I have a Blazor project (Webassembly)
I want to start the application and it ends with an error message in program.cs
on line: var app = builder.Build();
using myWebapp.Blazor.Server.Data;
using myWebapp.Blazor.Server.Models;
using myWebappData;
using myWebappService.Configuration;
using myWebappService.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.EntityFrameworkCore;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
//var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
//builder.Services.AddDbContext<ApplicationDbContext>(options =>
// options.UseSqlServer(connectionString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddDbContext<efmDbContext>(options =>
options.UseSqlServer(
connectionString: builder.Configuration.GetConnectionString("DefaultConnection")));
//RegisterDependencyServiceServiceLayer.ConfigureService(builder.Services);
builder.Services.AddTransient<IMyIndexService, MyIndexService>();
builder.Services.AddTransient<IMyViewsService, MyViewsService>();
builder.Services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
builder.Services.AddAuthentication()
.AddIdentityServerJwt();
builder.Services.AddControllersWithViews();
builder.Services.AddRazorPages();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseMigrationsEndPoint();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.MapControllers();
app.MapFallbackToFile("index.html");
app.Run();
This is included:
<PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="6.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.8" />
This is the message:
System.AggregateException: 'Some services are not able to be constructed (Error while validating the service descriptor 'ServiceType: myWebappService.Services.IMyIndexService Lifetime: Transient ImplementationType: myWebappService.Services.MyIndexService': Unable to resolve service for type 'AutoMapper.IMapper' while attempting to activate 'myWebappService.Services.MyIndexService'.) (Error while validating the service descriptor 'ServiceType: myWebappService.Services.IMyViewsService Lifetime: Transient ImplementationType: myWebappService.Services.MyViewsService': Unable to resolve service for type 'AutoMapper.IMapper' while attempting to activate 'myWebappService.Services.MyViewsService'.)'
InvalidOperationException: Unable to resolve service for type 'AutoMapper.IMapper' while attempting to activate 'myWebappService.Services.MyIndexService'.
Related
I have an ASP.NET Core Web API set up as App Service in Azure with an App Registration in our AzureAd
In appsettings.json I have (anonimized)
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "ourdomain.co.uk",
"TenantId": "n9n999n9-9999-nnnn-9n9n9-9n9n9n9n9n9",
"ClientId": "81933a15-157f-45b0-bc32-3d7d6d62f4a7",
"Audience": "https://ourdomain.co.uk/breathe.notifications-service",
"ClientSecret": "a6a6a6a~EEizqWNa8itAAAjcrycxnCtxaVgKTFx"
},
That app has an API permission in Azure Ad that allows me to call another app service, Audit. The audit service does not have any specific scopes defined but it does have an app role called Audit.Write
In the calling API i need to get a token to call audit so I run this code
var accessToken = await this.tokenAcquisition.GetAccessTokenForAppAsync(this.auditApiScope);
this.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
this.httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Note the call to GetAccessTokenForAppAsync rather than the more common GetAccessTokenForUserAsync
The scope string that I am passing is
https://ourdomain.co.uk/us.audit-service/.default
When I call GetAccessTokenForAppAsync it is failing with MSALException
IDW10104: Both client secret and client certificate cannot be null or
whitespace, and only ONE must be included in the configuration of the
web app when calling a web API. For instance, in the appsettings.json
file.
The client secret is in the AzureAd config, I am not specifying a certificate.
I now have this working and have two options but before I outline those I need to offer some extra background.
This Web Api and others we have created offer functionality to Azure Ad users and Azure B2C users. This functionality was first possible with Microsoft.Identity.Web 1.11.0 and we hjave been using 1.11.0 since it was released. However we always had an issue where we would generate thousands of exceptions because MSAL was getting confused ny which scheme to use.
We came across this blog post, Removing misleading IDX10501 logs when using multiple authentication schemes in ASP.NET Core 3.1 there is more detail in this github thread, https://github.com/oliviervaillancourt/blog/issues/3.
