Identityserver4: Cannot get token when hosted via IIS
- [x] I read and understood how to enable logging
Issue / Steps to reproduce the problem
- I created a self signed certificate
- Use the self signed certificate as a signing authority
- When running via the
dotnetcommand line I can get tokens back fine - But when I host it in IIS I get the following error
Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
Odd behaviour
- works on my local machine via debugger
- works on my local iis environment
- works when run using
dotnet ...on PROD machine - doesn't work when run in iis on PROD
Stack trace
at Newtonsoft.Json.JsonTextReader.ParseValue()
at Newtonsoft.Json.Linq.JObject.Load(JsonReader reader, JsonLoadSettings settings)
at Newtonsoft.Json.Linq.JObject.Parse(String json, JsonLoadSettings settings)
at IdentityModel.Client.Response..ctor(String raw)
Log
2017-08-18 17:26:27.6064 [3] [ERROR] [Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware] An unhandled exception has occurred: The system cannot find the file specified Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey()
at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_HasPrivateKey()
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
at IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt)
at IdentityServer4.Services.DefaultTokenCreationService.<CreateTokenAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Services.DefaultTokenService.<CreateSecurityTokenAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.<CreateAccessTokenAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.<ProcessTokenRequestAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.ResponseHandling.TokenResponseGenerator.<ProcessAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.TokenEndpoint.<ProcessTokenRequestAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Endpoints.TokenEndpoint.<ProcessAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.IdentityServerMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.FederatedSignOutMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.AuthenticationMiddleware.<Invoke>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.<Invoke>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()
2017-08-18 17:26:27.6194 [3] [INFO] [IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware] Bearer was not authenticated. Failure message: No token found.
2017-08-18 17:26:27.6354 [3] [INFO] [Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed for user: (null).
2017-08-18 17:26:27.6354 [3] [INFO] [Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
2017-08-18 17:26:27.6354 [3] [INFO] [Microsoft.AspNetCore.Mvc.ChallengeResult] Executing ChallengeResult with authentication schemes ().
2017-08-18 17:26:27.6504 [3] [INFO] [IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware] AuthenticationScheme: Bearer was challenged.
2017-08-18 17:26:27.6634 [3] [INFO] [Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware] AuthenticationScheme: Identity.Application was challenged.
2017-08-18 17:26:27.6634 [3] [INFO] [Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker] Executed action PromappAuthenticationService.Controllers.HomeController.Error (PromappAuthenticationService) in 42.5651ms
2017-08-18 17:26:27.6894 [3] [INFO] [Microsoft.AspNetCore.Hosting.Internal.WebHost] Request finished in 1497.663ms 302
2017-08-18 17:26:27.9204 [17] [INFO] [Microsoft.AspNetCore.Hosting.Internal.WebHost] Request starting HTTP/1.1 GET http://testauth.promapponline.com/Home/Index?ReturnUrl=%2FHome%2FError
2017-08-18 17:26:27.9204 [17] [INFO] [IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware] Bearer was not authenticated. Failure message: No token found.
2017-08-18 17:26:27.9204 [17] [INFO] [Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker] Executing action method PromappAuthenticationService.Controllers.HomeController.Index (PromappAuthenticationService) with arguments ((null)) - ModelState is Valid
2017-08-18 17:26:27.9204 [17] [INFO] [Microsoft.AspNetCore.Mvc.ViewFeatures.Internal.ViewResultExecutor] Executing ViewResult, running view at path /Views/Home/Index.cshtml.
2017-08-18 17:26:27.9204 [17] [INFO] [Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker] Executed action PromappAuthenticationService.Controllers.HomeController.Index (PromappAuthenticationService) in 3.8847ms
2017-08-18 17:26:27.9274 [17] [INFO] [Microsoft.AspNetCore.Hosting.Internal.WebHost] Request finished in 6.6918ms 200 text/html; charset=utf-8
Also I can't get the Serilog to work, the documentation on your page isn't up to date! Similar issue expressed here
question
ruskindantra
All 4 comments
You need to ensure that the IIS_USRS user can read the private key of the signing certificate. The error you're seeing is likely due to the app displaying an error page instead of returning the expected token response.
mackie1001
on 18 Aug 2017
👍2
What @mackie1001 said
brockallen
on 18 Aug 2017
Hi
I have similar kind of issue and it is driving me crazy. Appreciate if you people can help me out.
https://github.com/IdentityServer/IdentityServer4/issues/1894
I updated with the following and this time time out issue.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o=>
{
o.Authority = "http://localhost:44300";
o.Audience = "web_api";
o.RequireHttpsMetadata = false;
});
Exception i get now is:
<h1>An unhandled exception occurred while processing the request.</h1>
<div class="titleerror">TaskCanceledException: A task was canceled.</div>
<p class="location">System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)</p>
<div class="titleerror">IOException: IDX10804: Unable to retrieve document from: 'http://localhost:44300/.well-known/openid-configuration'.</div>
<p class="location">Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+<GetDocumentAsync>d__8.MoveNext()</p>
<div class="titleerror">InvalidOperationException: IDX10803: Unable to obtain configuration from: 'http://localhost:44300/.well-known/openid-configuration'.</div>
<p class="location">Microsoft.IdentityModel.Protocols.ConfigurationManager+<GetConfigurationAsync>d__24.MoveNext()</p>
Thanks
selayamaran
on 20 Dec 2017
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 13 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
garymacpherson
路
3Comments
user1336
路
3Comments
agilenut
路
3Comments
mackie1001
路
3Comments
brockallen
路
3Comments
Most helpful comment
You need to ensure that the IIS_USRS user can read the private key of the signing certificate. The error you're seeing is likely due to the app displaying an error page instead of returning the expected token response.