ASP.NET Core Identity - Invalid Token (Linux) - asp.net

I'm using the latest .NET Core (1.1) and EF Core to build my ASP.NET website and I also use ASP.NET Identity, and I have already published my website to Azure host and everything is working as expected there(including my Windows localhost). However now I'm switching to my own Linux(Centos 7) dedicated server with Apache, and I have the site working however I get "Invalid Token" messages when trying to reset password or confirm email.
I have checked other questions like this and solution was to encode/decode url which is sent via email, however I have did that already but it's not working still.
I also tried to copy the whole database from localhost to my server in case there was something with migrations on the Linux host, however that also did not help. All migrations are applied and other things that don't use Identity context also work.
After additional searching I have found that it might be problem with different machine keys on the host and that the security stamp is not in sync, but I don't see how could that affect me because I deploy a whole new version of my app to the server, and on localhost everything works as well on Azure hosting. Also this used to be the problem with ASP.NET MVC, not Core.
How can I even debug this issue? I have not seen anyone having this problem with the new EF Core and especially not on Linux host.
I deploy the site using the latest VS 17. I have set up Apache proxy as guided on the official .NET Core website: link

Dotnet core MVC application on default saves your Authentication tokens encrypted in a cookie.
The seed/key for this encryption/decryption of the data is based on your machine key, which is different on every machine.
If you ran multiple instances of your app (load balanced) this message/error will happen when your system tries to decrypt the session cookie, created on the other machine.
On the other hand if you still have cookie information in your browser and you start hosting the website on a different host ofcouse this new host wont be able to decrypt these already existing session cookies.
I Know this because i had the same problem. You can find the source-code of session here: https://github.com/aspnet/Session/tree/dev/src/Microsoft.AspNetCore.Session
I tried this when dotnet core was not yet released and i ended up using this blog. But probably now is very outdated.
I'd advice you advice you to use an external session store instead of using the cookie as data storage. read through their documentation on how to set that up: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state

Related

ASP.NET Core Runtime 3.1.9

Morning All
I am hosting my website on IIS , the website was built using the react template. But I have ran into a problem. When using localhost my webapp worked a charm, i could interact with the database and life was good. But now ive moved it over to IIS Im no longer able to pull data in from the database or interact with the db.
I think the problem may be the fact that IIS is running on a different server to my local machine. I have the ASP Core runtime installed on my local machine but not on the server where IIS is situated.
Can someone just confirm to me that I do require ASP Core runtime to be installed on the IIS server also?
Im not able to test things out until tomorrow otherwise I would find out for my self. Apologies, im basically a beginner with IIS and ASP
Thanks
If you are facing troubles with the database connection and not with your API endpoints could be network/proxy/firewall stuff. But if you're not able to deploy your API to IIS maybe could be that you're missing the Net Core bundle. For more information check the link below:
https://dotnet.microsoft.com/download/dotnet-core/thank-you/runtime-aspnetcore-3.1.9-windows-hosting-bundle-installer
Yes, you are required to have the ASP.NET Core runtime installed if you plan on running asp.net-core applications on it.

deploying asp.net core 2.1 web application on window hosting receiving 403

I have deployed my newly created web app developed in Asp.net core 2.1 on a windows based shared plesk hosting.
When i tried to browse the site, it give me this error
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
I have searched it on google but all the help is coming for .net framework not for the .net core framework. Existing solution has suggested me to put this code in web config
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
but in .net core 2.1 there is no web.config in the project..
Bottom line issue is still there, don't know what to do.
First of all ensure that the your shared hosting provider support .NET Core hosting as it requires .NETCore Hosting Bundle installed and .NET CLR Version set to No Managed Code
Next publish your ASP.NET Core web app which will generate web.config file and then upload the published files on the server.
You may need to look at hosting's website or get in contact with them to determine whether they support .NET Core, at what runtime version and what needs to be done to have it set up for a website. They may need to do it manually and you may need to downgrade to their version.
The simplest way to handle this with shared hostings is to publish fresh template that works locally, copy it over to hosting (or use Web Deploy to do this directly from Visual Studio) and if it errors, write a ticket that your .NET Core site isn't working and it's up to them to install and set up everything that is necessary.
If they can't get it working, then you won't be able to either. Nothing else you can do, but to change hosting provider.
Literally just stumbled on this question after finding a resolution to the exact same problem.
My scenario is:
I was trying to move hosting providers - website already live, running from old host's webspace.
New host was a shared windows-based web hosting provider, running Plesk.
I was therefore trying to publish my .Net Core 2.0 project to my new host.
...and I kept getting a "403 - Forbidden Access" error.
Here's what I found, which I think might have been part of the problem that the OP faced.
Even though I had published the website to the remote server correctly, the 403 error kept coming until the new host's technical support pointed me to one of their knowledgebase posts, which exactly described my scenario and the issues I had, along with how to overcome them.
Essentially, I didn't have my domain name's DNS settings configured yet (as it was still in use, pointing to my previous hosting provider's webspace) and as such, the DNS are getting 'confused'.
The short-term workaround was to add a temporary entry to my hosts file on my PC, which directed the traffic for my website to the IP address of the NEW web hosting provider. (Once full go-live, these are deleted).
Something like this:
123.123.123.123 mywebsite.com
This allowed me (on my PC) to bypass the DNS settings on my domain name, and to reference the web content on the new web host's webspace, to continue setting-up and configuring the website, prior to full migration
Here's the link to their knowledgebase article, which I'd have never of thought of, until they mentioned it. (And then it made perfect sense!!)

