Open Closed

Multiple Applications using single Identity Server #1801


0
[email protected] created

We are facing issue in establishing multiple applications setup with ABP Module Template.

1)How to Authenticate Multiple ABP.io Commercial Applications (Main App [with Auth], App1[Auth Redirec to Main App], App2 [Auth Redirec to Main App]..) with single Main Application and return to Original Application via Angular UI 2) While generating App 2 using Application Template , it is additionally generating the User,Permission tables as well in the App 2 which actually has to be maintained in the Main Application. How to avoid this getting generated,Pls refer screen shot. 3) Also How to verify the User Permissions in the App 2 which is authenticated from the Main Application.


43 Answer(s)
  • 0
    liangshiwei created
    Support Team

    Hi,

    1, You need to configure oauth in the app. see https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L131-L158 and https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json#L13-L18. PS you need create a identity client for the app

    2, You need to remove the modelBuilder configure, see https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.EntityFrameworkCore/EntityFrameworkCore/MyProjectNameDbContext.cs#L67-L74 And set module connection strings, see https://docs.abp.io/en/abp/4.4/Connection-Strings

    3, When you finish the second, it should have already been done.

    PS, You have to use distributed cache in all app, because we cache settings permissions, etc. we should make the cache synchronized in the application.

  • 0
    [email protected] created

    Hi

    For Point 1 we have already done that,

    1. Identity Server of Main Appl is configured for the App 1 as Identity Server as specified in the config file.
    2. When we launch the angular for both Main and App 1 and in Main App on click of a Menu need to open the App 1 as Single Sign on but now it is opening the login page again in App 1 when redirected from Main App. How to overcome this.
  • 0
    liangshiwei created
    Support Team

    Hi,

    You can directly configure the address of the single point server in Angular app,

    Maybe my understanding of your project structure is incorrect, if yes ,please let me know

  • 0
    [email protected] created

    Hi

    That is how, it is configured but we are getting the login page in app 1 instead of skipping the authentication when redirected from Main App

    1. Main Application which has the Identity Server and Application Server
    1. I am running the HTTPAPI.Host which enables the Identity Server and Application Server.

    1. This is the configuration specified in the Main App Angular file

    2. I am able to launch and login into this without any problem

    3. This is the App 1 Structure

    Note – I am not using the Identity server specified in this instead using the identity server of Main App. Pls see the appsettings.json.

    1. Now I launch my App 1 Angular PS – The Main App Identity Server is specified in the oAuthConfig part in the App 1 config file.

    When I navigate now from Main App to App 1 in the Angular page, it is taking me to the login page instead of directly logged in as I have already logged into the Main App, it is asking me to login again in App 1 ( I expected it to be a Single Sign On)

  • 0
    liangshiwei created
    Support Team

    Hi,

    Can you create a minimum item to reproduce it?

  • 0
    [email protected] created

    Hi

    PFA the source code which has Main App and FinRecon App

    I am trying to redirect to the FinRecon App from the Main App

    1. Click the abp.io text in the Home Page of the Main App which redirects to the FinRecon App ( It is opening the login page in FinRecon where in expected is to open the Home of FinRecon directly without login)
  • 0
    liangshiwei created
    Support Team

    I will check it out.

  • 0
    liangshiwei created
    Support Team

    Hi,

    I make some changes to the project you provied.

    When the main app is logged in, the FinRecon app will be redirected back to the index page after clicking login without entering credentials, this is the same with *.abp.io websites.

    I have send it to your email.

  • 0
    [email protected] created

    Hi

    Thanks for the details but the problem is not solved still having the same problem,sent you the details over mail.

  • 0
    liangshiwei created
    Support Team

    hi,

    I think you need re create the database.

  • 0
    [email protected] created

    Thanks for the support , I am able to get it redirected now but when redirected it is loading the login page in FinRecon . I want the Home Page of FinRecon to be loaded default when redirected from MainApp.

    Also I want the menu options which is shown in the screen shot to be removed from the FinRecon App ( Dashboard, Saas and Administrator Menus to be removed from the FinRecon App)

  • 0
    liangshiwei created
    Support Team

    I am able to get it redirected now but when redirected it is loading the login page in FinRecon . I want the Home Page of FinRecon to be loaded default when redirected from MainApp.

    Sorry, you can't.

    Also I want the menu options which is shown in the screen shot to be removed from the FinRecon App ( Dashboard, Saas and Administrator Menus to be removed from the FinRecon App)

    See https://docs.abp.io/en/abp/latest/UI/Angular/Modifying-the-Menu#how-to-add-a-navigation-element

  • 0
    [email protected] created

    Hi

    I tried the same with 2 new projects BIMS and BIMSFinRecon but I am getting this error when redirecting from BIMS to BIMSFinRecon. I have done all the changes which you have specified earlier in the mail. Am I missing somthing to be done.

