Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An exception occurred while accessing the deployed version of Identity Server, but it works fine when Identity Server is running locally. #1516

Open
geetzkrish opened this issue Dec 11, 2024 · 2 comments
Open

An exception occurred while accessing the deployed version of Identity Server, but it works fine when Identity Server is running locally. #1516

geetzkrish opened this issue Dec 11, 2024 · 2 comments
Labels
IdentityServer

Comments

@geetzkrish
Copy link

Which version of Duende IdentityServer are you using?
5.2.0

Which version of .NET are you using?
4.8

Describe the bug

We have deployed the Identity Server solution to a web server. After deploying it, when we try to connect to the action methods from Postman, we are getting the following error in our logs. However, it works fine when the Identity Server is running locally.

2024-12-11 06:22:15.6764|24|ERROR|Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager|An exception occurred while processing the key element ''. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints) at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate) at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.GetKeyFromCert(EncryptedKey encryptedKey, KeyInfoX509Data keyInfo) at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.EncryptedXmlWithCertificateKeys.DecryptEncryptedKey(EncryptedKey encryptedKey) at System.Security.Cryptography.Xml.EncryptedXml.GetDecryptionKey(EncryptedData encryptedData, String symmetricAlgorithmUri) at System.Security.Cryptography.Xml.EncryptedXml.DecryptDocument() at Microsoft.AspNetCore.DataProtection.XmlEncryption.EncryptedXmlDecryptor.Decrypt(XElement encryptedElement) at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator) at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement) at Microsoft.AspNetCore.DataProtection.KeyManagement.DeferredKey.<>c__DisplayClass1_0.<GetLazyDescriptorDelegate>b__0() at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor) at System.Lazy1.CreateValue()
at System.Lazy`1.get_Value()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.get_Descriptor()
at Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.CngGcmAuthenticatedEncryptorFactory.CreateEncryptorInstance(IKey key)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyBase.CreateEncryptor()
at Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver.CanCreateAuthenticatedEncryptor(IKey key)

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior.

Expected behavior

A clear and concise description of what you expected to happen.

Log output/exception with stacktrace

data

Additional context

Add any other context about the problem here.
@StuFrankish
Copy link

Hi @geetzkrish 👋

Are you able to upgrade to a newer version of IdentityServer?
I think version 5 has been out of support for quite some time now.

That said, are you able to show us how Data Protection is configured for your instance of IdentityServer?
Knowing a bit more about how your setup is configured will help diagnose any issues.

@geetzkrish
Copy link
Author

Hi @geetzkrish 👋

Are you able to upgrade to a newer version of IdentityServer? I think version 5 has been out of support for quite some time now.

Currently we are not able to do the upgradation.

That said, are you able to show us how Data Protection is configured for your instance of IdentityServer? Knowing a bit more about how your setup is configured will help diagnose any issues.

This is how we configured Data Protection in the identity Server
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.DataProtection.Repositories;

        string certificatePathDataProtection = System.Environment.CurrentDirectory + @"\Certificates\cgessoDataProtection.pfx";
        services.AddDbContext<DataProtectionContext>(options => options.UseSqlServer(connectionString));                  


        services.AddDataProtection()
            .AddKeyManagementOptions(options => options.XmlRepository = built.GetService<IXmlRepository>())
            .SetDefaultKeyLifetime(TimeSpan.FromDays(180))
            .ProtectKeysWithCertificate(new X509Certificate2(certificatePathDataProtection, x509pass));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IdentityServer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StuFrankish @geetzkrish