-1

I am trying to use Identity Server 4 for Authenticationa and authorization purpose but which ever project i try to run is throwing only 1 error which is like bugging me alot because i have search for this error and i cant find a stable and proper solution for this.

Error :

Error connecting to http://localhost:5000/.well-known/openid-configuration: An error occurred while sending the request.

Couple of projects in which i am getting same error and dont know how to solve it :

https://www.dropbox.com/s/9hs3huwt8h035ek/oauth2Demo-master.rar?dl=0

enter image description here

Another Project : Download but same error

enter image description here

In my first project it seems like there is some problem related to SSL certificate though i tried to follow below link to install certificate but still this error exist :

https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates

But in my second project there is no such SSL certificate problem but still same error.

Is there any way to resolve that error?

I Love Stackoverflow
  • 6,738
  • 20
  • 97
  • 216
  • Are you sure that your identityserver is running on localhost:5000? – Yahya Hussein Dec 22 '17 at 12:47
  • @YahyaHussein You are referring to project1 or project2? – I Love Stackoverflow Dec 22 '17 at 12:49
  • I’m pretty sure both solution require you to start multiple projects, the identityserver and the example client https://msdn.microsoft.com/en-us/library/ms165413.aspx – Robbert Draaisma Dec 22 '17 at 12:51
  • any project that works with identityserver will need identityserver to be working on localhost:5000 (the url you specify as authority in your client) – Yahya Hussein Dec 22 '17 at 12:54
  • @RobbertDraaisma So if i talk about my first project,You can see i have set OAuth2Demo.AngularClient as start up project so i run that project as well as OAuth2Demo.ApiClient also with the help of Debug => Start New instance but when i do this i get error in Start up.cs of OAuth2Demo.ApiClient project – I Love Stackoverflow Dec 22 '17 at 12:56
  • @YahyaHussein In my second project I am running ConsoleClientCredentialFlow project right but when DiscoveryClient.GetAsync(Constants.Authority) this call happens from where this method is trying to fetch configuration from which project? I am failing to understand this – I Love Stackoverflow Dec 22 '17 at 12:59
  • I can’t see all the projects but it says there are 5, i’m Assuming one of those is actually hosting the indentityserver and is setup with a list of user accounts, scopes and resources – Robbert Draaisma Dec 22 '17 at 13:01
  • @RobbertDraaisma Yes there are 5 project in which i am trying to run Angular js client and so does this means that OAuth2Demo.ApiClient is hosting identity server? – I Love Stackoverflow Dec 22 '17 at 13:03
  • Hard to tell but given you are getting exceptions i’d Say no. Identity server can run standalone or embedded in another web application. What you are looking for is a project with , in startup class, app.useidentityserver() see http://docs.identityserver.io/en/release/quickstarts/0_overview.html. I suspect the apiclient is simple another example of a resource(api) you can protect using the identityserver authentication process – Robbert Draaisma Dec 22 '17 at 13:14
  • From any client you should tell it that IdentityServer is hosted on a specific URL (in your case it is configured as localhost:5000) so be sure that identityserver is running on this url or update config to meet the actual url – Yahya Hussein Dec 22 '17 at 13:15
  • @RobbertDraaisma My angular client is having only Js files and UI part and this angular is calling is calling api of OAuth2Demo.ApiClient project hence i think Identity server resides in OAuth2Demo.ApiClient project.What do you think? – I Love Stackoverflow Dec 22 '17 at 13:24
  • @YahyaHussein But i have taken this 2nd project from official website of identity server 4 so you think that project might not have configured properly? – I Love Stackoverflow Dec 22 '17 at 13:25
  • Can’t say without looking at the code, maybe show the startup.cs? But what about the other three projects? – Robbert Draaisma Dec 22 '17 at 13:26
  • @RobbertDraaisma I have posted the whole project so if you can download it or else i can post code here but with downloading you can actually run it but still i dont have problem posting code here.Whatever you say :) – I Love Stackoverflow Dec 22 '17 at 13:27
  • this configuration is just telling the client where identityserver is hosted, this is a custom thing, you should change it to suit you! – Yahya Hussein Dec 22 '17 at 13:32
  • @YahyaHussein But my ConsoleClientCredentialsFlow is console application right so what i should change?Sorry if i am asking silly questions – I Love Stackoverflow Dec 22 '17 at 13:36
  • I’m doing this from a mobile phone so i don’t have the opportunity to download and debug the code. – Robbert Draaisma Dec 22 '17 at 13:42
  • @RobbertDraaisma Shall i post code of OAuth2Demo.ApiClient start up.cs because my angular js client is calling api of OAuth2Demo.ApiClient project only – I Love Stackoverflow Dec 22 '17 at 13:48

2 Answers2

1

I downloaded the solution and I can confirm you need to make sure to run the OAuth2Demo.IdentityServer project, you can actually start it up and navigate to https://localhost:44305/admin/ to see the admin environment of identityserver. It apperantly also needs a sql connection to store configuration information, I didn't dig into those details but with the OAuth2Demo.IdentityServer running the other projects can also be started.

Robbert Draaisma
  • 463
  • 4
  • 14
  • Upvoted for your kind efforts towards helping me.First i ran OAuth2Demo.IdentityServer project and then i ran OAuth2Demo.ApiClient project but it is throwing same error as mention in my 1st screenshot. – I Love Stackoverflow Dec 25 '17 at 09:42
0

My suggestion is to get the things done one by one.

From your screens I see that on the first you are trying to reach IDS at localhost:44305, and on the second screen, you are trying to reach it at localhost:5000. It will be a good thing to set it as a constant value ( right click on your Identity Server project ->Properties->Debug->Web Server Settings->App URL) and then use this value through all of your clients.

Then - enable Identity Server logging - check here. You can extend this example - serilog basic configurations. So far logging has saved me many times, so I can say that it is really important. Make sure that the App pool account, running the application has the rights to create files, where you want them to be created.

Now the real problem:

Lets assume that you select localhost:5000 as url for your IDS.

First of all start (debug) only the Identity Server project. This should take you to localhost:5000 and you will see a welcome message from Identity Server 4.

If you see it, this means that your IDS is working. This also means that you will be able to access the Discovery Document - the one thing that is failing in your clients. Now its about time to setup your clients.

If not, this means that there is something wrong with your Identity Server instance, and that is the place to dig.

First thing I'll do is to check the logs. They will say what the problem is.

Then - I figure out that you are trying to use custom certificate for this (correct me if I've misunderstood). Why don't you try using the Developer Signing Credential (check the ConfigureServices of Startup.cs) at least for starting it up.

Later on, if you decide to use your custom certificate, have in mind that the user, that is running the IDS application (by user I mean the application pool user) should have at least read privileges over the certificate (I guess that you've seen that in the article you have provided).

Do all these, and let's see what progress you will have, but most important - enable the logging.

m3n7alsnak3
  • 3,026
  • 1
  • 15
  • 24