Newbie - Error logging in


#1

I have…

  • [ X] Checked the logs and have provided the logs if I found something suspicious there

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [ ] Bug report
  • [ ] Performance issue
  • [ ] Documentation issue or request

Current behavior

I have followed the instructions to setup in IIS. Login to Squidex appears but when I click this, I get a popup with the following exception;
An unhandled exception occurred while processing the request.
WindowsCryptographicException: Keyset does not exist

Here’s the full error from the log:

Thanks in advance for any help

Mike

“exception”: {
“type”: “Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException”,
“message”: “Keyset does not exist”,
“stackTrace”: " at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)\r\n at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)\r\n at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng)\r\n at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()\r\n at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)\r\n at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey()\r\n at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus()\r\n at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider…ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures)\r\n at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)\r\n at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)\r\n at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)\r\n at IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt)\r\n at IdentityServer4.Services.DefaultTokenCreationService.CreateTokenAsync(Token token)\r\n at IdentityServer4.Services.DefaultTokenService.CreateSecurityTokenAsync(Token token)\r\n at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, String authorizationCode)\r\n at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateResponseAsync(ValidatedAuthorizeRequest request)\r\n at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent)\r\n at IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context)\r\n at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events)\r\n at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events)\r\n at IdentityServer4.Hosting.MutualTlsTokenEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes)\r\n at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\r\n at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context)\r\n at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)"

Expected behavior

Minimal reproduction of the problem

Environment

  • [ ] Self hosted with docker
  • [X ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: [VERSION]

Browser:

  • [X ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Others:


#2

I have never seen it before. When I googled for it, I only found permission issues. Might be worth to try to run Squidex in IIS with more permissions.


#3

Hi Sebastian,

Thanks, you were quite right. I upped the App pool identity to LocalSystem, just to test and the error has gone away. I’ll play around with some of the other identities as LocalSystem gives out too much privilege.

Thanks

Mike