ASP.NET Core - Application not connecting to database after publishing

I created a simple ASP.Net Core application with user authentication (so all the Entity Framework has been preloaded into the web app template). It is connecting to my database with the connectionString that is located in my appsettings.json file, with "data source = {computerName}\\{serverName}" setup.
The database instance and Visual Studio are located on the same machine. This works fine in returning data to the web api while within development and debugging mode. When I publish it and try to go to the site from a domain name it does allow me to view the webpages that are not needing database connection but the rest that need data from the database returns pages like this:
Error.
An error occurred while processing your request.
Development Mode
Swapping to Development environment will display more detailed information about the error that occurred.
Development environment should not be enabled in deployed
applications, as it can result in sensitive information from
exceptions being displayed to end users. For local debugging,
development environment can be enabled by setting the
ASPNETCORE_ENVIRONMENT environment variable to Development, and
restarting the application.
I have tried to change the Environment Variables for ASPNETCORE_ENVIRONMENT from Development to Production to no success.
I have tried adding appsettings.Production.json to publishOptions in my project.json file, even though there is no file appsettings.Production.json, and this did not help. dotnet publish
Adding the evironment variable in the web.config file did not work Deployment
I need help getting the published web api to connect to my SQL Server database from outside the development Visual Studio setup.
The last thing I can think of is that maybe I am incorrect in how I understand the connection string. If the web api uses the connection string to connect to the database from the server-side then it should work just fine like it does when in development calling to http://localhost:port# since it's all on the same machine. But, if the database string needs to be based on a client-side call then it would have to be with domain names and IP addresses.
Can someone tell me which one it is?
The only thing else that comes to mind is that there is something I am not doing, and need to do, inside of IIS Manager. I see connect string there as well but unsure what that is for our does since the connection string is inside the application. Also maybe I am suppose to give the app some kind of authorization to communicate with the database server even though they are on the same machine???
After much research, finally googling "how to deploy a web api in iis" I was able to learn from Host ASP.NET Web API in IIS using Visual Studio Publish that I needed to add the security entity BUILTIN\IIS_IUSRS. Then placing a mapping to my database tables and giving db_datareader (and possibly db_datawriter) for the database to the IUSER to allow access from my self hosted IIS web api. This from the above mentioned link with the part stating
Accessing Database under IIS APPPOOL\ASP.NET v4.0
As we are using ASP.NET v4.0 App Pool make sure IIS APPPOOL\ASP.NET v4.0 is added to your Database Server -> Security -> Logins.

Web Service error - Status 404 not found

I have created a web service in Visual Studio 2015 (web api) that listens out for requests via a barcode scanner. The barcode scanner links to a database that provides information such as stock quantities etc, but this is just for background information. The web service is currently installed on my local machine and works perfectly, returning the correct values and posts data to a database.
I attempted to install the web service onto a server, copying over similar settings in IIS (only have basic knowledge using this), such as the bindings and ensuring the permissions were set up correctly. However when running the web service I recieved a "404 not found error and 401 unauthorized". After that, I installed Visual Studio 2015 onto the server to ensure it wasn't a build or publish error...same problem.
Below are some of the 'fixes' I have tried to help narrow down the potential problem.
Ensured the correct version of .Net, 4.0, is installed on the server.
IIS Manager - Authentication: Annoymous Authentication set to enabled.
IIS Manager - Directly browsing: set to enabled.
Set the correct permissions using 'Edit Permissions', granted full control to 'Everyone'
This is my first time creating a web service so up until now I have been using tutorials and making it up as I go along. I think it could be to do with the application pools set up? But because the solution works on my local machine and not the server has me extremely confused. Thanks in advance.

MySQL .NET Connector 6.7.4

I'm am unable to use MySQL Connector 6.7.4 with my local asp.net provider, a security message is being shown saying that it doesn't have the GAC security accesss, anyone know if there's any chance (like in on web.config) to make it work ?
I know that my local web hosting provider (called locaweb) uses a medium trust environment and refuses to make any changes on their server (such as adding mysql latest version to their GAC). Old version of the connector, such as 6.2.2 are working fine.
I've read several articles in the internet (such as http://dev.mysql.com/doc/refman/5.1/en/connector-net-medium-trust.html) but it didn't make clear to me if the changes were in my application's web.config or in my hosting config (which they refuse).
Thanks,

Resources