I'm developing a .Net api (netcoreapp3.1) and I'm using IONOS for hosting (.net Framework 4.x) .
Users connect to my frontend app based on firebase authentication mecanism and I send the JWT token to my api to validate the token in order to access ressources (routes) .
Token validation is working perfectly localy . But after I publish my api on IONOS, I'am getting this exception.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
More informations :
I activated
IdentityModelEventSource.ShowPII = true;
in my api to get more information about the exceptionI verified that all my config is with 'https' for token validation
API startup code :
string firebaseCredentialPath = $"firebaseCredential.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json"; FirebaseApp.Create(new AppOptions() { Credential = GoogleCredential.FromFile(firebaseCredentialPath) }); string firebaseAppId = Configuration["Firebase:FirebaseAppId"]; string firebaseAuthorityUrl = string.Format(Configuration["Firebase:FirebaseAuthorityUrl"], firebaseAppId); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => { options.Authority = firebaseAuthorityUrl; options.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = firebaseAuthorityUrl, ValidAudience = firebaseAppId, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, }; });
My appsetings config
"Firebase": { "FirebaseAuthorityUrl": "https://securetoken.google.com/{0}", "FirebaseAppId": "XXXXXXXX" }
Thank you in advanced.
I had the same problem, I need to implement this configuration in Ocelot Microservice.
Is possible you have used this guide: https://dominique-k.medium.com/using-firebase-jwt-tokens-in-asp-net-core-net-5-834c43d4aa00
But I noticed my problem was in the
https://securetoken.google.com/FIREBASE-APP-ID
section, I figure out that I need to take theprojectId
instead theappId
you can find in the Project Configuration and works fine:I have realized thanks to this guide