We probably need to just modify project.json to include the right files.

@brockallen Thankyou so much.

now I have UI folder in my published folder but still the same error :S

you need to diagnose it some more -- is the 500 from ASP.NET Core, or from IdSvr?

@brockallen

It is working fine while running from visual studio, getting tokens etc...

only problem on IIS

Most probably it is with IdentityServer4 (RC2 Port) because other asp.net core RC2 apps are working fine on IIS.

I have also tested your authorization server from latest ported samples of IdentityServer4 gives the same error.

Can you try an ASP.NET Core app that's not using IdSvr?

@brockallen yea yea ASP.NET Core RC2 HelloWorld app is working fine on IIS

And what do the logs say?

@brockallen

here is the log, created when I browse website

I don't think anything useful in it :S

`#Software: Microsoft Internet Information Services 10.0

Version: 1.0

Date: 2016-05-25 13:33:10

Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2016-05-25 13:33:10 10.104.0.116 GET / - 85 - 10.104.0.116 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/50.0.2661.102+Safari/537.36 - 500 0 0 736
2016-05-25 13:33:10 10.104.0.116 GET /favicon.ico - 85 - 10.104.0.116 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/50.0.2661.102+Safari/537.36 http://10.104.0.116:85/ 500 0 0 3
2016-05-25 13:33:14 10.104.0.116 GET / - 85 - 10.104.0.116 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/50.0.2661.102+Safari/537.36 - 500 0 0 0
2016-05-25 13:33:14 10.104.0.116 GET /favicon.ico - 85 - 10.104.0.116 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/50.0.2661.102+Safari/537.36 http://10.104.0.116:85/ 500 0 0 0`

No, I meant the ASP.NET Core log....

@brockallen Sir can you please hint me how to get logs using asp.net core + IIS I am using serilog, log file is created but file is empty

Check the ASP.NET Core docs on enabling logging with the ILoggerFactory and logger providers

@brockallen huhhh :dancer:

at last I got logging on IIS :D

here is the log

Application startup exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at AuthorizationServer.Startup.ConfigureServices(IServiceCollection services) in F:\OneDrive - Higher Education Commission\a_AuthorizationServerCloud\AuthorizationServer\src\AuthorizationServer\Startup.cs:line 58
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at Microsoft.AspNetCore.Hosting.Startup.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection exportServices)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
Hosting environment: Production
Content root path: C:\inetpub\Diagnia\AuthorizationServer
Now listening on: http://localhost:12705/
Application started. Press Ctrl+C to shut down.

oh my GOD my cert is not in the dir :O

@brockallen Sir it worked just added the cert in folder and fix the path huh.

Thank you so so much for your responses :+1:

Thank you for this post. I had the same issue and adding the cert to my published directory fixed it. Is there a need for a cert when using IndentityServer?

Hi,

I'm getting this cert issue while deploying IdentityServer 4 (ASP.NET Core 1.1) to Azure VM (Windows Server 2012 R2).

crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
      Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
         at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
         at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
         at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
         at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()

This will work on local dev computer and I cannot figure it out why. I install the cert on My (Local Machine) store on the VM.

Can anyone help on this. Thanks.

I found the solution here:

http://www.daves-blog.net/post/2014/06/16/X509Certificate-The-System-cannot-find-the-file-specified.aspx

Apparently, I need to enable the Load User Profile on the Application Pool. However, the error now changes to this:

crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
  Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
     at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
     at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
     at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
     at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()

Looking at the issue now.

Okay, so the issue is permission to read the cert. All we have to do just go to the certificate and grant Read (_only_) for IIS_IUSRS.

Now it works.

I solved the issue by adding to Azure Configuration the following :
WEBSITE_LOAD_CERTIFICATES = *

Without it Azure will not load the uploaded private certificates to be accessible for the app service
Thanks for
https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-azure/

I solved the issue by adding to Azure Configuration the following :
WEBSITE_LOAD_CERTIFICATES = *

Without it Azure will not load the uploaded private certificates to be accessible for the app service
Thanks for
https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-

@jwasily
Saved my life buddy

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.