Our Startup.cs Configure Services looks like this
public void ConfigureServices(IServiceCollection services)
{
services.AddMicrosoftIdentityWebApiAuthentication(this.configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
services.AddAuthentication()
.AddMicrosoftIdentityWebApi(this.configuration, "AzureAdB2C", "B2CScheme", true);
services.AddAuthentication("AzureAD_OR_AzureAdB2C")
.AddMicrosoftIdentityWebApi(
jwtBearerOptions =>
{
var azureAdB2CConfig = this.configuration.GetSection("AzureAdB2C");
jwtBearerOptions.ForwardDefaultSelector = context =>
{
var token = string.Empty;
if (context.Request.Headers.TryGetValue("Authorization", out var value))
{
string authorization = value;
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
token = authorization.Substring("Bearer ".Length).Trim();
}
}
if (token == null)
{
this.logger.LogInformation($"Cannot get the Token out of the Authorization header");
}
var jwtHandler = new JwtSecurityTokenHandler();
if (jwtHandler.CanReadToken(token))
{
var jwtToken = jwtHandler.ReadJwtToken(token);
var expectedB2CIssuer = $"{azureAdB2CConfig.GetValue<string>("Instance")}/{azureAdB2CConfig.GetValue<string>("TenantId")}/v2.0/";
if (string.Compare(jwtToken.Issuer, expectedB2CIssuer, true) == 0)
{
// Claim is from B2C so this request should be validated against the B2C scheme.
this.logger.LogInformation($"Request is with a B2C issued token so refer to B2CScheme. Token issuer: {jwtToken.Issuer} B2C Issuer: {expectedB2CIssuer}");
return "B2CScheme";
}
else
{
this.logger.LogInformation($"Request is not with a B2C issued token so refer to Bearer scheme. Token issuer: {jwtToken.Issuer} B2C Issuer: {expectedB2CIssuer}");
}
}
else
{
this.logger.LogInformation("Request token could not be read so refer to Bearer scheme");
}
return "Bearer";
};
},
identityOptions =>
{
var azureAdB2CConfig = this.configuration.GetSection("AzureAdB2C");
identityOptions.Instance = azureAdB2CConfig.GetValue<string>("Instance");
identityOptions.TenantId = "AzureAD_OR_AzureAdB2C";
identityOptions.ClientId = "AzureAD_OR_AzureAdB2C";
},
"AzureAD_OR_AzureAdB2C",
false);
services.AddControllers()
.AddNewtonsoftJson();
services.AddLogging(options =>
{
// hook the Console Log Provider
options.AddConsole();
options.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
// hook the Application Insights Provider
options.AddFilter<ApplicationInsightsLoggerProvider>(string.Empty, Microsoft.Extensions.Logging.LogLevel.Trace);
// pass the InstrumentationKey provided under the appsettings
options.AddApplicationInsights(this.configuration["APPINSIGHTS_INSTRUMENTATIONKEY"]);
});
}
The logic used by the ForwardDefaultSelector is what helps us work with multiple schemes and forward ASP.NET to the right scheme.
Now back to the answer.
If I remove the ForwardDefaultSelector I no longer get the IDW10104 however that is what we use to remopve all the extraneous exceptions schemes so that is not really going to be workable.
The only viable option is to move the Web Api from the latest version of Microsoft.Identity.Web 1.21.1 to 1.16.0. The issue that is causing us to get the exception was introduced in 1.16.1. I will raise an issue on the MSAL github for 1.16.1. We were previously using 1.11.0.
I am on visual studio 2019 for mac running a blazor server app with .net core 3.1 and Individual Authentication (In-app) turned on.
When i go to register and enter new users details i am presented with the following error when clicking the apply migrations button
In the appsettings.json i have the following set.
{
"ConnectionStrings": {
"DefaultConnection": "Server=localhost;Database=Test; user=SA; password=P#55word; Trusted_Connection=False;"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
Startup.cs
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Hosting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using CMUI.Areas.Identity;
using CMUI.Data;
namespace CMUI
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<IdentityUser>(options => options.SignIn.RequireConfirmedAccount = false)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddRazorPages();
services.AddServerSideBlazor();
services.AddScoped<AuthenticationStateProvider, RevalidatingIdentityAuthenticationStateProvider<IdentityUser>>();
services.AddSingleton<WeatherForecastService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapBlazorHub();
endpoints.MapFallbackToPage("/_Host");
});
}
}
}
The the SQL server i am running is 2019 mssql in docker using the following command
docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=P#55word' -p 1433:1433 -d --name=mssqlserver2019 mcr.microsoft.com/mssql/server:2019-latest
The database is working okay as i can perform crud actions via an webapi in another solution using the same connection string. Not sure if this is a mac thing or if i have missed something silly.
Thanks.
You can try using the command line and navigating to the project root of the project that connects to that db, and then running dotnet ef database update which should run that migration and build your identity tables. Then fire the app up again and as long as it's connecting (which is looks like you are) you should be able to register users.
