Problem with ASP.NET Core Identity with Docker

Radzen Blazor Studio
1

Hello everyone,
I have a problem with Docker that I don't encounter locally with an application I made with Radzen Blazor Studio, to see if the problem came from my application I redid a basic application with the following options:

  • Blazor Web Application in .Net 8
  • PostgreSQL database
  • Security: ASP.NET Core Identity

I added the DockerFile and the same network as my database in Docker in the launchSettings.json.

On the first launch with docker, I got these warnings and this error:

warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
      Using an in-memory repository. Keys will not be persisted to storage.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
      Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.

...

info: System.Net.Http.HttpClient.TestIDRadzen2.ClientHandler[100]
      Sending HTTP request POST https://localhost:32789/Account/CurrentUser
fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
      An exception was thrown while deserializing the token.
      Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
       ---> System.Security.Cryptography.CryptographicException: The key {a68f1806-272b-4b3c-881c-21d08e1e27d4} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

So I added a DataProtection table like this:

dotnet build
dotnet ef migrations add DataProtectionKeys --context TestIDRadzenModelContext
dotnet ef database update --context TestIDRadzenModelContext

I imported via Nugget the package: Microsoft.AspNetCore.DataProtection.EntityFrameworkCore
In my program.cs, after the Context declaration, I added this line:
builder.Services.AddDataProtection().PersistKeysToDbContext<TestIDRadzenModelContext>();
Then in the context, I added the IDataProtectionKeyContext interface and the following code:

public partial class TestIDRadzenModelContext : DbContext, IDataProtectionKeyContext
{
    //Generated code
    public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
    //Generated code
}

Here's the data I have in my table DataProtectionKeys:

Id: 2
FriendlyName: "key-688712eb-5084-42b4-8e57-0f934d235509"
Xml: "<key id=""688712eb-5084-42b4-8e57-0f934d235509"" version=""1""><creationDate>2024-08-30T12:10:38.4645955Z</creationDate><activationDate>2024-08-30T12:10:38.3641124Z</activationDate><expirationDate>2024-11-28T12:10:38.3641124Z</expirationDate><descriptor deserializerType=""Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=8.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60""><descriptor><encryption algorithm=""AES_256_CBC"" /><validation algorithm=""HMACSHA256"" /><masterKey p4:requiresEncryption=""true"" xmlns:p4=""http://schemas.asp.net/2015/03/dataProtection""><!-- Warning: the key below is in an unencrypted form. --><value>dGuJBqIgN0mlCxPcSy4T9G6EtClRflcuEj9lOrzW8TJwni8aUUnq7eWABZ47VoI4ylMGiK2X2gDbaeNWAmCRhg==</value></masterKey></descriptor></descriptor></key>"

Don't worry about double “” it's a copy/paste problem.

Now I have no more errors and warnings, but I still can't authenticate myself.
I tried to follow what was in this topic but it did not help me :

I've tried to describe my problem in as much detail as possible. And to put everything I'd added compared to the basic version generated by Radzen. If you need more information, don't hesitate to ask.

Thanks in advance to anyone who can help me.

2

Unfortunately I see this problem for the first time and don't know what could be causing it. We have been using a similar setup in production for year and a half now (ASP.NET Identity security in Radzen Blazor Studio created app hosted in docker) so there isn't a generic Docker incompatibility.

You can check the following threads as well:

3

Hello,
I've added the following lines as in your first link:

  1. Remove the [HttpPost] attribute from the CurrentUser method in AccountController.cs
  2. Change the request method in SecurityService.GetAuthenticationStateAsync to HttpMethod.Get
  3. Test again with this change

I went to https://localhost:32807/Account/CurrentUser and I'm logged in:

{
  "isAuthenticated": true,
  "name": "admin",
  "claims": [
    {
      "type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
      "value": "2a5c0d02-50c8-45f5-8175-1ad8a224162e"
    },
    {
      "type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "value": "admin"
    },
    {
      "type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "value": "admin"
    },
    {
      "type": "AspNet.Identity.SecurityStamp",
      "value": "724a87b3-f1b8-4bbd-8e56-0752f60f8ddf"
    },
    {
      "type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "value": "admin"
    },
    {
      "type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "value": "admin"
    }
  ]
}

I also put a breakpoint in the App.razor to go to the HttpContext and look at: ClaimsPrincipal User. Here too I'm identified. So why do I go back to the login page every time?
Do you have any project sources with ASP.NET Core Identity that work with Docker?
Thank you for your time

4

Check if HTTPS redirection works as expected. Sometimes this is the problem.

The one we are using in production doesn't have any modifications from the default template.