Server returns 500: '/api': JWT Token error ?

Question

Server returns 500: '/api': JWT Token error ?

PRTGC opened this issue 2 years ago · 2 comments

500 Internal Server Error

A fresh Server(2019) install, Fresh IIS(10.0) install, and latest IIS.Admin Install..

Category: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler
EventId: 3
RequestId: 8000002d-0001-f700-b63f-84710c7967bb
RequestPath: /api
ActionId: f9b9ca79-051f-4e8f-af45-21b0a043c0c5
ActionName: Microsoft.IIS.Administration.ApiRootController.Get (Microsoft.IIS.Administration)

Exception occurred while processing message.

Exception: 
System.ArgumentOutOfRangeException: The UTC time represented when the offset is applied must be between year 0 and 10,000. (Parameter 'offset')
   at System.DateTimeOffset.ValidateDate(DateTime dateTime, TimeSpan offset)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()


Microsoft IIS Administration API encountered an unexpected error: System.ArgumentOutOfRangeException: The UTC time represented when the offset is applied must be between year 0 and 10,000. (Parameter 'offset')
   at System.DateTimeOffset.ValidateDate(DateTime dateTime, TimeSpan offset)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
   at Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.IIS.Administration.WebServer.Injector.Invoke(HttpContext context)
   at Microsoft.IIS.Administration.HeadTransform.Invoke(HttpContext context)
   at Microsoft.IIS.Administration.Startup.<>c.<<Configure>b__4_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Security.Authorization.AuthorizationPolicyMiddleware.Invoke(HttpContext context, IAuthorizationService authorizationService)
   at Microsoft.IIS.Administration.Security.WindowsAuthenticationExtensions.<>c.<<UseWindowsAuthentication>b__0_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Cors.CorsExtensions.<>c.<<UseCrossOrigin>b__0_2>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Cors.CorsExtensions.<>c__DisplayClass0_0.<<UseCrossOrigin>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.ErrorHandler.Invoke(HttpContext context)
   

An unhandled exception has occurred while executing the request.

Exception: 
System.ArgumentOutOfRangeException: The UTC time represented when the offset is applied must be between year 0 and 10,000. (Parameter 'offset')
   at System.DateTimeOffset.ValidateDate(DateTime dateTime, TimeSpan offset)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
   at Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.IIS.Administration.WebServer.Injector.Invoke(HttpContext context)
   at Microsoft.IIS.Administration.HeadTransform.Invoke(HttpContext context)
   at Microsoft.IIS.Administration.Startup.<>c.<<Configure>b__4_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Security.Authorization.AuthorizationPolicyMiddleware.Invoke(HttpContext context, IAuthorizationService authorizationService)
   at Microsoft.IIS.Administration.Security.WindowsAuthenticationExtensions.<>c.<<UseWindowsAuthentication>b__0_0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Cors.CorsExtensions.<>c.<<UseCrossOrigin>b__0_2>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.Cors.CorsExtensions.<>c__DisplayClass0_0.<<UseCrossOrigin>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.IIS.Administration.ErrorHandler.Invoke(HttpContext context)
   at Microsoft.IIS.Administration.ErrorHandler.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

{
  "host_id": "f0ce6e87-3322-4134-bd7d-9f6d4e2514c6",
  "host_name": "IIS Administration API",
  "security": {
    "require_windows_authentication": true,
    "users": {
      "administrators": [
        "IIS Administration API Owners"
      ],
      "owners": [
        "IIS Administration API Owners"
      ]
    },
    "access_policy": {
      "api": {
        "users": "administrators",
        "access_key": true
      },
      "api_keys": {
        "users": "administrators",
        "access_key": true
      },
      "system": {
        "users": "owners",
        "access_key": true
      }
    }
  },
  "logging": {
    "enabled": true,
    "min_level": "debug",
    "file_name": "log-{Date}.txt",
    "LogLevel": {
      "Default": "Debug",
      "System": "Debug",
      "Microsoft": "Debug"
    }
  },
  "auditing": {
    "enabled": true,
    "file_name": "audit-{Date}.txt"
  },
  "cors": {
    "rules": [
      {
        "origin": "https://127.0.0.1",
        "allow": true
      }
    ]
  },
  "files": {
    "locations": [
      {
        "alias": "inetpub",
        "path": "%systemdrive%\\inetpub",
        "claims": [
          "read",
          "write"
        ]
      }
    ]
  }
}

Answer 1 · 2023-03-11T14:49:52.000Z

I figured it out...
it does not like the 'Forever' Tokens....

Answer 2 · 2023-03-26T17:36:10.000Z

Looking into this a little further, it looks to be because they're using DateTimeOffset with a UTC DateTime so when generating a Forever Token, you're outside bounds IF your local server timezone isn't UTC. I had the same issue with a Forever Token, then updated my timezone to UTC, and worked fine after this.