Open Closed

Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_request', error_description: 'The specified HTTP method is not valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2084'. #4421


0
amolk created
  • ABP Framework version: v7.0
  • UI type: MVC
  • DB provider: EF Core
  • **Tiered (MVC) **: no
  • Exception message and stack trace:
* [13:21:58 INF] Request starting HTTP/1.1 POST http://webapp.testprojects.in/signin-oidc application/x-www-form-urlencoded 1607
[13:21:58 ERR] Message contains error: 'invalid_request', error_description: 'The specified HTTP method is not valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2084', status code '400'.
[13:21:58 ERR] Exception occurred while processing message.
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_request', error_description: 'The specified HTTP method is not valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2084'.
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
[13:21:58 INF] Error from RemoteAuthentication: Message contains error: 'invalid_request', error_description: 'The specified HTTP method is not valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2084'..
[13:21:58 ERR] An unhandled exception has occurred while executing the request.
System.Exception: An error was encountered while handling the remote login.
 ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_request', error_description: 'The specified HTTP method is not valid.', error_uri: 'https://documentation.openiddict.com/errors/ID2084'.
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
[13:21:58 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
[13:21:58 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
  • Steps to reproduce the issue:"

We have Latest copy of ABP IO commercial V7.0 using MVC and EFCore. Everything is working fine on Local without any change. We are trying to run this application on azure, and when we click on login it successfully redirect to the Auth Server then after passing credentials and clicked on Login we are getting above error. Same Issue is for Public Web site login. We did required changes on azure as well. "RequireHttpsMetadata": "false", this value is et to false and "IsOnK8s": "true", set to true for Public Web project. After login we are running into this issue.

Could you please help us to resolve this issue ASAP.

"AuthServer": { "Authority": "authserver url", "RequireHttpsMetadata": "true", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "IsOnK8s": "true", "MetaAddress": "authserver url" },


33 Answer(s)
  • 0
    maliming created
    Support Team

    hi

    Please share the logs of AuthServer.

  • 0
    amolk created

    [04:22:07 INF] AuthenticationScheme: Identity.Application signed in. [04:22:07 INF] Executed handler method OnPostAsync, returned result Microsoft.AspNetCore.Mvc.RedirectResult. [04:22:07 INF] Executing RedirectResult, redirecting to /connect/authorize?client_id=PublicWeb&redirect_uri=https%3A%2F%2Fpublicweb.mydomain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20AdministrationService%20ProductService&response_mode=form_post&nonce=638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl&state=CfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.15.1.0. [04:22:07 INF] Executed page /Account/Login in 334.7733ms [04:22:07 INF] Executed endpoint '/Account/Login' [04:22:07 INF] Request finished HTTP/1.1 POST http://authserver.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DPublicWeb%26redirect_uri%3Dhttps%253A%252F%252Fpublicweb.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520AdministrationService%2520ProductService%26response_mode%3Dform_post%26nonce%3D638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl%26state%3DCfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D6.15.1.0 application/x-www-form-urlencoded 291 - 302 0 - 532.6852ms [04:22:07 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.com/connect/authorize?client_id=PublicWeb&redirect_uri=https%3A%2F%2Fpublicweb.mydomain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20AdministrationService%20ProductService&response_mode=form_post&nonce=638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl&state=CfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.15.1.0 - - [04:22:07 INF] The request URI matched a server endpoint: Authorization. [04:22:07 INF] The authorization request was successfully extracted: { "client_id": "PublicWeb", "redirect_uri": "https://publicweb.mydomain.com/signin-oidc", "response_type": "code id_token", "scope": "openid profile roles email phone AccountService AdministrationService ProductService", "response_mode": "form_post", "nonce": "638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl", "state": "CfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg", "x-client-SKU": "ID_NETSTANDARD2_0", "x-client-ver": "6.15.1.0" }. [04:22:07 INF] The authorization request was successfully validated. [04:22:07 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [04:22:07 INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). [04:22:07 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [04:22:08 INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. [04:22:08 INF] The authorization response was successfully returned to 'https://publicweb.mydomain.com/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg", "iss": "https://authserver.mydomain.com/" }. [04:22:08 INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 84.4659ms [04:22:08 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [04:22:08 INF] Request finished HTTP/1.1 GET http://authserver.mydomain.com/connect/authorize?client_id=PublicWeb&redirect_uri=https%3A%2F%2Fpublicweb.mydomain.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20AdministrationService%20ProductService&response_mode=form_post&nonce=638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl&state=CfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.15.1.0 - - - 200 2052 text/html;charset=UTF-8 101.1029ms [04:22:08 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.com/connect/token - - [04:22:08 INF] The request URI matched a server endpoint: Token. [04:22:08 INF] The request was rejected because an invalid HTTP method was specified: GET. [04:22:08 INF] The response was successfully returned as a JSON document: { "error": "invalid_request", "error_description": "The specified HTTP method is not valid.", "error_uri": "https://documentation.openiddict.com/errors/ID2084" }. [04:22:08 INF] Request finished HTTP/1.1 GET http://authserver.mydomain.com/connect/token - - - 400 167 application/json;charset=UTF-8 0.7235ms [04:22:08 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.com/ - - [04:22:08 INF] Executing endpoint '/Index' [04:22:08 INF] Route matched with {page = "/Index", area = "", action = "", controller = ""}. Executing page /Index [04:22:08 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [04:22:08 INF] Executing handler method testmvc.AuthServer.Pages.IndexModel.OnGet - ModelState is Valid [04:22:08 INF] Executed handler method OnGet, returned result Microsoft.AspNetCore.Mvc.RedirectResult. [04:22:08 INF] Executing RedirectResult, redirecting to /Account/Login. [04:22:08 INF] Executed page /Index in 0.7039ms [04:22:08 INF] Executed endpoint '/Index' [04:22:08 INF] Request finished HTTP/1.1 GET http://authserver.mydomain.com/ - - - 302 0 - 18.2350ms [04:22:09 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.com/ - - [04:22:09 INF] Executing endpoint '/Index' [04:22:09 INF] Route matched with {page = "/Index", area = "", action = "", controller = ""}. Executing page /Index [04:22:09 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [04:22:09 INF] Executing handler method testmvc.AuthServer.Pages.IndexModel.OnGet - ModelState is Valid [04:22:09 INF] Executed handler method OnGet, returned result Microsoft.AspNetCore.Mvc.RedirectResult. [04:22:09 INF] Executing RedirectResult, redirecting to /Account/Login. [04:22:09 INF] Executed page /Index in 0.5982ms [04:22:09 INF] Executed endpoint '/Index' [04:22:09 INF] Request finished HTTP/1.1 GET http://authserver.mydomain.com/ - - - 302 0 - 6.7258ms