  • 0
    liangshiwei created
    Support Team

    Seems the scope is invalid, could you check it exists in the table?

  • 0
    [email protected] created

    Which table and what should I check for?

  • 0
    liangshiwei created
    Support Team

    Maybe check it remotely will be better, can we meetting? [email protected]

  • 0
    [email protected] created

    I was able to solve it, changed the entry in IdentityServerClientScopes tables.

    It was generated as BIMS for both the CLients BIMS_FinRecon and BIMS_BDairy, I have changed the entries in the table IdentityServerClientScopes. Why it is generated as BIMS for the client also.

  • 0
    liangshiwei created
    Support Team

    Hi,

    Why it is generated as BIMS for the client also.

    Maybe the client required BIMS scope

  • 0
    [email protected] created

    Hi

    I have 2 Services BIMS and BIMS_BDairy,

    GetStaffDetails in BIMS GetEmployeeDetails in BIMS_BDairy I want to call the GetStaffDetails in BIMS from the GetEmployeeDetails in BIMS_BDairy , when I tried using HTTPClient it is giving me 401 UnAuthorized Error. Pls help out how to make this call.

    Both are using the same Identity Server,

    Thanks Prabhu R

  • 0
    liangshiwei created
    Support Team

    Hi,

    See https://github.com/abpframework/abp/blob/dev/templates/module/aspnet-core/test/MyCompanyName.MyProjectName.HttpApi.Client.ConsoleTestApp/ClientDemoService.cs#L54

  • 0
    [email protected] created

    Hi

    This the implementation I have done based on your input reference site, But I am getting this error when tried invoking through swagger.

    { "error": { "code": null, "message": "An internal error occurred during your request!", "details": null, "data": { "ActivatorChain": "Castle.Proxies.StaffDetailsAppServiceProxy" }, "validationErrors": null } }

    Note - I am invoking one service from another service (Both are ABP AppService) and not from Console or any other application. I am making anything wrong here.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using Volo.Abp.Application.Services;
    using BIMS_BDairy.Custom;
    using Microsoft.Extensions.Configuration;
    using System.Net.Http;
    using System.Net.Http.Headers;
    using Volo.Abp.DependencyInjection;
    using Volo.Abp.IdentityModel;
    using IdentityModel.Client;
    
    namespace BIMS_BDairy
    {
        public class StaffDetailsAppService : ApplicationService, IStaffDetailsAppService, ITransientDependency
        {
            private readonly IIdentityModelAuthenticationService _authenticationService;
            private readonly IConfiguration _configuration;
            public StaffDetailsAppService(IIdentityModelAuthenticationService authenticationService,
                IConfiguration configuration)
            {
                _authenticationService = authenticationService;
                _configuration = configuration;
            }
    
            public async Task<StoreDetails> GetStaffDetails(long EmployeeID)
            {
                /*HttpClient client = new HttpClient();
                var path = "https://localhost:44343/api/app/staff-masters?EmployeeIDMin=" + EmployeeID + "&EmployeeIDMax="+EmployeeID;
                client.BaseAddress = new Uri("https://localhost:44343/");
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(
                    new MediaTypeWithQualityHeaderValue("application/json"));
                HttpResponseMessage response = await client.GetAsync(path);*/
    
                var accessToken = await _authenticationService.GetAccessTokenAsync(
                    new IdentityClientConfiguration(
                        _configuration["IdentityClients:Default:Authority"],
                        _configuration["IdentityClients:Default:Scope"],
                        _configuration["IdentityClients:Default:ClientId"],
                        _configuration["IdentityClients:Default:ClientSecret"],
                        _configuration["IdentityClients:Default:GrantType"],
                        _configuration["IdentityClients:Default:UserName"],
                        _configuration["IdentityClients:Default:UserPassword"]
                    )
                );
    
                using (var httpClient = new HttpClient())
                {
                    httpClient.SetBearerToken(accessToken);
    
                    var url = _configuration["RemoteServices:MyProjectName:BaseUrl"] +
                              "api/MyProjectName/sample/authorized";
    
                    var responseMessage = await httpClient.GetAsync(url);
                    if (responseMessage.IsSuccessStatusCode)
                    {
                        var responseString = await responseMessage.Content.ReadAsStringAsync();
                        Console.WriteLine("Result: " + responseString);
                    }
                    else
                    {
                        throw new Exception("Remote server returns error code: " + responseMessage.StatusCode);
                    }
                }
    
                return null;
            }
            
        }
    }
    
  • 0
    liangshiwei created
    Support Team

    "ActivatorChain": "Castle.Proxies.StaffDetailsAppServiceProxy"

    Your DI is configured incorrectly, you should check why DI can't create instance StaffDetailsAppServiceProxy

  • 0
    liangshiwei created
    Support Team

    Can you share the application logs?

