days ago.

Avoid the Duplicate AppVeyor Publish: Deploying O...

Ken Dale

Sometimes it’s useful to ensure a project works with multiple versions of runtimes. In the following example, multiple versions of Node.j...

AppVeyor

Read now

days ago.

Making a Web Request After an AppVeyor Deployment...

Ken Dale

For ASP.NET applications it can be useful to make a request to an application immediately after deployment to bring the application onlin...

AppVeyor

Read now

days ago.

My Current GitHub Command Line Workflow

Ken Dale

https://xkcd.com/1597/ While I generally don’t do that, here’s what I currently do: Setting up a repository locally Using Stuntman as...

GitHub

Read now

days ago.

.NET Fringe Portland Oregon 2017 With RIMdev

Khalid Abuhakmeh

As a team empowered by .NET open source, we’ve always been sensitive to the people, projects, and conferences that make the .NET communit...

conference oss team

Read now

days ago.

Khalid's Initial Thoughts On Vue.js

Khalid Abuhakmeh

The RIMdev team composition is a unique blend of disciplines forged in the crucible of time. We have backend developers, frontend develop...

Vue.js JavaScript frontend clientside

Read now

days ago.

Publishing npm Packages to MyGet Using AppVeyor

Ken Dale

Previously, I wrote about Publishing to npm Using AppVeyor. This is a similar post, but specifically geared toward publishing an npm pack...

AppVeyor npm MyGet

Read now

days ago.

Secure Global Stuntman Users With Windows Azure B...

Khalid Abuhakmeh

Stuntman is an open source library we developed at RIMdev to make testing user scenarios easier during development time. There are times ...

Windows Azure Azure Stuntman OSS

Read now

days ago.

A Double-Click Experience for Running Jekyll on W...

Ken Dale

Typically, running a Jekyll site locally for the first time requires a basic knowledge of using the command line. It usually involves a f...

jekyll

Read now

days ago.

Adding Mermaid To RIMdev.io

Khalid Abuhakmeh

A picture is worth a thousand words, so I assume a diagram is worth a billion words. Expressing our ideas is important and our blog is an...

Jekyll

Read now

days ago.

What Is A Renaissance And What Does It Have To Do...

Khalid Abuhakmeh

Before claiming we are in a Renaissance or that it is time for one, we should take the time to understand the meaning of the word and its...

.NET Community OSS

Read now

days ago.

Publishing to npm Using AppVeyor

Ken Dale

AppVeyor does not currently provide built-in support for publishing to npm (at least, currently). Instead, we can provide the npm token a...

AppVeyor npm

Read now

days ago.

The Component Life: Creating Reusable Web Components

Nathan White

At RimDev we’re trying to rethink the way we build our frontend. We have so many properties with common functionality, and it was startin...

Web components JavaScript

Read now

days ago.

Get Current Route Name From ASP.NET Web API Request

Khalid Abuhakmeh

At RIMdev, we are attempting to layer Hypermedia concepts into our APIs. One of these concepts is to have a collection of links to relate...

Web API ASP.NET

Read now

days ago.

Using Stuntman with ASP.NET MVC Video

Khalid Abuhakmeh

Transcript Hello my name is Khalid Abuhakmeh and in this video I’ll be presenting an ASP.NET OWIN middleware library designed to eas...

video stuntman OSS

Read now

days ago.

Creating SQL Server Express LocalDb v11, v12, v13...

Ken Dale

Here’s some copy-pastable commands for creating SQL Server Express LocalDb instances: "C:\Program Files\Microsoft SQL Server\110\Tool...

LocalDb

Read now

days ago.

Under the Decision Tree (#16)

Scott Schwalm

Welcome back for another edition of Under the Decision Tree. Our weekly selection of machine learning articles, podcasts, conferences, a...

Machine Learning

Read now

days ago.

The RIMdev logo story or a tale of 2 knights

Kevin Hougasian

One of my early challenges at RIMdev was to create a RIMdev logo. Something that worked with the existing RitterIM knight, but also let u...

RIMdev Team Design

Read now

days ago.

The Mouse Is Not My Friend

Chad Peters

Rather than enjoying some R&R during our recent holiday vacation, I worked on a small side project and was rewarded with an aching ri...

Development

Read now

days ago.

Under the Decision Tree (#15)

Scott Schwalm

Welcome back for another edition of Under the Decision Tree. Our weekly selection of machine learning articles, podcasts, conferences, a...

Machine Learning

Read now

days ago.

Design Dilemma: Windows Azure Management, Jekyll,...

Khalid Abuhakmeh

We are all in when it comes to static site generation. With [Windows Azure][azure] [GitHub][github] integration, it has never been easier...

question architecture jekyll

Read now

Windows Azure, IdentityServer3, and Valid Issuers

Written by Khalid Abuhakmeh |Bill Boga |Ken Dale

This post is days old.

At Ritter Insurance Marketing, we utilize IdentityServer3 for our authentication mechanism. It has been almost a year of hosting in Windows Azure with great success. While it has been a positive experience, but there has been one frustrating issue. Unpredictably, our authentication system would break, leaving our applications inaccessible. We started noticing a specific exception in our error log when these events would occur:

System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException

IDX10205: Issuer validation failed. Issuer: 'https://auth.ritterim.com/identity'.  \
Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: \
'https://auth.ritterim.com/, https://rim-auth-east.azurewebsites.net/identity'.

We have noticed that the Issuer url value being provided by an authentication request changes randomly in Windows Azure. The unknown bug causes our applications to break. While the change is random, the expected issuer urls are not. We have narrowed it down to these known variations.

https://{custom domain name}.com
https://{custom domain name}.com/identity
https://{azure app name}.azurewebsites.net
https://{azure app name}.azurewebsites.net/identity

To setup the valid issuers for IdentityServer3, we just use the APIs provided by the library.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    // other settings...
    TokenValidationParameters = new TokenValidationParameters()
    {
        AuthenticationType = "Cookies",
        // a comma seperated list of urls
        ValidIssuers = config.ValidIssuers
    }
    // other settings...
});

We hope we’ve found all the variations, and for the last several weeks our authentication has become a lot more stable. I hope this helps anyone experiencing issues with IdentityServer3 and Windows Azure.

Published Jan 16, 2016 by