Identityserver4: Problem when enabling HTTPS on the test server

Created on 2 Oct 2018  路  12Comments  路  Source: IdentityServer/IdentityServer4

I developed an asp.net project which integrated IDS4 for authentication, and authorization successfully on my local machine with HTTPS enabled.
When I published the IDS4 to the Test/Staging server, asp.net project can get authenticated if the IDS4 is using HTTP. It failed if IDS4 is using HTTPS.

I used asp.net core 2.0.5
IdentityServer4 2.2.0
IdentityServer4.AccessTokenValidation 2.4.0
This is the log content from stdout file.

An existing connection was forcibly closed by the remote host 
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

--
Exception Details: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host


--

An unhandled exception   was generated during the execution of the current web request. Information   regarding the origin and location of the exception can be identified using   the exception stack trace below.
--

[SocketException (0x2746): An   existing connection was forcibly closed by the remote host]   聽聽   System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) +82   聽聽 System.Net.Sockets.NetworkStream.EndRead(IAsyncResult   asyncResult) +57   聽   [IOException: Unable to read   data from the transport connection: An existing connection was forcibly   closed by the remote host.]   聽聽 System.Net.TlsStream.EndWrite(IAsyncResult   asyncResult) +232   聽聽   System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +13   聽聽   System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119   聽   [WebException: The underlying   connection was closed: An unexpected error occurred on a send.]   聽聽 System.Net.HttpWebRequest.EndGetResponse(IAsyncResult   asyncResult) +628   聽聽   System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)   +64   聽   [HttpRequestException: An   error occurred while sending the request.]   聽聽 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   System.Net.Http.<FinishSendAsyncBuffered>d__58.MoveNext() +745   聽聽 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__8.MoveNext()   +362   聽   [IOException: IDX20804:   Unable to retrieve document from: '[PII is hidden by default. Set the   'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.]   聽聽   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__8.MoveNext()   +666   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.IdentityModel.Protocols.OpenIdConnect.<GetAsync>d__3.MoveNext()   +291   聽聽 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25   聽聽   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext()   +1129   聽   [InvalidOperationException:   IDX20803: Unable to obtain configuration from: '[PII is hidden by default.   Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal   it.]'.]   聽聽 Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext()   +1586   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽 Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext()   +575   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽 Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext()   +282   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext()   +275   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext()   +160   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext()   +815   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext()   +182   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext()   +638   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext()   +182   聽聽   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task   task) +99   聽聽   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task   task) +58   聽聽   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext()   +180   聽聽   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult   ar) +69   聽聽 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult   ar) +64   聽聽   System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar)   +156   聽聽   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult   ar) +123
--







--
question
Source
picture DeeDeeLee
👍3

All 12 comments

Server Error when enabling HTTPS.docx

DeeDeeLee picture DeeDeeLee on 2 Oct 2018

Not sure, but it sounds like something we saw recently. Is your app using IdentityModel? Can you update your app to use one consistent version of it?

brockallen picture brockallen on 2 Oct 2018

It looks like that the IdentityServer4 (2.2.0) is using "IdentityModel 3.6.1". How and where could I get the consistent version of it?

DeeDeeLee picture DeeDeeLee on 2 Oct 2018

is your host referencing it too? if so, does it need to?

brockallen picture brockallen on 3 Oct 2018

My IDS4 is referencing identityserver4(2.2.0), not identitymodel directly.

DeeDeeLee picture DeeDeeLee on 3 Oct 2018

Today I have tried to deploy the release version of IdentityServer4 ( IdentityServer4-release.zip downloaded from your site without the change). it has the same issue. The .Net core client works, but ASP.NET client doesn't work for IDS4 with the HTTPS enabled.

DeeDeeLee picture DeeDeeLee on 3 Oct 2018

Sorry, not sure.

brockallen picture brockallen on 4 Oct 2018

@DeeDeeLee, I encountered the same issue and seems like it happens because of incompatible TLS versions. Check your target framework version and TLS settings. I performed a quick test setting ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; and it worked.

vsubbotskyy picture vsubbotskyy on 11 Oct 2018
🎉1

Adding some more insights to @vsubbotskyy's answer.

This could be related to TLS version problem: when you're making calls using client that doesn't support TLS version of server.
More details here: https://stackoverflow.com/questions/45382254/update-net-web-service-to-use-tls-1-2

And if you're publishing to Azure: https://azure.microsoft.com/en-us/updates/new-app-service-apps-deployed-with-tls-1-2-as-default-from-june-30/

Hope it helps.

savbace picture savbace on 11 Oct 2018
👍1

@vsubbotskyy and @savbace, thank you so much for your help. After I changed the target framework version to 4.6.1 in the web.config, it worked.

Thanks again,

DeeDeeLee picture DeeDeeLee on 17 Oct 2018

I'm also getting same exception when my web api is trying to get document from wellknown-endpoint.
surprisingly same code is working on one server, but not on other. Identity server is version 4 (.NET core) and web API is on full framework. how I can check this TLS version is it at OS level or IIS setting?

MadhurBhardwaj picture MadhurBhardwaj on 27 Aug 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 10 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

chrisrestall picture chrisrestall  路  3Comments
createroftheearth picture createroftheearth  路  3Comments
brockallen picture brockallen  路  3Comments
mackie1001 picture mackie1001  路  3Comments
leksim picture leksim  路  3Comments