×

days ago.

Redact Elasticsearch Passwords from Microsoft Azu...

Ken Dale

We use Microsoft Azure Application Insights in our web applications. It logs tons of useful data about our applications, including web re...

.NET

Read now

days ago.

Fixing ASP.NET Core's UseStatusCodePages Middleware

Khalid Abuhakmeh

Here at RIMdev, we are unapologetic about our love for static websites. Folks, static sites are the future! That said, there are times we...

asp.net core static

Read now

days ago.

Filter Hangfire Requests from Microsoft Azure App...

Ken Dale

We use Microsoft Azure Application Insights in our web applications. It logs tons of useful data about our applications, including web re...

.NET

Read now

days ago.

IIS Rewrite Maps and Redirecting On Url Paths

Khalid Abuhakmeh

Kevin Hougasian

Bill Boga

URLs are the bridges that connect our little island of a website to the bigger continent known as the Internet. Preserving URL integrity ...

IIS Azure SEO

Read now

days ago.

Deprecating Subdomains Effectively With Windows A...

Khalid Abuhakmeh

We are in the process of deprecating many smaller subdomain app services and serving the same content through our flagship site. This pos...

Windows Azure

Read now

days ago.

Solving .NET Core Https Development Certificate I...

Chidozie Oragwu

Khalid Abuhakmeh

If you build .NET Core apps on your Mac and install https certificates to your keychain for development purposes, it’s helpful to know th...

Keychain MacOS Certificates

Read now

days ago.

Polyfills to support IE 11 and non ES6 browsers

Andrew Rady

Standard Polyfills for Front End Getting your JavaScript applications working across all browsers is challenging. If you are writing you...

JavaScript Webpack Polyfills

Read now

days ago.

Hugo Error Pages With IIS In Windows Azure

Khalid Abuhakmeh

Static site hosting is straightforward, and from our experience, less likely to have errors compared to a more dynamic site. While dynami...

Azure Static

Read now

days ago.

An Interesting Case Of .NET Performance and Caching

Khalid Abuhakmeh

Bill Boga

Several months ago, Bill Boga and I, realized there was a performance enhancement we could make in our infrastructure. We were utilizing ...

.NET Performance

Read now

days ago.

Augmenting IPrincipal when using IdentityServer a...

Bill Boga

This post covers augmenting an authenticated User for use in middleware or when using the [Authorize]-attribute in an MVC-controller. The...

ASP.NET Core IdentitySever Authentication

Read now

days ago.

Making Media Query Mixins with SASS

Ted Krueger

If you’re like me, you aspire to write clean and consistent scss. We use the power of scss for everything from nesting our selectors, cre...

SASS

Read now

days ago.

Strongly Typed Feature Flags With ASP.NET Core 2.2

Ken Dale

Feature flags can be useful for changing the runtime behavior of an application with minimal impact. Having a UI to toggle the feature fl...

.NET asp.net core

Read now

days ago.

Find Auto Generated ASP.NET Machine Key in Azure ...

Ken Dale

What is a machine key? According to https://docs.microsoft.com/en-us/dotnet/api/system.web.security.machinekey?view=netframework-4.7.2 a...

.NET asp.net

Read now

days ago.

Multi Instance ASP.NET Core 2.2 Data Protection U...

Ken Dale

We’re in the process of upgrading our infrastructure to run our Azure Web Apps in multiple datacenter locations behind Azure Traffic Mana...

.NET asp.net asp.net core

Read now

days ago.

Orchestrating Web Server Integration Tests Using npm

Ken Dale

It can be tricky to run integration tests targeting a web server using the command line. Essentially, we need to: Start the applicati...

JavaScript npm

Read now

days ago.

Making .NET Core Global Tools Work With OhMyZsh

Khalid Abuhakmeh

I was trying to get a global .NET Core tool working on my development machine, which just so happens to be running macOS. I also work wit...

.NET macOS

Read now

days ago.

Letting SASS build your utility classes

Kevin Hougasian

We’ve moved around CSS frameworks in the past few years, Semantic UI for our application layer, and Bootstrap for our static sites. As ou...

SASS

Read now

days ago.

Welcome New Hire: Getting started in Frontend at ...

Kevin Hougasian

New to the frontend at RIMdev, or looking for more about our Frontend team? Here’s a quick overview of our team, tools, and culture! As ...

Team RIMdev Frontend

Read now

days ago.

Vue Group Transitions

Andrew Rady

Simple transitions Vue.js has an extremely helpful was to handle animations in web apps. In a simple example if we want to display somet...

Vue.js JavaScript Animations

Read now

days ago.

Getting started with webpack

Chidozie Oragwu

As web applications have gotten more complex, so has the technologies used to build them. Magic can be good when all works as intended, b...

Webpack Javascript

Read now

Windows Azure, IdentityServer3, and Valid Issuers

Written by Khalid Abuhakmeh |Bill Boga |Ken Dale

2

This post is days old.

At Ritter Insurance Marketing, we utilize IdentityServer3 for our authentication mechanism. It has been almost a year of hosting in Windows Azure with great success. While it has been a positive experience, but there has been one frustrating issue. Unpredictably, our authentication system would break, leaving our applications inaccessible. We started noticing a specific exception in our error log when these events would occur:

System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException

IDX10205: Issuer validation failed. Issuer: 'https://auth.ritterim.com/identity'.  \
Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: \
'https://auth.ritterim.com/, https://rim-auth-east.azurewebsites.net/identity'.

We have noticed that the Issuer url value being provided by an authentication request changes randomly in Windows Azure. The unknown bug causes our applications to break. While the change is random, the expected issuer urls are not. We have narrowed it down to these known variations.

https://{custom domain name}.com
https://{custom domain name}.com/identity
https://{azure app name}.azurewebsites.net
https://{azure app name}.azurewebsites.net/identity

To setup the valid issuers for IdentityServer3, we just use the APIs provided by the library.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    // other settings...
    TokenValidationParameters = new TokenValidationParameters()
    {
        AuthenticationType = "Cookies",
        // a comma seperated list of urls
        ValidIssuers = config.ValidIssuers
    }
    // other settings...
});

We hope we’ve found all the variations, and for the last several weeks our authentication has become a lot more stable. I hope this helps anyone experiencing issues with IdentityServer3 and Windows Azure.

Published Jan 16, 2016 by

Director of Software Development

Senior Software Developer

Senior Application Developer

Security

Suggested reading

Comments