VS2022, Dotnet Core 6 with Angular template publishing

Question

question

YitongPhou-7639 asked Mar 31, '22 YitongPhou-7639 commented Apr 15, '22

VS2022, Dotnet Core 6 with Angular template publishing

Please bare with me....

I have windows 11 installed on my computer. I have created a project (Dotnet core 6 with Angular and SQLEXPRESS) with authentication type = individual accounts. The project is for Dotnet 6 and x64. There is no changes after the project created except that I have to add 'defaultconnections' to the appsetting.json file.

It is compiled and works well in the development session. Then I released/published it to IIS real website. I found out that the app isn't working in IIS (It says localhost can't currently handle this request.
HTTP ERROR 500)
Note: I did install dot net core 6 run time on my machine.

Any suggestion?

If I created a project with no 'authentication' and no seqexpress and I release it to my IIS, the web is working fine until I added SQL express.

Is there any feature that I have missed?

Thanks

dotnet-csharp windows-server-iis dotnet-aspnet-core-general

· 4

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AgaveJoe · Mar 31 at 11:08 AM

IIS Express is for development. You should have an actual production SQL server that you are connecting to. Change the connection string to the production SQL server.

0 ·

YitongPhou-7639 AgaveJoe · Apr 01 at 07:55 AM

I don't it is the issue. I used localDB and it still doesn't work. You should try to create the app and then release the code to IIS - IT DOESN'T WORK.:)

0 ·

Bruce-SqlWork YitongPhou-7639 · Apr 01 at 03:11 PM

Most likely your app can not connect to the sql server. What do you error logs say? If you failed to implement error logging, just enable developer error page, and use the browsers network tools to see the error.

0 ·

Show more comments

Answer 1 · 2022-04-01T17:53:33.13Z

YitongPhou-7639 answered Apr 1, '22

Category: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware
EventId: 1
SpanId: bc02c1561a355d75
TraceId: 0bc3d4215ab66b43f8099c0011e8480e
ParentId: 0000000000000000
ConnectionId: 0HMGJJN6OJ3JM
RequestId: 0HMGJJN6OJ3JM:00000002
RequestPath: /_configuration/WebAngkorLar

An unhandled exception has occurred while executing the request.

Exception:
System.InvalidOperationException: No service for type 'Duende.IdentityServer.Stores.ISigningCredentialStore' has been registered.
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(MessageReceivedContext messageReceivedContext)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 2 · 2022-04-01T18:49:30.247Z

AgaveJoe answered Apr 1, '22 YitongPhou-7639 commented Apr 8, '22

I don't it is the issue. I used localDB and it still doesn't work. You should try to create the app and then release the code to IIS - IT DOESN'T WORK.:)

The default connection string uses a trusted connection which is a windows integrated security. When you run the application from Visual Studio the host is running under your account which is most likely and administrator. When the application is hosted in IIS the application is running under the application pool account which does not have access to SQL or at least a login.

Application Pool Identities

If the login is the actual problem, I'm guessing, then you have to decide how you want SQL security to work. If you want to stick with a trusted connection then you should create a service account with limited access or you can use one of the existing service accounts like LocalService. In IIS Manager find the application pool for you web app and go to advanced settings... (right click). Find the "Identity" property and select Local Service or add your service account. Use Network Service if the DB is remote or a domain account with appropriate access.

Next, in SQL server create the windows login. Replace Local Service with your service account or use Local Service

CREATE LOGIN [NT AUTHORITY\Local Service] FROM WINDOWS;

In SSMS open the security folder and double click NT AUTHORITY\Local Service. From here you can grant access read/write access to your database. In "User Mappings" select the DB and select dv_datareader and db_datawriter or whatever you need.

If you go with a SQL account then you must create the login in SQL, grant read/write access, and update the connection string to include the user and password in the appsetting.json file rather than updating the application pool settings.

· 4

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YitongPhou-7639 · Apr 01 at 07:32 PM

I am using SA account to access the database.
Data Source=localhost\\sqlexpress; Initial Catalog=xxxxxxxx; User ID=sa;password=xxxxxxxxxx; MultipleActiveResultSets=True;

The database security is to Sql server or Windows Authentication mode (see picture)

0 ·

screenshot-2022-04-01-122823.png (50.7 KiB)

screenshot-2022-04-01-123054.png (38.6 KiB)

BruceZhang-MSFT YitongPhou-7639 · Apr 05 at 02:53 AM

Hi @YitongPhou-7639 ,

Does the SQLExpress and IIS on same server machine? Only when they on same machine can you use LocalDB in connection string.

If you use localDB, there's no need add UserID and password in connection string. Both IIS and SQL accept windows user account to login. So you should add IIS APPPOOL\pool name to SQL login name. Expand Security and then expand Logins. Right-click on the Logins folder and select New Login. Then add app pool and NT AUTHORITY\SYSTEM to it.

0 ·

YitongPhou-7639 BruceZhang-MSFT · Apr 05 at 03:51 AM

Yes, they are in the same machine. The connection strings is working with dotnet core 5 - same database. This will rule out your concern about database connetivity.

Thanks.

0 ·

YitongPhou-7639 BruceZhang-MSFT · Apr 08 at 04:21 AM

Question to Msft support guru for dotnet core 6 with angular front end: Am I missing any thing or are there any requirements to publish or deploy the app to IIS (the app generated from template)?
Is there any documentation how to it?
or
It is simply NOT WORKING or BROKEN?

Based up the error message I got in the eventviewer
"Duende.IdentityServer.Stores.ISigningCredentialStore"...

It seems that the app choke on 'Duende' Identity server, the middleware.

However, I just got its license key and put it in and the app is still not working.

Is there any one run into this issue?

0 ·

Answer 3 · 2022-04-14T16:56:55.38Z

Bruce-SqlWork answered Apr 14, '22 YitongPhou-7639 commented Apr 15, '22

the error indicates you did not configure a valid credentials store. to encrypt cookies and tokens, asp.net core needs an encryption key (machine key on classic asp.net). this is generated at runtime and saved in the store for future use.

the credentials store is supported via Data Protection Services and it requires a secrets store. on your dev box, the developers secrets store is used (an unencrypted filesystem store). now when you go to production, you need to use one that matches your requirements. if its a webfarm (more than one server) than you need to use a shared store.

https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-6.0

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YitongPhou-7639 · Apr 15 at 09:42 AM

It says " No service for type 'Duende.IdentityServer.Stores.ISigningCredentialStore' has been registered". I believed it is from Duende Identity Server. However, I did have the Duende community license key and I plug it in per their document and it is still not working.

Note: any documents are very good but it is hard to follow since there is no example available. If they do, probably it is just a couple of lines.

Have you seen any one is successful to publish it to production?
To complicate the issue, what happen if it is not windows enviroment?
What happen if it is use as INTRANET only?

How does it work?

But for now, I would like to publish it as it is original code generated from the msft template.

Thanks.

0 ·

question