Further reading on migrations here. You may need to install the command line tools mentioned in this article.
I'm not familiar with VS for MacOS, but in the windows version you can go to Package Manager Console, make sure the default project in the console is set to your DB access project, and then run the command update-database. This might work for you as well.
I created a .NET Core 3.0 Angular project with Identity Server. I want to add claims and roles to my app.
My Identity Server is mostly out of the box with some simple route changes:
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer(options =>
{
options.UserInteraction.LoginUrl = "/auth/login";
options.UserInteraction.LogoutUrl = "/auth/logout";
})
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
I currently add my a simple policy in startup.cs
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdministratorRole", policy =>
{
policy.RequireRole("Admin");
policy.RequireClaim("CreateUser");
});
});
At the bottom of my Configure() method I call this method to add roles:
private async Task CreateUserRoles(IServiceProvider serviceProvider)
{
var RoleManager = serviceProvider.GetRequiredService<RoleManager<IdentityRole>>();
var UserManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
IdentityResult adminRoleResult;
//Adding Admin Role
var adminRoleCheck = await RoleManager.RoleExistsAsync("Admin");
if (!adminRoleCheck)
{
//create the roles and seed them to the database
adminRoleResult = await RoleManager.CreateAsync(new IdentityRole("Admin"));
await RoleManager.AddClaimAsync(new IdentityRole("Admin"), new Claim("CreateUser", "Create User"));
}
}
In my register.cshtml.cs I've successfully set a role and a claim via:
var roleResult = await _userManager.AddToRoleAsync(user, "Admin");
var claimResult = await _userManager.AddClaimAsync(user, new Claim("CreateUser", "Create User"));
I've confirmed that the new user has that claim and role.
The client userinfo call returns correctly but when I look at the id_token I dont have those claims:
{
"nbf": 1574787988,
"exp": 1574788288,
"iss": "https://localhost:5001",
"aud": "MyAppSpa",
"iat": 1574787988,
"at_hash": "ndzldxAE3EiVzI4PeThNPQ",
"s_hash": "dIqJXx372XhOESn1XYH36A",
"sid": "VQLp--MHdoOoxXiVASWZ0g",
"sub": "4a0450dd-fe4f-4b3d-ac12-3f70876183e1",
"auth_time": 1574787983,
"idp": "local",
"amr": [
"pwd"
]
}
According to oidc-client-js is not getting claims correctly from Identity Server 4, I should just need to include AlwaysIncludeUserClaimsInIdToken = true to the client configuration.
However, the template doesnt have a configuration. Its all under the hood.
Questions:
1) Will adding AlwaysIncludeUserClaimsInIdToken = true to the client fix my issue?
2) How do I add it given my current configuration?
Concern about the size of ID Token , by default the claims won't include in ID token .You can get the claims from userinfo endpoint with ID token(read from user.profile) . That is by design .
The new .net core 3.0 angular authentication template just configures IdentityServer to use template supported configuration , but the configuration is not fully customize compare to Identity server provided configuration ,such as AlwaysIncludeUserClaimsInIdToken . So the workaround is not use ApiAuthorization service, the full power of IdentityServer is still available to customize authentication to suit your needs.
I use this same method to set the eonvironmentname for a web app that I publish to a folder. However, when publishing a .net core console app that is using IWebhostBuilder, the environmentname isnt seeming to get updated?
I have a .net core console app that I am publishing to a folder location and the console app uses IWebhostBuilder, hence I need to be able to set the environment name prior to publishing. It seems to want to grab the default appsettings, rather than the one for my target environment (Dev). I have a appsettings.Dev.json file
My publish profile looks like this
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<PublishProtocol>FileSystem</PublishProtocol>
<Configuration>Dev</Configuration>
<Platform>Any CPU</Platform>
<TargetFramework>netcoreapp2.2</TargetFramework>
<PublishDir>\\dev-server1\d$\Services\BoxService</PublishDir>
<SelfContained>false</SelfContained>
<_IsPortable>true</_IsPortable>
<EnvironmentName>Dev</EnvironmentName>
<RuntimeIdentifier>win-x64</RuntimeIdentifier>
</PropertyGroup>
</Project>
[ Edit ]
Nothing was working, so I did an experiment because obviously I am missing something or just dont understand. I created a new test console app with nothing in it except one class with a Main method. Added the necessary packages (Extensions.Configuration etc), then proceeded to publish the app to a local folder with the following in my publishprofile.
