Quote from Christopher Fowers on March 16, 2019, 8:27 pm

I just downloaded and set this up and have the same issues. However I've only been running this in a dev environment.

Quote from Eben Monney on March 16, 2019, 11:17 pm

Hello,

What is happening is that the authentication middleware is not configured for your production site 'https://xxxxx.com/.well-known/openid-configuration.
In development everything is already setup to use http://localhost:5050 which will internally redirect to use https://localhost:44350 for https

In production you'll need to set your specific base-address in ApplicationUrl from appsettings.json

//Note: In Production change this to your actual host (e.g. https://quickapp.ebenmonney.com)
"ApplicationUrl": "https://localhost:5001",

So in short you should set the ApplicationUrl to the base value you see in the address bar. And make sure directly navigating to https://xxxxx.com/.well-known/openid-configuration returns json results.

See my response here on a similar discussion: https://www.staging8.ebenmonney.com/forum/topic/can-not-get-data-from-the-server/#postid-408

Regards,
Eben Monney

Quote from Christopher Fowers on March 17, 2019, 4:37 am

Hosting on port 5001

URL properly set in appsettings.development

https://localhost:5001/.well-known/openid-configuration shows the expected JSON response

Error still persists

Quote from Ingo on March 17, 2019, 1:48 pm

Hi,

change it in the appsettings.json too.

Quote from Christopher Fowers on March 17, 2019, 1:51 pm

@ingo and @adentum thank you for the weekend replies. (I meant to thank you yesterday @adentum)

I'll give that a try. Though for my development environment issues I would be concerned if that does address the issue... when running in a Dev environment the config in use should be only the dev config.

 

 

EDIT***

Updating the configs to match as mentioned before the issue persists in my dev environment. Is this perhaps an issue of lacking a development certificate? The error feels vague so it's a little difficult to know where exactly my issues are. I'll continue to troubleshoot on my end. Any additional thoughts / feedback anyone can think of will help a lot.

Quote from Eben Monney on March 17, 2019, 10:47 pm

@christopher_fowers Also let me add this. The below recommendations is with reference to the configurations in the file "launchSettings.json".

When running from VisualStudio typically the IIS Express profile is used and the port that is configured in QuickApp is 5050 for http and 44350 for https.

But when running from the command line "Application Name" which in this case the "QuickApp" profile is used. The configuration defaults to "https://localhost:5001;http://localhost:5000" for asp.net core/web api projects. That means different ports are used depending on how you run/test your projects.

These are standard configurations and patterns in asp.net core and not unique to QuickApp.

If this is unclear to you lets change the configurations to use the same ports irrespective of how you run it. To do that change the contents of your launchSettings to the below.

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:5050/",
      "sslPort": 44350
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "QuickApp": {
      "commandName": "Project",
      "launchBrowser": true,
      "applicationUrl": "https://localhost:44350;http://localhost:5050",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

Now use the below configuration from appsettings.json:
"ApplicationUrl": "https://xxxxx.com",

Then for development in appsettings.Development.json use the below:
"ApplicationUrl": "http://localhost:5050",

 

Hope this helps.

Regards,
Eben Monney

Quote from Christopher Fowers on March 17, 2019, 11:03 pm

Oh, again this does not seem to be the issue. I am running on 5000 (http with auto-redirect for https) and 5001 for https and the appsetting configs have the correct base url set. So unfortunately this isn't really helping but I do appreciate the attempts to help narrow this down. I think I just need to dig around the source to see if I can spot the culprit.

I am running on a mac and a nix boxes though and with that not using IIS (hence I defaulted to using the ports mentioned). I have no doubt that I'm overlooking something likely obvious.

The app seems to run fine. I only see the errors mentioned when accessing any of the admin pages (user and role management). However the app runs fine (accessing via Chrome "https://localhost:5001/<any expected path>"). Authentication works as expected. It's just those two pages that seem to cause the issues.

I'm still working through this though. If I find what I'm doing wrong or whatever the cause is I'll post back here in case it helps anyone in the future.

 

Again thank you for trying to help.

Quote from vravipati on March 18, 2019, 8:10 pm

Hellow Eben,

I have added base-address in ApplicationUrl from appsettings.json. I am still getting the same error. I have .net core angular 6 pro version, My development and staging are working fine. Any help would be appreciated.

[ERR] Exception occurred while processing message. (d37e9c4d) System.InvalidOperationException: IDX20803: Unable to obtain configuration from:

Thanks,

Quote from Christopher Fowers on March 18, 2019, 10:19 pm

System.IO.IOException: The handshake failed due to an unexpected packet format.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslState.ThrowIfExceptional()
   at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

I have noticed this in the stack trace. Still not arrived at a conclusion. I'm not able to put a lot of time at any given moment into troublshooting this. It's SSL related. We've established this already though. I will try from my windows machine later today on IIS to see if I can get it working there. Not a viable long term solution if it works but I'm hoping it'll tell me more.

 

 

EDIT:
Realized that it's complaining about the developer certificate being invalid. I've set up IdSvr many times with dev certs during development and never had this issue in the past. Why am I seeing this now?

<portion of trace removed to highlight the important inner exception>. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.