  • 0
    [email protected] created

    Hi

    I am creating a new tenant from the Main App and trying to login using the tenant user credentials it is not logging in and says invalid username or email address.When I verified the table AbpUsers it is not having the user entry for the created tenant but SaaStenant has tenant details.

    Why the user is not created automatically for the new tenant created. Also how to access rights to the new users.

  • 0
    [email protected] created

    Can you share the application logs?

    Sure

  • 0
    [email protected] created

    Hi

    I am creating a new tenant from the Main App and trying to login using the tenant user credentials it is not logging in and says invalid username or email address.When I verified the table AbpUsers it is not having the user entry for the created tenant but SaaStenant has tenant details.

    Why the user is not created automatically for the new tenant created. Also how to access rights to the new users.

    Any update on this as well pls its urgent

  • 0
    liangshiwei created
    Support Team

    Hi,

    I am creating a new tenant from the Main App and trying to login using the tenant user credentials it is not logging in and says invalid username or email address.When I verified the table AbpUsers it is not having the user entry for the created tenant but SaaStenant has tenant details.

    How reprodice it? I use ABP CLI to create a new project and it works fine. could you provide steps? thanks.

  • 0
    [email protected] created

    Hi,

    I am creating a new tenant from the Main App and trying to login using the tenant user credentials it is not logging in and says invalid username or email address.When I verified the table AbpUsers it is not having the user entry for the created tenant but SaaStenant has tenant details.

    How reprodice it? I use ABP CLI to create a new project and it works fine. could you provide steps? thanks.

    Hi Can we do a screen sharing session, so it will be better to show you.

  • 0
    liangshiwei created
    Support Team

    Hi,

    OK, we can, please send email to me.

  • 0
    [email protected] created

    Hi,

    OK, we can, please send email to me.

    I don't have your email. https://meet.google.com/zng-kneo-ron

    Pls suggest a time for the call today. This is the meeting link

  • 0
    liangshiwei created
    Support Team
  • 0
    [email protected] created

    Hi

    The Authorization check for MultiTenant and mobile based login, which you have suggested is not working. Need your help to address it. It is of high priority.

    Sent a mail to your mailid a screen sharing session

  • 0
    liangshiwei created
    Support Team

    Can you share some screenshots and logs?

  • 0
    [email protected] created

    Can you share some screenshots and logs?

    Hi It is very difficult to explain in screenshots and logs. Pls suggest a time for a screen sharing tomorrow morning. This is urgent.

  • 0
    liangshiwei created
    Support Team

    Okay,

    No problem, please send email to me.

  • 0
    [email protected] created

    Hi

    The Following points were discussed with Shiwei Liang and it seems he is on vacation. Need support from anyother person.

    These are the points which needs to be resolved on high priority.

    1. Tenant based login - AbpUsers, AbpUserRoles - StoreManager,Admin,HR - High level people
    2. Tenant based Token Generation for Login (API)- Mobile App
    3. To Configure Roles in BIMS with BDairy Feature list.(Screen Permissions)
    4. How to remove the Additional tables like AbpUsers in BIMS BDairy
    5. How to do Redis Configuration
    6. HTTPS in deployment
  • 0
    maliming created
    Support Team

    hi

    Please create some new questions, Explain your question in detail separately.

  • 0
    [email protected] created

    hi

    Please create some new questions, Explain your question in detail separately.

    The Architecture is configured as per the points listed below.

    Step1: We have split the applications with common Identity Server. Step2: BIMS is one main application which handled users and their accesses Step3: BIMS_BDairy is another application which uses the Identity Server of BIMS

    We need solution for addressing these points.

    1)Tenant based login - AbpUsers, AbpUserRoles - StoreManager,Admin,HR - High level people

    Step1: We will have tenants created in our main application (BIMS) Step2: We will have users created logins created against these tenants, Step3: At the Service level we need to validate this user with his credentials and allow access to the Service with the approriate tenant and user details set in the context.

    This is not working now, it works only for Host login and not for Tenant Login. This needs to be addressed

    2)Tenant based Token Generation for Login (API)- Mobile App

    Step1: We are having a Mobile Application in which these tenant users will login using the mobile App using say EmployeeID and not his/her username or password Step2: We need to validate the user against the credentials and generate token to access the Services.

    3)To Configure Roles in BIMS with BDairy Feature list.(Screen Permissions)

    Step1: We have split the applications with common Identity Server. Step2: BIMS is one main application which handled users and their accesses Step3: BIMS_BDairy is another application which uses the Identity Server of BIMS Step4: How do i get the permission of BDairy in BIMS for the user to set access in the BIMS Application using the permissions tab

    4)How to remove the Additional tables like AbpUsers in BIMS BDairy

    Step1: We have split the applications with common Identity Server. Step2: BIMS is one main application which handled users and their accesses Step3: The same users,login,clients etc tables are created also in BDairy how to avoid this as this has to be at BIMS level and not in BDairy

    5)How to do Redis Configuration

    Step1:How to do Redis Configuration in Windows server for Production. Need documentations for the same.