<EnvironmentName>Local</EnvironmentName>
This is obviously not being used, because when I run it from visual studio, it reports the correct environment has been set, but when run from the published folder, its as if the environment has not been set.
Here is Program.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.EnvironmentVariables;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
namespace Cmd1
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
var environmentName =
Environment.GetEnvironmentVariable("ENVIRONMENT");
// create service collection
var services = new ServiceCollection();
// build config
var configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", false)
.AddJsonFile($"appsettings.{environmentName}.json", true)
.AddEnvironmentVariables()
.Build();
// setup config
services.AddOptions();
services.Configure<AppSettings>(configuration.GetSection("App"));
// create service provider
var serviceProvider = services.BuildServiceProvider();
var appSettings = serviceProvider.GetService<IOptions<AppSettings>>();
string env = Environment.GetEnvironmentVariable("Environment");
Console.WriteLine($" We are looking at {appSettings.Value.TempDirectory} from environment: {env}");
}
}
}
Appsettings.json
{
"App": {
"TempDirectory": "d:\temp"
}
}
Appsettings.Local.json
{
"App": {
"TempDirectory": "c:\\temp\\rss-hero\\tmp\\"
}
}
Setting Environment in VS
Results, from VS
Results when run from published folder
You need to configure IWebhostBuilder like this
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.ConfigureAppConfiguration(builder =>
{
builder.AddJsonFile("appsettings.json")
.AddJsonFile($"appsettings.Dev.json", optional: true) // add more if you have
.AddEnvironmentVariables();
});
Then depending on the environment it will use appsettings{envrionment}.json. If no other present it will use appsettings.json (default). After publishing you can check the web.config to check the environment name it's using.
EDIT
For console app you do something like this
private static IConfigurationBuilder Configure(IConfigurationBuilder config, string environmentName)
{
return config
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.AddJsonFile($"appsettings.{environmentName}.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables();
}
And use like this (.Net core generic host)
Host.CreateDefaultBuilder(args)
.ConfigureHostConfiguration(builder =>
{
Configure(builder, "Dev");
})
.UseConsoleLifetime()
Or if you want to get the environment from System environment variables.
public static IConfiguration CreateConfiguration()
{
var env = new HostingEnvironment
{
EnvironmentName = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT"),
ApplicationName = AppDomain.CurrentDomain.FriendlyName,
ContentRootPath = AppDomain.CurrentDomain.BaseDirectory,
ContentRootFileProvider = new PhysicalFileProvider(AppDomain.CurrentDomain.BaseDirectory)
};
var config = new ConfigurationBuilder();
var configured = Configure(config, env);
return configured.Build();
}
my question:
I am trying to use Oracle.DataAccess.Client Provider with NHibernate (Fluent), and I configured it as follows:
Fluently.Configure().Database(OracleClientConfiguration.Oracle10.Provider("Oracle.DataAccess.Client").ConnectionString(c => c.FromConnectionStringWithKey("ORACLE1"))).
and I have this error:
"Could not load type Oracle.DataAccess.Client. Possible cause: no assembly name specified.":"
I already add Reference to Oracle.Dataaccess dll (ODAC) with copy local = true, but error persist...
Any suggestions?
Here's a working code snippet:
public static void InitializeNHibernate()
{
var configurer = (OracleClientConfiguration.Oracle10.ShowSql().ConnectionString(c =>
c.FromConnectionStringWithKey("development"))
.DefaultSchema("myschema")
.UseReflectionOptimizer()
.Cache(c =>
c.ProviderClass<SysCacheProvider>()
.UseQueryCache()));
var cfg = Fluently.Configure()
.Database(configurer)
.Mappings(m =>
{
m.FluentMappings
.AddFromAssemblyOf<Employee>()
.Conventions.Add<OracleDateTimeTypeConvention>();
m.HbmMappings
.AddFromAssemblyOf<Employee>();
})
.ExposeConfiguration(configuration =>
{
configuration.SetProperty(Environment.Hbm2ddlKeyWords, "auto-quote");
configuration.SetProperty(Environment.GenerateStatistics, "true");
configuration.SetProperty(Environment.CurrentSessionContextClass, "web");
configuration.SetProperty(Environment.CommandTimeout, "60");
});
}
Without specifying a provider, it automatically picks Oracle DataAccess up.
Edit:
It does not pick it up automatically, I just have it on my connection string:
<add name="development" connectionString="Data Source=XXX;User ID=yyy;Password=zzz;" providerName="Oracle.DataAccess.Client"/>