×

days ago.

Ritter Insurance Marketing is sponsoring VueConf ...

Kevin Hougasian

We’ve accomplished so much this year thanks to @VueJS that we wanted to give back to the Vue community in some way. Ritter IM is sponsor...

VueJS

Read now

days ago.

How To Make Golden Fried Rice

Cheng Yang

Egg Fried Rice is a homey dish in China. In this post, I am going to show you my method to make this simple, quick, and delicious dish. E...

Food chinese cuisine

Read now

days ago.

Export CSV Table of All Azure Web Apps Configurat...

Ken Dale

At Ritter Insurance Marketing we utilize Azure Web Apps for hosting many of our web applications. Azure Web Apps is a platform as a servi...

Azure Configuration OSS

Read now

days ago.

Global State versus Component State

Jaime Jones

State management, Redux, Vuex… whatever you want to call it or whatever flavor you use, people have a lot of opinions about it. I’ve writ...

JavaScript Vue

Read now

days ago.

The Key to the Vue v-for

Jaime Jones

If you’re familiar with Vue at all, you’re probably familiar with the v-for. And if you’ve used any other front end frameworks, they each...

JavaScript Vue

Read now

days ago.

No Compression Leads To Bad Impression

Thomas Sobieck

Do you want to save 80% of your bandwidth to your search provider? Do you want to deliver content to your users faster? With this one tr...

Development Elasticsearch Debugging

Read now

days ago.

Using Environment Variables with Jekyll, Vue.js, ...

John Vicari

We operate in a typical QA -> Production workflow on both our front-end and back-end teams. So, what happnes when your front-end is in...

Development JavaScript Dev Ops Vue Vue.js Jekyll

Read now

days ago.

Using Sass Maps to Extend Bootstrap

Kevin Hougasian

If you’re not familiar, or just haven’t used Sass maps, here’s your chance to dive in. Our latest static site was built on Jekyll using ...

sass

Read now

days ago.

JavaScript Array Cloning: Objects vs Primitives

Andrew Rady

In JavaScript, we are always working with different data types to send to the API or display on the UI. Cloning and altering that clone i...

JavaScript

Read now

days ago.

C# Inheritance Errors You Could Miss

Khalid Abuhakmeh

C# being an Object Oriented Programming (OOP) language, we have access to inheritance. Like any feature of a programming language, you sh...

csharp bugs

Read now

days ago.

Working With Nested Aggregates Using NEST and Ela...

Khalid Abuhakmeh

We love the combination of SQL and Elasticsearch and believe it is a winning combination for anyone building a modern application. Elasti...

Elasticsearch NEST C#

Read now

days ago.

How To Check For Nulls In C# a.k.a. How To Thwart...

Khalid Abuhakmeh

I’ve been watching [DotNetConf][dotnetconf] videos over the weekend, and was most curious about [Mads Torgersen’s][mads] [“What’s Coming ...

c-sharp C# .NET

Read now

days ago.

Debugging Hugo Site Data and Page Variables

Khalid Abuhakmeh

Hugo is an amazing static site generator, but getting lost when templating is easier than we’d like. We’ve found a way to evaluate variab...

Hugo JAMStack Static

Read now

days ago.

Using .NET Core, Tuple Deconstruction, and NPoco ...

Khalid Abuhakmeh

Regardless of your opinion on Object Relational Mappers (ORM), I think they are a great tool for prototyping ideas. Over time, they can l...

.net core sql

Read now

days ago.

Querying Json Recursively in Azure SQL Database

Kevin Ricords

Dealing with JSON data in SQL Database introduces several challenges. This post addresses querying json data stored in SQL Database that...

SQL Azure Database development

Read now

days ago.

Does A Property Exist On My C# Object

Khalid Abuhakmeh

We are in the middle of writing a template engine to define dynamic forms. The user interface can only post to a known model on the serve...

C# development

Read now

days ago.

Install Hugo (Extended) Latest With Shell Script ...

Khalid Abuhakmeh

We are living on the bleeding edge that is Hugo’s release cycle. To keep our macOS development environments up to date we wrote this shel...

development

Read now

days ago.

Building A Site Using The Latest Hugo on AppVeyor

Khalid Abuhakmeh

Hugo recently released an amazing asset pipeline, which means you need less external dependencies to build a sweet static site. To take a...

dev build

Read now

days ago.

IE Still Breaking Promises... Literally

John Vicari

I could probably rant and rave about Internet Explorer (IE) for a couple of hours, reminiscing about busted box models, janky IE specific...

IE Development JavaScript

Read now

days ago.

Random Vue Tips

Chidozie Oragwu

Vue has been a delightful framework to work with. The first thing I noticed about it was how easy to follow the documentation was and how...

Vue Development JavaScript

Read now

Windows Azure, IdentityServer3, and Valid Issuers

Written by Khalid Abuhakmeh |Bill Boga |Ken Dale

2

This post is days old.

At Ritter Insurance Marketing, we utilize IdentityServer3 for our authentication mechanism. It has been almost a year of hosting in Windows Azure with great success. While it has been a positive experience, but there has been one frustrating issue. Unpredictably, our authentication system would break, leaving our applications inaccessible. We started noticing a specific exception in our error log when these events would occur:

System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException

IDX10205: Issuer validation failed. Issuer: 'https://auth.ritterim.com/identity'.  \
Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: \
'https://auth.ritterim.com/, https://rim-auth-east.azurewebsites.net/identity'.

We have noticed that the Issuer url value being provided by an authentication request changes randomly in Windows Azure. The unknown bug causes our applications to break. While the change is random, the expected issuer urls are not. We have narrowed it down to these known variations.

https://{custom domain name}.com
https://{custom domain name}.com/identity
https://{azure app name}.azurewebsites.net
https://{azure app name}.azurewebsites.net/identity

To setup the valid issuers for IdentityServer3, we just use the APIs provided by the library.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    // other settings...
    TokenValidationParameters = new TokenValidationParameters()
    {
        AuthenticationType = "Cookies",
        // a comma seperated list of urls
        ValidIssuers = config.ValidIssuers
    }
    // other settings...
});

We hope we’ve found all the variations, and for the last several weeks our authentication has become a lot more stable. I hope this helps anyone experiencing issues with IdentityServer3 and Windows Azure.

Published Jan 16, 2016 by

Director of Software Development

Senior Software Developer

Senior Application Developer

Security

Suggested reading

Comments