Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System.UnauthorizedAccessException is thrown when trying to log in #5

Open
gisek opened this issue Sep 24, 2015 · 2 comments
Open

System.UnauthorizedAccessException is thrown when trying to log in #5

gisek opened this issue Sep 24, 2015 · 2 comments
Assignees
@Xacron
Labels
question

Comments

@gisek
Copy link

gisek commented Sep 24, 2015

I gave a try to your solution, but it seems not to work on Azure. Actually neither does it work locally unless I ran VS as admin.

I get an error when I click "Grant" button in popup window from ImplicitGrantClient2 (running ImplicitGrantClient2 , AuthorizationServer, ResourceServer2):

System.UnauthorizedAccessException
Access to the path 'C:\WINDOWS\TEMP' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) 
at System.IO.FileSystemEnumerableIterator<TSource>.CommonInit() 
at System.IO.FileSystemEnumerableIterator<TSource>..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler<TSource> resultHandler, Boolean checkHost)
at System.IO.DirectoryInfo.EnumerateFileSystemInfos(String searchPattern, SearchOption searchOption) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.<GetAllElementsCore>d__15.MoveNext() 
at System.Collections.Generic.List<T>..ctor(IEnumerable<T> collection) 
at System.Linq.Enumerable.ToList<TSource>(IEnumerable<TSource> source) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.GetAllElements() 
at Microsoft.AspNet.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNet.DataProtection.KeyManagement.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRing() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)

I guess the problem is the default value for:

OAuthAuthorizationServerOptions.TokenDataProtector

Set here:

OAuthAuthorizationServerMiddleware

In this line:

Options.TokenDataProtector = new DataProtectionProvider(new DirectoryInfo(Environment.GetEnvironmentVariable("Temp", EnvironmentVariableTarget.Machine))).CreateProtector("OAuth.AspNet.AuthServer");

I'm not sure if this qualifies as a bug, but I couldn't find another implementation of IDataProtector to work with ASP.Net 5 MVC 6. Also this way I couldn't make it work on Azure.
@Xacron
Copy link
Member

Xacron commented Sep 25, 2015

@gisek you are correct that this behavior is due to the default DataProtectionProvider. I believe the local admin requirement is as a result of IIS Express, when deployed to IIS you would provide your own instance of DataProtectionProvider using a directory that you have provisioned your app pools to have rights to.

I haven't tired running this solution in Azure but I can do some research to figure out how to configure ASP.NET Data Protection for that environment and get back to you.

@gisek
Copy link
Author

gisek commented Sep 25, 2015

@Xacron That would be great. Thanks.

@Xacron Xacron self-assigned this Oct 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Xacron Xacron

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gisek @Xacron