Open Closed

Blazor Authorization failed in production - Clientproxy not authorized 401 #4389


0
hakan.uskaner created
  • ABP Framework version: v7.0.1
  • UI type: Blazor-Server
  • DB provider: Postgres Sql / MongoDB
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:

2 Problems

1) 14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [14:39:29 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement ...

  1. the static generates client proxies also receives 401 not authorised. That is the main problem.
  • Steps to reproduce the issue:"
  1. generate a microservice-template pro -u blazor-server
  2. make a test tun with tye -- all works fine in blazor module without error (authentication is working)
  3. build images
  4. deploy to production kubernetes
  5. You can login in Blazor. but the authentication fails and you cannot access any clientproxy

This does work on local deployment with docker desktop . I did check all logs from blazor, auth, administration and saas . No errors are shown.. So how can i investigate this further ?

i found a similar issues here: https://support.abp.io/QA/Questions/1815/No-Permission-to-read-Settings-on-User-Signup https://github.com/abpframework/abp/issues/10543

How can i ensure that the blazor application is authorized correctly and can access the clientproxy ?


9 Answer(s)
  • 0
    maliming created
    Support Team

    hi

    Please clear the logs, then reproduce the problem, and then share the logs for these projects.

    [email protected]

  • 0
    hakan.uskaner created

    Hi Maliming,

    i did sent you the logs and infos. If you are available we could make a teams session for further diagnotics.

  • 0
    maliming created
    Support Team

    hi

    There are some errors in appmicro-appzero-in-appmicro-appzero

    Please fix it and try again.

  • 0
    hakan.uskaner created

    Hi, you wrote fix it, but that is what i am asking you ! This is no help ...

    I wrote you, that if i restart the appmicro-appzero the NoSql Error "AbpLocalizationResources" disapears..So after restart there is no error in the logs anymore...I dont know how to fix the error with "AbpLocalizationResources" .. Is it an issues with Nosqql ? A timing problem ? Why does this happen ?

    In the blazor log is still this error:

    PermissionRequirement: SettingManagement.Emailing [07:51:08 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [07:51:08 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [07:51:08 INF] Authorization failed. These requirements were not met: ........

    I dont think that the Blazor Authorization fails because of my appzero microservice. Instead it seem to be a generell problem, i did a test with a new microservice-template (7.0.1) and prepared production microservice.. after deployement to docker desktop it works, but after deployment to production kubernetes it produced the same errors like in my solution !

    For the last kubernetes problem i did wait a long time before you could solve it:

    https://support.abp.io/QA/Questions/3463/Helm-charts-for-533-and-Blazor https://support.abp.io/QA/Questions/3872/Abp-V600-Helm-Chart-Issues-and-deployment-errors-500400-during-login

    So please check how you could help to solve this...I need your help. And again i would be great to take a detailed look with MS Teams to solve this...

    We are preparing a production release for our customers, and now need to wait again till you could help to solve this.. We are losing time, which we need elsewhere..so please give this ticket a higher priority,

  • 0
    maliming created
    Support Team

    hi

    I gave feedback to the microservices team.

  • 0
    gterdem created
    Support Team

    Hi, you wrote fix it, but that is what i am asking you ! This is no help ...

    I wrote you, that if i restart the appmicro-appzero the NoSql Error "AbpLocalizationResources" disapears..So after restart there is no error in the logs anymore...I dont know how to fix the error with "AbpLocalizationResources" .. Is it an issues with Nosqql ? A timing problem ? Why does this happen ?

    In the blazor log is still this error:

    PermissionRequirement: SettingManagement.Emailing [07:51:08 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [07:51:08 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [07:51:08 INF] Authorization failed. These requirements were not met: ........

    I dont think that the Blazor Authorization fails because of my appzero microservice. Instead it seem to be a generell problem, i did a test with a new microservice-template (7.0.1) and prepared production microservice.. after deployement to docker desktop it works, but after deployment to production kubernetes it produced the same errors like in my solution !

    For the last kubernetes problem i did wait a long time before you could solve it:

    https://support.abp.io/QA/Questions/3463/Helm-charts-for-533-and-Blazor https://support.abp.io/QA/Questions/3872/Abp-V600-Helm-Chart-Issues-and-deployment-errors-500400-during-login

    So please check how you could help to solve this...I need your help. And again i would be great to take a detailed look with MS Teams to solve this...

    We are preparing a production release for our customers, and now need to wait again till you could help to solve this.. We are losing time, which we need elsewhere..so please give this ticket a higher priority,

    These are not error, they are information. Can you share error logs?

  • 0
    hakan.uskaner created

    ok, i will sent you them per email

  • 0
    hakan.uskaner created

    I found the solution:

    to fix it i needed to update the values.yml in etc/k8s:

    • i changed at the gateway-web and gateway-web-public the globalConfigurationBaseUrl to https
    • i changed all reRoutes from http to https and the port from 80 to 443

    Because all ingresses of the subcharts use "force-ssl-redirect": "true", the above settings are necessary to work on production kubernetes.

  • 0
    maliming created
    Support Team

    Thanks @hakan.uskaner 👍🏻