- ABP Framework version: v7.3.2
- UI Type: Angular
- Database System: EF Core (MySQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
We are trying run performance testing on the application using the Apache JMeter. Following api calls (total 3) are getting errors while testing the application, can you suggest what can be done this issue?
API Call 1 : https://scopeuat.doctrz.in:44322/Account/Login Request body: GET https://scopeuat.doctrz.in:44322/Error?httpStatusCode=400
GET data:
Cookie Data: .AspNetCore.Antiforgery.YkhOIqalreE=CfDJ8DXz2n710ANCtQZrCmvoKDgN-wZi7vEdV5z7fK1KBGOe0D9GAjDDTqNYLfyifxyyqg2gbQYVDJumTjFKNgY2FIbVv4SVD6noo2LPnSaww0R2TL1O3cIcjWDOblIZCbTDvZ5qZak0HxUtvlIcATPp_Hs; XSRF-TOKEN=CfDJ8DXz2n710ANCtQZrCmvoKDjdqFVP0xx2TP9QdW0hwVvg8fO7JOBtca5vdKczKpyNz2zIX4vpwTqNlTlFuZiCw8cYmL2t1bpwhp0jTjrQBz2kl5Y-3wKBgXf6meVvOkCOabI2bQe-hgvVok4ECWsH1gw
Request Headers: Connection: keep-alive Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 DNT: 1 Host: scopeuat.doctrz.in:44322
API Call 2 : https://scopeuat.doctrz.in:44322/connect/token
Request Body: POST https://scopeuat.doctrz.in:44322/connect/token
POST data: code=P7kLRlQDL4csWrX_hroS54eq6_eyV2wq7UKGI1q47Yc&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fscopeuat.doctrz.in&client_id=Angular&code_verifier=N2ZZVXRETGJXMVBpQWlJak8xdmhXTURKTTNNfjBqM1RqVHQxbkUzZ0Z5OWRO
Cookie Data: .AspNetCore.Antiforgery.YkhOIqalreE=CfDJ8DXz2n710ANCtQZrCmvoKDgN-wZi7vEdV5z7fK1KBGOe0D9GAjDDTqNYLfyifxyyqg2gbQYVDJumTjFKNgY2FIbVv4SVD6noo2LPnSaww0R2TL1O3cIcjWDOblIZCbTDvZ5qZak0HxUtvlIcATPp_Hs; .AspNetCore.Culture=c%3Den%7Cuic%3Den; XSRF-TOKEN=CfDJ8DXz2n710ANCtQZrCmvoKDh0Esh26DPIyYi9XaISAV31KUy9Ylr0ya2zMf7XBjGYQvE7tnW1niA45coeiacFhjm0UZdhWJI2PhNPrxxf6mlmJYZ34Ku8AbZryQpJQuwyjF1Cn_h_orIse-Vr2ZrmnyI Request Headers: Connection: keep-alive Content-Type: application/x-www-form-urlencoded __tenant: 3a10d8ba-84c1-030b-2672-709df3812b9d Accept: application/json, text/plain, / X-Requested-With: XMLHttpRequest sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 DNT: 1 Content-Length: 217 Host: scopeuat.doctrz.in:44322
API Call 3: https://uat.doctrz.in:44325/api/appointment-service/session/list
Request Body: POST https://uat.doctrz.in:44325/api/appointment-service/session/list
POST data: {"maxResultCount":10,"skipCount":0,"SessionQuestionId":"3a131f0f-98f4-dbde-56ee-909b142b20c7","ConsultationFormInputs":[]}
Cookie Data: .AspNetCore.Antiforgery.YkhOIqalreE=CfDJ8DXz2n710ANCtQZrCmvoKDioKzEaKYBj_fCFdfY7smIqk5oFIiI9jUCMBMuJMra_h_EUn_xr4dXReZJJcqFB5zbqUAXgnNpWdUfg18JfN7oQC8Diei6Dyn6XNsA7AD5TJbXGZbgoqJ82g4LqoC46wiw; XSRF-TOKEN=CfDJ8DXz2n710ANCtQZrCmvoKDhHsn44MTQJmXJbM1_MXOn7M6ncReye0lT9-MjgOeZeFC2ucYTCjn6VAfiTZsempLEERqS7ba0UgWbDbwhUBxyhTD21hoMWQDzGy0FhX3yXaLKCdD-JcbP6I3Yg-va7dbU; __tenant=3a10d95d-cc01-d739-974d-f5ae592edbd8; .AspNetCore.Culture=c%3Den%7Cuic%3Den Request Headers: Connection: keep-alive Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjA1MTU5NTE4RDdDNDI3MTJFQ0VBMTgwOEZDRUQzRkE2MTBDQzkwMzQiLCJ4NXQiOiJCUldWR05mRUp4THM2aGdJX08wX3BoRE1rRFEiLCJ0eXAiOiJhdCtqd3QifQ.eyJzdWIiOiIzYTEwZDk1ZC1jYzVkLTdhZTYtMjFjYi00YjkyMzg0NTdjMmUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoic2NvcGV1c2VyQHRlc3QuY29tIiwicm9sZSI6ImFkbWluIiwidGVuYW50aWQiOiIzYTEwZDk1ZC1jYzAxLWQ3MzktOTc0ZC1mNWFlNTkyZWRiZDgiLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImVtYWlsX3ZlcmlmaWVkIjoiRmFsc2UiLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwib2lfcHJzdCI6IkFuZ3VsYXIiLCJpc3MiOiJodHRwczovL3VhdC5kb2N0cnouaW46NDQzMjIvIiwib2lfYXVfaWQiOiIzYTEwZGNhMi02ODA1LWM2ZGUtNmEyYy1hZGMyNzExMmZjYzkiLCJjbGllbnRfaWQiOiJBbmd1bGFyIiwib2lfdGtuX2lkIjoiM2ExMzdlYzUtMzU3NC03NzY1LTU2YWUtOWYwNWY4MDY2MTgwIiwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIkNsaW5pY1NlcnZpY2UiLCJBcHBvaW50bWVudFNlcnZpY2UiLCJGb3Jtc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIFByb2R1Y3RTZXJ2aWNlIENsaW5pY1NlcnZpY2UgQXBwb2ludG1lbnRTZXJ2aWNlIEZvcm1zU2VydmljZSIsImp0aSI6ImQzNmM4MmU1LTc3NTctNDY2NC04Yjc0LTNhOWNhNDM0MzNiMyIsImV4cCI6MTcxOTgxMjQ0MywiaWF0IjoxNzE5ODA4ODQzfQ.be1d_CTREeFMhFFxOezkFo_SHCnX9Rs2acel5-MDt-xoEkeeFJAuYHWmbjgnBsJTXO-uqeat-FdxFFFMeL0bVvWYjAwMLZEJh93C9EapYuQUEl8ayLwHNN_1dD-T6RavqX2RB_3YSAa5cno57xOhEvx0YZ58VDzV9yWLaM8h9Bu6Kn9qdiAzjpXIX4wuj7-O95e6-_0q8754m4khFIirCtUMJTfqSnF6yrTVaaTwqVNxc19pDbr7KZsLUQqBc7oOy34jS3DL7HeBeP2pJzGoz6cDAI0PWmVGeUg5QlnBGIWhUqY36q5AFCScTnWVhgatfulghaTYcV7i79ARw_Y4XA