdServer.IdServer.Middlewares.RealmMiddleware.InvokeAsync(HttpContext context) in RealmMiddleware.cs await _next.Invoke(context); Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

image

simpleidserver commented 11 months ago

I have created a branch containing all the necessary modifications to replace the TWILIO library with Alibaba Cloud SDK Dysmessageapi. You can find the changes here: https://github.com/simpleidserver/SimpleIdServer/commit/c5aeed14aca597955329d150808359aea5ffa675. The branch is named Ticket661-AlibabaDysmessapi.

The OTPTypes must now be an enumeration with two values: TOTP or HOTP. It is used to determine the type of algorithm for creating an OTP code. To understand the difference between these values, please refer to the following article: https://www.onelogin.com/learn/otp-totp-hotp.

I have locally tested the modifications and did not observe any issues, such as:

qq1176914912 commented 11 months ago

I have created a branch containing all the necessary modifications to replace the TWILIO library with Alibaba Cloud SDK Dysmessageapi. You can find the changes here: c5aeed1. The branch is named Ticket661-AlibabaDysmessapi.

The OTPTypes must now be an enumeration with two values: TOTP or HOTP. It is used to determine the type of algorithm for creating an OTP code. To understand the difference between these values, please refer to the following article: https://www.onelogin.com/learn/otp-totp-hotp.

I have locally tested the modifications and did not observe any issues, such as:

  • The properties of the configuration are correct in the administration website.
  • No exceptions are thrown when a code is sent to the phone number.

Thank you for your patient answer. After testing, it can be used normally. I have moved your 'SMSAuthentication' folder to the 'SimpleIdServer. IdServer. Sms' project and also need to move' SimpleIdServer. ' IdServer The following content in the 'RegisterController' class under Sms has also been changed to 'AliSmsOptions'. Only in this way can the content set in 5002 be called normally, otherwise it will always be assigned according to the' IdServerSmsOptions' class by default. image

qq1176914912 commented 11 months ago

1、When the project is first launched, an error message will appear after logging in to 5002, causing the 5002 page to remain "Loading...". image Only the first visit will be like this, and after refreshing the page, it can be accessed normally. Subsequent visits will no longer be affected. 2、Error sending email in 5001: image

System.Net.Mail.SmtpClient.Send(MailMessage message) SimpleIdServer.IdServer.Email.EmailUserNotificationService.Send(string title, string body, Dictionary<string, string> data, string destination) in EmailUserNotificationService.cs smtpClient.Send(mailMessage); SimpleIdServer.IdServer.UI.BaseOTPRegisterController+<>cDisplayClass8_0+<gSendConfirmationCode|1>d.MoveNext() in BaseOTPRegisterController.cs await _userNotificationService.Send("One Time Password", string.Format(options.HttpBody, otpCode), new Dictionary<string, string>(), viewModel.Value); SimpleIdServer.IdServer.UI.BaseOTPRegisterController.Index(string prefix, OTPRegisterViewModel viewModel) in BaseOTPRegisterController.cs return await SendConfirmationCode(); Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments) System.Threading.Tasks.ValueTask.get_Result() Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.gAwaited|12_0(ControllerActionInvoker invoker, ValueTask actionResultValueTask) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.gAwaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gAwaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker) Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.gLogged|17_1(ResourceInvoker invoker) Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) SimpleIdServer.IdServer.Swagger.SidSwaggerUIMiddleware.Invoke(HttpContext httpContext) in SIDSwaggerUIMiddleware.cs await _staticFileMiddleware.Invoke(httpContext); SimpleIdServer.IdServer.Swagger.SIDSwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) in SIDSwaggerMiddleware.cs await _next(httpContext); SimpleIdServer.IdServer.Middlewares.MtlsAuthenticationMiddleware.InvokeAsync(HttpContext context) in MtlsAuthenticationMiddleware.cs await _next.Invoke(context); SimpleIdServer.IdServer.Middlewares.AcceptLanguageMiddleware.InvokeAsync(HttpContext context) in AcceptLanguageMiddleware.cs await _requestDelegate.Invoke(context); Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) SimpleIdServer.IdServer.Middlewares.RealmMiddleware.InvokeAsync(HttpContext context) in RealmMiddleware.cs await _next.Invoke(context); Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

