System.UnauthorizedAccessException is thrown when trying to log in

[gisek]

I gave a try to your solution, but it seems not to work on Azure. Actually neither does it work locally unless I ran VS as admin.

I get an error when I click "Grant" button in popup window from ImplicitGrantClient2 (running ImplicitGrantClient2 , AuthorizationServer, ResourceServer2):

System.UnauthorizedAccessException
Access to the path 'C:\WINDOWS\TEMP' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) 
at System.IO.FileSystemEnumerableIterator<TSource>.CommonInit() 
at System.IO.FileSystemEnumerableIterator<TSource>..ctor(String path, String originalUserPath, String searchPattern, SearchOption searchOption, SearchResultHandler<TSource> resultHandler, Boolean checkHost)
at System.IO.DirectoryInfo.EnumerateFileSystemInfos(String searchPattern, SearchOption searchOption) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.<GetAllElementsCore>d__15.MoveNext() 
at System.Collections.Generic.List<T>..ctor(IEnumerable<T> collection) 
at System.Linq.Enumerable.ToList<TSource>(IEnumerable<TSource> source) 
at Microsoft.AspNet.DataProtection.Repositories.FileSystemXmlRepository.GetAllElements() 
at Microsoft.AspNet.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNet.DataProtection.KeyManagement.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow) 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRing() 
at Microsoft.AspNet.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(Byte[] plaintext)

I guess the problem is the default value for:

OAuthAuthorizationServerOptions.TokenDataProtector

Set here:

OAuthAuthorizationServerMiddleware

In this line:

Options.TokenDataProtector = new DataProtectionProvider(new DirectoryInfo(Environment.GetEnvironmentVariable("Temp", EnvironmentVariableTarget.Machine))).CreateProtector("OAuth.AspNet.AuthServer");

I'm not sure if this qualifies as a bug, but I couldn't find another implementation of IDataProtector to work with ASP.Net 5 MVC 6. Also this way I couldn't make it work on Azure.

[Xacron]

@gisek you are correct that this behavior is due to the default DataProtectionProvider. I believe the local admin requirement is as a result of IIS Express, when deployed to IIS you would provide your own instance of DataProtectionProvider using a directory that you have provisioned your app pools to have rights to.

I haven't tired running this solution in Azure but I can do some research to figure out how to configure ASP.NET Data Protection for that environment and get back to you.

[gisek]

@Xacron That would be great. Thanks.