Content-Type: application/json __tenant: 3a10d95d-cc01-d739-974d-f5ae592edbd8 Accept: application/json, text/plain, / X-Requested-With: XMLHttpRequest sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 DNT: 1 Content-Length: 122 Host: uat.doctrz.in:44325
10 उत्तर (ओं)
-
0
Hi,
What error, could you share the error message
-
0
This is what we are getting on the Apache JMeter while performing the test :
-
0
Could you please share the full error logs?
-
0
below is the log link: https://drive.google.com/file/d/15kFj5-MZuipnCxWQdOXndydysyMq9l95/view?usp=sharing
-
0
There is no error level log in the log file.
The antiforgery cookie token and request token do not match
This is not a problem with ABP but jmeter You can check these links: https://techcommunity.microsoft.com/t5/iis-support-blog/anti-forgery-token-and-anti-forgery-cookie-related-issues/ba-p/984870 https://stackoverflow.com/questions/53034969/jmeter-post-anti-forgery-token https://stackoverflow.com/questions/49597998/not-able-to-login-due-to-requestverificationtoken
-
0
we are able to resolve the above issue but nor on connect/token url we are getting below error: The token request was successfully extracted: { "code": "[redacted]", "grant_type": "authorization_code", "redirect_uri": "https://scopeuat.doctrz.in", "client_id": "Angular", "code_verifier": "N2ZZVXRETGJXMVBpQWlJak8xdmhXTURKTTNNfjBqM1RqVHQxbkUzZ0Z5OWRO" }. [06:25:04 INF] The response was successfully returned as a JSON document: { "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004"
-
0
The specified token is invalid
what's is the full error message
-
0
this all im getting in the logs administration service also logs below errors : Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenUnableToValidateException: IDX10516: Signature validation failed. Unable to match key: kid: '05159518D7C42712ECEA1808FCED3FA610CC9034'. Number of keys in TokenValidationParameters: '0'. Number of keys in Configuration: '2'. Exceptions caught: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Valid Lifetime: 'False'. Valid Issuer: 'True' at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateLifetimeAndIssuerAfterSignatureNotValidatedJwt(SecurityToken securityToken, Nullable`1 notBefore, Nullable`1 expires, String kid, TokenValidationParameters validationParameters, BaseConfiguration configuration, StringBuilder exceptionStrings, Int32 numKeysInConfiguration, Int32 numKeysInTokenValidationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() [07:37:04 INF] Bearer was not authenticated. Failure message: IDX10516: Signature validation failed. Unable to match key: kid: '05159518D7C42712ECEA1808FCED3FA610CC9034'. Number of keys in TokenValidationParameters: '0'. Number of keys in Configuration: '2'. Exceptions caught: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Valid Lifetime: 'False'. Valid Issuer: 'True' -
0
[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]
you can set
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;to get the log details. -
0
it did not help. but now getting little different error : { "error": "invalid_grant", "error_description": "The specified authorization code is no longer valid.", "error_uri": "https://documentation.openiddict.com/errors/ID2016" } I have noticed on URL highlighted below. THe url is captured in dev tools upon clicking of login button. but the authserver is hosted on 44322 port where as the url is originating with default port thats without port where the angular app is hosted. Can you explain how and why? :
