Login returns 500 status code

I’m submitting a…

[ ] Regression (a behavior that topped working in a new release)
[ x ] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

Registering or logging in with a (or maybe it is just my) Microsoft Account will lead to a 500 error.

Expected behavior

I should be able to login with my Microsoft account.

Minimal reproduction of the problem

Login or register. Setup via Docker. First time running Squidex, so caching should not be the main problem (see others-section)

Environment

Windows

  • [ x ] Self hosted with version docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Browser:

  • [ x ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ x ] Edge

Others:
My e-mail address includes a period in it. But it looks more like some accesstoken error?
Stacktrace:

{
  "logLevel": "Error",
  "message": "Connection id \"0HLGCA78NFKNI\", Request id \"0HLGCA78NFKNI:00000006\": An unhandled exception was thrown by the application.",
  "eventId": {
    "id": 13,
    "name": "ApplicationError"
  },
  "connectionId": "0HLGCA78NFKNI",
  "traceIdentifier": "0HLGCA78NFKNI:00000006",
  "exception": {
    "type": "Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException",
    "message": "Der Schlüsselsatz ist nicht vorhanden",
    "stackTrace": "   at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)\r\n   at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)\r\n   at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)\r\n   at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()\r\n   at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)\r\n   at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey()\r\n   at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus()\r\n   at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures)\r\n   at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)\r\n   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateEncodedSignature(String input, SigningCredentials signingCredentials)\r\n   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)\r\n   at IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Services\\DefaultTokenCreationService.cs:line 209\r\n   at IdentityServer4.Services.DefaultTokenCreationService.CreateTokenAsync(Token token) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Services\\DefaultTokenCreationService.cs:line 67\r\n   at IdentityServer4.Services.DefaultTokenService.CreateSecurityTokenAsync(Token token) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Services\\DefaultTokenService.cs:line 210\r\n   at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, String authorizationCode) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\ResponseHandling\\AuthorizeResponseGenerator.cs:line 157\r\n   at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateResponseAsync(ValidatedAuthorizeRequest request) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\ResponseHandling\\AuthorizeResponseGenerator.cs:line 81\r\n   at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Endpoints\\AuthorizeEndpointBase.cs:line 99\r\n   at IdentityServer4.Endpoints.AuthorizeCallbackEndpoint.ProcessAsync(HttpContext context) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Endpoints\\AuthorizeCallbackEndpoint.cs:line 59\r\n   at IdentityServer4.Endpoints.AuthorizeCallbackEndpoint.ProcessAsync(HttpContext context) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Endpoints\\AuthorizeCallbackEndpoint.cs:line 69\r\n   at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter
router, IUserSession session, IEventService events) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Hosting\\IdentityServerMiddleware.cs:line 54\r\n   at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Hosting\\IdentityServerMiddleware.cs:line 69\r\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\r\n   at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)\r\n   at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in C:\\local\\identity\\server4\\IdentityServer4\\src\\IdentityServer4\\Hosting\\BaseUrlMiddleware.cs:line 36\r\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)\r\n   at Squidex.Pipeline.RequestLogPerformanceMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\\Squidex\\squidex\\src\\Squidex\\Pipeline\\RequestLogPerformanceMiddleware.cs:line 33\r\n   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at Squidex.Pipeline.EnforceHttpsMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\\Squidex\\squidex\\src\\Squidex\\Pipeline\\EnforceHttpsMiddleware.cs:line 29\r\n   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)\r\n   at Squidex.Pipeline.LocalCacheMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\\Squidex\\squidex\\src\\Squidex\\Pipeline\\LocalCacheMiddleware.cs:line 30\r\n
  at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)"
  },
  "app": {
    "name": "Squidex",
    "version": "1.0.0.0",
    "sessionId": "13f373e4-43d3-4841-9789-c862c2271abf"
  },
  "web": {
    "requestId": "259bcf41-104d-4f1f-93e5-0a35c43ff949",
    "requestPath": "/identity-server/connect/authorize/callback",
    "requestMethod": "GET"
  },
  "timestamp": "2018-08-27T19:28:12.6926692Z",
  "category": "Microsoft.AspNetCore.Server.Kestrel"
}

Thank you. Have never seen it before and have to test it out.

I cannot reproduce it, have you changed something else?

Hi Sebastian,

sorry for the late response. I was on holiday the last couple of days and hadn’t the chance to answer.

I did not change anything. Forked the project, setup Docker and ran the npm and dotnet. The account used is a normal outlook account, or at least it should be one.

I will try another account, as well as gmail and trying to add a new user in the database.

Hi Sebastian,

so I retried logging in via two different Microsoft-Accounts (Outlook and Hotmail) and Gmail with a clean fork of the squidex project. Unfortunately I still get the same error. So maybe I’m missing a step in the setup? Even though I followed it as it’s available in the documentation…

Also I’ll change the title of this thread, since it’s not only related to a Microsoft-Account

Update:
I googled the error message and explicly for Identity Server. Turns out this is a rights problem with Identity Server. Running it without administrator rights the app is not able to read a certificate. Running it as a administrator works.

Are you running it with Kestrel or IIS Express and which port?

I also found it: It is a kestrel only problem: https://github.com/IdentityServer/IdentityServer4/issues/77

But it is very strange because the certificate is embedded.

Exactly, I’m using Kestrel on the standard ports 5000 and 5001 (for https). I’ll check the access rights of the folder and it’s files. Since I haven’t touched the access rights, it might have to do something with how I cloned my fork? I’ll have to test it out.