skoruba
commented
4 years ago Hi, can you send detailed trace? From this message you got 401, but I don’t know why. More details will be perfect.
Closed krejcimichael closed 4 years ago
skoruba
commented
4 years ago Hi, can you send detailed trace? From this message you got 401, but I don’t know why. More details will be perfect.
krejcimichael
commented
4 years ago Hi,
Here the trace that I have in the table "Log"
System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
System.Exception: An error was encountered while handling the remote login. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
skoruba
commented
4 years ago Did you change configuration of admin authentication? Is it default configuration?
krejcimichael
commented
4 years ago Hi,
I have just adapted the default configuration in the docker-compose :
environment: - ASPNETCORE_URLS=http://0.0.0.0:80 - ASPNETCORE_ENVIRONMENT=Development - "ConnectionStrings__ConfigurationDbConnection=xxx" - "ConnectionStrings__PersistedGrantDbConnection=xxx" - "ConnectionStrings__IdentityDbConnection=Server=xxx" - "ConnectionStrings__AdminLogDbConnection=Server=xxx" - "ConnectionStrings__AdminAuditLogDbConnection=Server=xxx" - AdminConfiguration__IdentityServerBaseUrl=https://identity.octopus.dev.naxosit.com - AdminConfiguration__IdentityAdminBaseUrl=https://identity-admin.octopus.dev.naxosit.com - AdminConfiguration__IdentityAdminRedirectUri=https://identity-admin.octopus.dev.naxosit.com/signin-oidc - "IdentityServerData__Clients__0__ClientUri=https://identity-admin.octopus.dev.naxosit.com" - "IdentityServerData__Clients__0__RedirectUris__0=https://identity-admin.octopus.dev.naxosit.com/signin-oidc" - "IdentityServerData__Clients__0__FrontChannelLogoutUri=https://identity-admin.octopus.dev.naxosit.com/signin-oidc" - "IdentityServerData__Clients__0__PostLogoutRedirectUris__0=https://identity-admin.octopus.dev.naxosit.com/signout-callback-oidc" - "IdentityServerData__Clients__0__AllowedCorsOrigins__0=https://identity-admin.octopus.dev.naxosit.com" - "IdentityServerData__Clients__1__RedirectUris__0=https://identity-api.octopus.dev.naxosit.com/swagger/oauth2-redirect.html" - "Serilog__WriteTo__1__Args__connectionString=xxx" command: dotnet Skoruba.IdentityServer4.Admin.dll /seed
skoruba
commented
4 years ago I have to test it, but localy with docker-compose this settings works fine.
Any idea @bravecobra @xmichaelx ?
bravecobra
commented
4 years ago Is identity.octopus.dev.naxosit.com resolvable from both inside (by the container running the admin) and outside the swarm network?
krejcimichael
commented
4 years ago Is
identity.octopus.dev.naxosit.comresolvable from both inside (by the container running the admin) and outside the swarm network?
Hi, yes I have tried from the inside of the container and it works, also from the outside.
skoruba
commented
4 years ago Look at this: https://identity.octopus.dev.naxosit.com/.well-known/openid-configuration
krejcimichael
commented
4 years ago .well-known/openid-configuration
Good point, so IdentityServer doesn't know that he is hosted on https. I will take a look at the forwaded headers.
krejcimichael
commented
4 years ago Look at this: https://identity.octopus.dev.naxosit.com/.well-known/openid-configuration
- all urls are without https, this causes this issue probable.
Ok, it was the reason, now it works. Thanks for pointing the problem. So I have updated the startup, in the method Configure() :
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseForwardedHeaders();
And in the method ConfigureServices() :
services.Configure<ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedProto; });
Also I had to update the dockerfiles to use the "-bionic" image of .net core 3.0, because of this problem : https://github.com/dotnet/SqlClient/issues/222
FROM mcr.microsoft.com/dotnet/core/aspnet:3.0-bionic AS base
WORKDIR /app
EXPOSE 80FROM mcr.microsoft.com/dotnet/core/sdk:3.0-bionic AS build
WORKDIR /srcThanks for your feedback 👍🏼
Dear,
I try to host the dev version (.net core 3 and docker support) on Docker Swarm with Traefik, you can find more information about the environment here : https://dockerswarm.rocks/traefik/ Both STS and the API (Swagger) work well but I'm facing an error when I access the Admin that I don't understand :
I don't really now where to search ?
Thanks