    6)HTTPS in deployment

    Step1: When we deploy the AppServices BIMS and BDairy in IIS and configure https for these service, it throws as invalid uri exception. It works when we provide only Http. Step2: We have cross refernence calls like from BDairy AppService we will call a method in the BIMS AppService for fetching some data

  • 0
    albert created
    Support Team

    this is a consultancy topic and not direclty related to ABP code base. if you face a concrete problem in ABP code we would like to help you.

  • 0
    [email protected] created

    this is a consultancy topic and not direclty related to ABP code base. if you face a concrete problem in ABP code we would like to help you.

    Hi

    this is related to ABP Framework, [email protected] was looking into it and he acknowledged to help out in resolving these issues. Unfortunately he is on vacation.

    This on the framework that the Common Identity server is unable to Login with Tenant Login and No Proper Document is provided

    No Documentation to Configure or Setup Another Application which uses Common ABP Identity server to setup roles for the Consumer App

  • 0
    [email protected] created

    this is a consultancy topic and not direclty related to ABP code base.
    if you face a concrete problem in ABP code we would like to help you.

    Hi

    this is related to ABP Framework, [email protected] was looking into it and he acknowledged to help out in resolving these issues. Unfortunately he is on vacation.

    This on the framework that the Common Identity server is unable to Login with Tenant Login and No Proper Document is provided

    No Documentation to Configure or Setup Another Application which uses Common ABP Identity server to setup roles for the Consumer App

    Do we have any Updates on this Issues?

    its been 5days. we are in release mode and need to conclude ASAP

  • 0
    liangshiwei created
    Support Team

    1)Tenant based login - AbpUsers, AbpUserRoles - StoreManager,Admin,HR - High level people

    See https://docs.abp.io/en/abp/latest/Multi-Tenancy#determining-the-current-tenant You need to pass the tenant argument, like:

    var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest
    {
        Address = disco.TokenEndpoint + "?__tenant=....",
        ClientId = _configuration["IdentityClients:Default:ClientId"],
        ClientSecret = _configuration["IdentityClients:Default:ClientSecret"],
        UserName = _configuration["IdentityClients:Default:UserName"],
        Password = _configuration["IdentityClients:Default:UserPassword"],
        Scope = _configuration["IdentityClients:Default:Scope"]
    });
    

    2)Tenant based Token Generation for Login (API)- Mobile App

    You can check : https://stackoverflow.com/questions/44172221/generate-access-token-with-identityserver4-without-password

    3)To Configure Roles in BIMS with BDairy Feature list.(Screen Permissions)

    You need reference the applicllation.contarct project to load prmission definitions

    4)How to remove the Additional tables like AbpUsers in BIMS BDairy

    You just need to unintall the module you don't want and create&apply migration file

    5)How to do Redis Configuration

    You just need to install redis server and configure connection string.

    6)HTTPS in deployment

    What is the error log?

  • 0
    [email protected] created

    1)Tenant based login - AbpUsers, AbpUserRoles - StoreManager,Admin,HR - High level people

    See https://docs.abp.io/en/abp/latest/Multi-Tenancy#determining-the-current-tenant You need to pass the tenant argument, like:

    var tokenResponse = await client.RequestPasswordTokenAsync(new PasswordTokenRequest 
    { 
        Address = disco.TokenEndpoint + "?__tenant=....", 
        ClientId = _configuration["IdentityClients:Default:ClientId"], 
        ClientSecret = _configuration["IdentityClients:Default:ClientSecret"], 
        UserName = _configuration["IdentityClients:Default:UserName"], 
        Password = _configuration["IdentityClients:Default:UserPassword"], 
        Scope = _configuration["IdentityClients:Default:Scope"] 
    }); 
    

    2)Tenant based Token Generation for Login (API)- Mobile App

    You can check : https://stackoverflow.com/questions/44172221/generate-access-token-with-identityserver4-without-password

    3)To Configure Roles in BIMS with BDairy Feature list.(Screen Permissions)

    You need reference the applicllation.contarct project to load prmission definitions

    4)How to remove the Additional tables like AbpUsers in BIMS BDairy

    You just need to unintall the module you don't want and create&apply migration file

    5)How to do Redis Configuration

    You just need to install redis server and configure connection string.

    6)HTTPS in deployment

    What is the error log?

    You need reference the applicllation.contarct project to load prmission definitions

    Can you please provide some instructions or document to perform this?