I'm using IdentityServer4 with ASP .NET Core WebAPI and I'm having issues with accessing the discovery page programmatically
var disco = await DiscoveryClient.GetAsync("https://<api>:1337");
If I host the API's (IdentityServer and the protected API) on my localhost, everything works, I don't even need to use https.... probabily it doesn't throw the ..HTTPS is required if the host's name is localhost ?
So, I began creating a self-signed certificate on server's IIS, stored it in the Personal Certificate store. But when I connect from the outside (browser) I get the error :
This site is not secure - Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID
After a bit of search and no luck finding anything, I've installed the same certificate on my laptop (so I can access the API without getting the warning). Now I'm not getting any warning and the discovery JSON is available. to be seen (from the browser)
But programmatically I still get the same error.
Error
Error connecting to https://:1337/.well-known/openid-configuration: An error occurred while sending the request.
Exception StackTrace
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at System.Net.Http.DiagnosticsHandler.<SendAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at System.Net.Http.HttpClient.<FinishSendAsyncBuffered>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityModel.Client.DiscoveryClient.<GetAsync>d__17.MoveNext()
InnerException Message:
A security error occurred
Inner Exception StackTrace
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Threading.Tasks.RendezvousAwaitable`1.GetResult()
at System.Net.Http.WinHttpHandler.<StartRequest>d__105.MoveNext()
EDIT 01 Adding the same self-signed certificate from the Server to my laptop onto the Trusted certify container works, partially.
After installing the self-signed certificate(for IIS) I've encountered another error, it was related to the self-signed certificate for the JWT signing, I had to assign rights to my domain user behind the application pool (not ApplicationPoolIdentity) for Read/Write on the certificate. I've done this through MMC