DataProtection | Additional utilities and support for working with ASP.NET | TLS library

I want to run my .NET MVC application into a docker image: but I'm unable to test it.

Here is my Dockerfile:

I created a docker image of my OrchardCore project. I tried to run it using the following command

I have a problem that I don't know how to resolve. I have a microservice model (based on the Volo ABP Microservice Demo) for my project, I have an API with all the methods to retrieve data, an AuthServer that acts as the authority for all my projects, and a gateway that translates the requests.

This is how I have configured my authentication in my Gateway project:

I have

1. Forked the planetaryDocs project (a sample server resident Blazor Web App),
2. Used Visual Studio 2022 to create a docker container
3. Run that docker container (via Visual Studio) and

and Visual Studio pops up a browser pointing at the web server and it seems to working fine.

When I do docker image ls I see the planetarydocs image.

I want to experiment with the docker run command line. How do I do that? I stop the Visual Studio docker container and

I have a Blazor WASM application using Identity for authentication that was working fine on Friday. Last night I went to make changes and both the application running in Azure and running locally on my machine began presenting an exception after startup. Nothing has changed in the environment or the code base between everything working fine and now.

The app runs, redirects to the login page, the get is processed fine on the server but throws an exception on the first line of markup in the .cshtml file (assuming because it is failing to encrypt the content at that point):

An unhandled exception occurred while processing the request. CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

AggregateException: Multiple exceptions were encountered while attempting to authenticate. (EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot) (ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.) (Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{IDREDACTED}'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: {IDREDACTED} Correlation ID: {IDREDACTED} Timestamp: 2021-12-20 19:46:59Z'.) (Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot) (Azure CLI not installed) (PowerShell is not installed.) Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

• EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
• ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
• Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{IDREDACTED}'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: {IDREDACTED} Correlation ID: {IDREDACTED} Timestamp: 2021-12-20 19:46:59Z'.
• Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
• Azure CLI not installed
• PowerShell is not installed. Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources, TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)

CryptographicException: An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information. Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(byte[] plaintext)

I can't find anything in the related documentation and troubleshooting guides that seem to be relevant to my setup and issue. And I feel like I have to be missing something simple like an expiration or change of some credentials but I can't find anything that would appear to be the culprit, and not a single part of the codebase was changed, nor was the Azure environment touched at all by anyone from the time I know it was functional to when this began.

On Windows:

I just created app via dotnet new mvc and created Dockerfile for that:

I'm using IdentityServer4 (v3.1.x) with the Entity Framework package to allow the configuration and operational settings to be stored in a database. I've noticed however that for -some- reason the duration of which users are logged in to IS4 is determined by the IIS Application Pool 'recycle interval' setting, which I've currently set at 30 minutes. This is different from the expected behavior, of the users' session being as long as the access_token duration / refresh_token duration allows for.

When the IIS Application Pool 'recycle interval' is set to a higher value (1740 minutes max), the problem disappears. What I expect however is for the 'session' (for the lack of a better name) to be persistent between application pools and application pool recycles.

What am I doing wrong, and what do I need to change to make it work?

Durations:

• IdentityTokenLifetime: 300s / 5m
• IdentityAccessToken: 300s / 5m
• AuthorizationCodeLifetime: 300s / 5m

I have a very large log file (more than 2GB) and would like to remove all debug logs if they contain 'EntityFramework'.

We are getting warnings in our production logs for .Net Core Web API services that are running in Kubernetes.

Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.","@l":"Warning","path":"/root/.aspnet/DataProtection-Keys",SourceContext:"Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository"

We do not explicitly call services.AddDataProtection() in StartUp, but it seems that we are getting the warnings for services that are using .Net Core 3.1 and .Net 5.(not for .Net Core 2.1) ,that also have in StartUp