Getting error for identity server when hosting on azure and accessing /orleans

I have…

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [x] Bug report
  • [ ] Performance issue
  • [ ] Documentation issue or request

Current behavior

I am hosting squidex on azure app service following the guidelines in the docs, (although my mongodb cluster is not hosted in a container it is able to connect fine). The healthcheck api is reporting everything healthy.

Everything is working fine except the /orleans page, when accessed directly or via the administration page at /app/administration/cluster.
The orleans admin page return a status code 500. I have enabled logs and the following is visible in the logs for that requests - it would appear it cannot access the identity server well-known API. I have checked and that API is working and publicly available at the url listed in the error log.

Any ideas why just this url is not working (everything else works fine), or why the app cannot request it’s own identity server API for just that URL?
The identity server url in the error logs is https://REDACTED-appsvc.azurewebsites.net/identity-server/.well-known/openid-configuration but note that I have redacted the bit that gives away the actual URL as this is a public forum.

 
2020-12-23T14:40:32.153396937Z {
2020-12-23T14:40:32.153445640Z   "logLevel": "Error",
2020-12-23T14:40:32.153452441Z   "message": "An unexpected exception has occurred.",
2020-12-23T14:40:32.153457941Z   "app": {
2020-12-23T14:40:32.153462741Z     "name": "Squidex",
2020-12-23T14:40:32.153467742Z     "version": "5.3.0.0",
2020-12-23T14:40:32.153472442Z     "sessionId": "6d0eedac-702f-4ca4-88ea-cc963a4f4f3a"
2020-12-23T14:40:32.153477442Z   },
2020-12-23T14:40:32.153482043Z   "web": {
2020-12-23T14:40:32.159597431Z     "requestId": "|ebd36935-4c586f1d5566296d.1.fea5204c_",
2020-12-23T14:40:32.159639934Z     "requestPath": "/orleans",
2020-12-23T14:40:32.159647234Z     "requestMethod": "GET"
2020-12-23T14:40:32.159652335Z   },
2020-12-23T14:40:32.159656935Z   "timestamp": "2020-12-23T14:40:32Z",
2020-12-23T14:40:32.159661935Z   "exception": {
2020-12-23T14:40:32.159666436Z     "type": "System.InvalidOperationException",
2020-12-23T14:40:32.159681837Z     "message": "IDX20803: Unable to obtain configuration from: \u0027https://REDACTED-appsvc.azurewebsites.net/identity-server/.well-known/openid-configuration\u0027.",
2020-12-23T14:40:32.161375744Z     "stackTrace": "   at Microsoft.IdentityModel.Protocols.ConfigurationManager\u00601.GetConfigurationAsync(CancellationToken cancel)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationHandler\u00601.ChallengeAsync(AuthenticationProperties properties)\n   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)\n   at Squidex.Areas.OrleansDashboard.Middlewares.OrleansDashboardAuthenticationMiddleware.InvokeAsync(HttpContext context) in /src/src/Squidex/Areas/OrleansDashboard/Middlewares/OrleansDashboardAuthenticationMiddleware.cs:line 47\n   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\n   at Squidex.Web.Pipeline.LocalCacheMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in /src/src/Squidex.Web/Pipeline/LocalCacheMiddleware.cs:line 30\n   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.\u003C\u003Ec__DisplayClass5_1.\u003C\u003CUseMiddlewareInterface\u003Eb__1\u003Ed.MoveNext()\n--- End of stack trace from previous location where exception was thrown ---\n   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)\n   at Squidex.Web.Pipeline.UsageMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in /src/src/Squidex.Web/Pipeline/UsageMiddleware.cs:line 46\n   at Squidex.Web.Pipeline.UsageMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in /src/src/Squidex.Web/Pipeline/UsageMiddleware.cs:line 89\n   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.\u003C\u003Ec__DisplayClass5_1.\u003C\u003CUseMiddlewareInterface\u003Eb__1\u003Ed.MoveNext()\n--- End of stack trace from previous location where exception was thrown ---\n   at Squidex.Web.Pipeline.RequestLogPerformanceMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in /src/src/Squidex.Web/Pipeline/RequestLogPerformanceMiddleware.cs:line 40\n   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.\u003C\u003Ec__DisplayClass5_1.\u003C\u003CUseMiddlewareInterface\u003Eb__1\u003Ed.MoveNext()\n--- End of stack trace from previous location where exception was thrown ---\n   at Squidex.Web.Pipeline.RequestExceptionMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in /src/src/Squidex.Web/Pipeline/RequestExceptionMiddleware.cs:line 49"
2020-12-23T14:40:32.161412247Z   }
2020-12-23T14:40:32.161416947Z }
2020-12-23T14:40:32.161463550Z 

Version: 5.3.0.0

The problem is that squidex needs to make a request to itself I think and this is tricky (from the orleans part to the identity-server part) and sometimes this process fails because of firewall rules and stuff like this. But it is only under /orleans.

Perhaps it is possible to use the identity server only when an external server is used and otherwise use cookie authentication or so. Not sure.

1 Like

Thanks - this helped me solve it, reminded me that there was a firewall rule deployed that would block the app from requesting itself.

1 Like

I experienced this problem too.

My problem was that I hadn’t installed and configured my TLS certificates properly.

I use AKS so for me the following helped:

1 Like