I have identity server running on my local development machine which is fine, but as soon as i published it on the server (Azure VM) I starting to have some issues.
the issue I am having now is that I am no longer able to redirect the users to the identity server, when I try to do so I get
Unable to retrieve document from/Unable to obtain configuration from {domain}/.well-known/openid-configuration
I do think this might be something to do with:
- Cloudflare DNS
- IIS not redirecting the users to the new destination
- SSL (But I am using cloudflare SSL so I don't know what's wrong here)
the configuration I have is listed below
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
}).AddCookie("Cookies", c => c.ExpireTimeSpan = TimeSpan.FromMinutes(10))
.AddOpenIdConnect("oidc", options =>
{
options.Authority = builder.Configuration["ApiUrls:Identity"];
options.GetClaimsFromUserInfoEndpoint = true;
options.ClientId = "DD";
options.ClientSecret = "Secret";
options.ResponseType = "code";
options.TokenValidationParameters.NameClaimType = "name";
options.TokenValidationParameters.RoleClaimType = "role";
options.Scope.Add("DD");
options.SaveTokens = true;
});
app.UseDeveloperExceptionPage();
IdentityModelEventSource.ShowPII = true;
ServicePointManager.Expect100Continue = true;
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
did anyone face a similar issue like this before?
UPDATE
this is the error the website produce
An unhandled exception occurred while processing the request.
IOException: IDX20807: Unable to retrieve document from: '{domain}/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Date: Sun, 27 Nov 2022 13:36:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkJDW9dWlc1yD5HbTg6xBj/IBskcJxGOPMLGrJCuP8GzY0/s0sEMM6+Vf3b9ywC6zT+jHmgzkO2QEcQntd/aHlzxknmce9FZWXAHcHfUaIYsAAEHugRrGb8xc6MHWzTxQZ8pB2xGeKcq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 770b402c1e157697-LHR
Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Type: text/html
}', HttpResponseMessage.Content: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>404 - File or directory not found.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div ><fieldset>
<h2>404 - File or directory not found.</h2>
<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
</fieldset></div>
</div>
</body>
</html>
'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: '{domain}/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)
CodePudding user response:
After a few days of searching Stackoverflow and searching the internet, I found out that the IdentityPool should be set to LocalSystem to allow the communication to go through.
what helped me the most if when I called the API from my local Visual Studio project.
once I got (you don't have permission to access this folder) I changed the IdentityPool and everything worked fine.