3、Regarding the SMS of ACRS and the SMS order of 5001 I found that I can only use SMS in 5002acrs to send text messages after being verified by SMS on 5001. What is the logic here?Due to an error in sending the email, I am not sure if sending the email is in the same order as SMS execution. 4、I found that the project I deployed cannot display the content after ACRS verification email on 5002, but it can display normally locally: image

simpleidserver commented 11 months ago

  1. An exception is thrown by the administration website when the user navigates to the website for the first time because the token endpoint was called multiple times simultaneously. This exception can only occur with SQLITE, as it cannot support parallel execution. The issue has been fixed in the 'master' branch.

  2. Another exception is thrown by the EmailUserNotificationService due to incorrect configuration. I have updated your configuration in the administration, set the SMTP port to 587, and now it is working. I have received the OTP code in my email inbox.

  3. I don't understand your question; the execution order of the authentication method is defined by the ACR.

  4. Could you please check the logs of the administration website and the identity server to see if there is any exception

simpleidserver commented 11 months ago

@qq1176914912 : The ticket #668 is fixed and pushed in the master branch. Automatic provisioning is working with INMEMORY and SQLITE EFCORE.

qq1176914912 commented 11 months ago

1、 An exception is thrown by the administration website when the user navigates to the website for the first time because the token endpoint was called multiple times simultaneously. This exception can only occur with SQLITE, as it cannot support parallel execution. The issue has been fixed in the 'master' branch.

2、Another exception is thrown by the EmailUserNotificationService due to incorrect configuration. I have updated your configuration in the administration, set the SMTP port to 587, and now it is working. I have received the OTP code in my email inbox.

3、I don't understand your question; the execution order of the authentication method is defined by the ACR.

4、Could you please check the logs of the administration website and the identity server to see if there is any exception

Thank you for your reply. 3、Taking sending emails as an example, first, I configured email information on 5002. When I tried to verify using email in ACRS on 5002, I encountered an error on the page when I clicked the send email button: image image Afterwards, I tried to log in to the 5001 address and found that I was currently in a logged out state and needed to log in again. Before sending an email on 5002 fails, accessing 5001 does not require logging in again, and the login information for 5002 is displayed directly. After sending the email failed, 5001 needs to log in again.

The correct way to operate is to, visit 5001 first, click on email in the bottom right corner of the 5001 page to complete the verification, and then log in to 5002 to complete the email verification in ACRS (I have been using a traceless browser during the testing process)。 image The process of SMS is the same as that of email. 4、5002 error, it is also a certificate issue. Previously, setting IgnoreCerticaleError to true in 5002appsetting can ignore certificates. Is there any other way to set it? image

simpleidserver commented 11 months ago

1.

Have you submitted a valid phone number or email? It must be present in the user's profile; otherwise, an exception will be thrown. The email can be updated in the User Details screen. The phone number can be added in the User Claims screen.

  1. Click on the Add claim button.
  2. Fill in the form with the following parameters and click on 'Save'.
  1. Finally, click on the 'Save' button to confirm the creation.

The UI has been updated to display an appropriate error message.

2.

I have made some changes in the 'master' branch to fix this problem.

qq1176914912 commented 11 months ago

Have you submitted a valid phone number or email? It must be present in the user's profile; otherwise, an exception will be thrown. The email can be updated in the User Details screen. The phone number can be added in the User Claims screen.

  1. Click on the Add claim button.
  2. Fill in the form with the following parameters and click on 'Save'.
  • key : phone_number
  • value :
  1. Finally, click on the 'Save' button to confirm the creation.

The UI has been updated to display an appropriate error message.

I have made some changes in the 'master' branch to fix this problem.

Thank you for your reply. The problem has been resolved.