  • 0
    maliming created
    Support Team

    Is it possible that your AuthServer changed the request method?

    Is there a Reverse Proxy Server?

    [04:22:08 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.com/connect/token - -
    [04:22:08 INF] The request URI matched a server endpoint: Token.
    [04:22:08 INF] The request was rejected because an invalid HTTP method was specified: GET.
    [04:22:08 INF] The response was successfully returned as a JSON document: 
    {
        "error": "invalid_request",
        "error_description": "The specified HTTP method is not valid.",
        "error_uri": "https://documentation.openiddict.com/errors/ID2084"
    }
    

  • 0
    amolk created

    We have deployed fresh template as it is. Haven't made any change. Where should we look for Reverse Proxy Server?

  • 0
    maliming created
    Support Team

    hi

    I don't understand why the request changed from Post to Get

    Can you share the url of the website? [email protected]

  • 0
    maliming created
    Support Team

    hi

    You seem to be using a microservice project.

    Can you share the details of the deployment to azure?

  • 0
    amolk created

    Can you please help me understand what type of deployment details you need? It is deployed on AKS V1.24.6

  • 0
    maliming created
    Support Team

    hi

    I'll ask the microservices teammate.

  • 0
    amolk created

    Hello,

    Any update on this?

  • 0
    amolk created

    Hello,

    Any update on this?

  • 0
    gterdem created
    Support Team

    Hello,

    [04:22:07 INF] Request finished HTTP/1.1 POST http://authserver.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DPublicWeb%26redirect_uri%3Dhttps%253A%252F%252Fpublicweb.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520AdministrationService%2520ProductService%26response_mode%3Dform_post%26nonce%3D638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl%26state%3DCfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D6.15.1.0 application/x-www-form-urlencoded 291 - 302 0 - 532.6852ms
    

    This is your initial request and it seems to be redirected. It seems there is a reverse proxy redirecting this request. It can be related to cloudflare if you are using or something else.

    And why do you set "RequireHttpsMetadata": "true", on public-web application? What is your deployed /.well-known/openid-configuration endpoint?

  • 0
    amolk created

    By default,RequireHttpsMetadata is set to true in public web app. Now we set it to false, but still facing same error.

    https://authserver.mydomain.com/.well-known/openid-configuration endpoint

    { "issuer": "https://authserver.mydomain.com/", "authorization_endpoint": "http://authserver.mydomain.com/connect/authorize", "token_endpoint": "http://authserver.mydomain.com/connect/token", "introspection_endpoint": "http://authserver.mydomain.com/connect/introspect", "end_session_endpoint": "http://authserver.mydomain.com/connect/logout", "revocation_endpoint": "http://authserver.mydomain.com/connect/revocat", "userinfo_endpoint": "http://authserver.mydomain.com/connect/userinfo", "device_authorization_endpoint": "http://authserver.mydomain.com/device", "jwks_uri": "http://authserver.mydomain.com/.well-known/jwks", "grant_types_supported": [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code", "LinkLogin", "Impersonation" ], "response_types_supported": [ "code", "code id_token", "code id_token token", "code token", "id_token", "id_token token", "token", "none" ], "response_modes_supported": [ "form_post", "fragment", "query" ], "scopes_supported": [ "openid", "offline_access", "email", "profile", "phone", "roles", "address" ], "claims_supported": [ "aud", "exp", "iat", "iss", "sub" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "claims_parameter_supported": false, "request_parameter_supported": false, "request_uri_parameter_supported": false, "authorization_response_iss_parameter_supported": true }

  • 0
    maliming created
    Support Team

    Are you using a reverse proxy server? If so, how is it configured?

  • 0
    amolk created

    No, we are not using a reverse proxy server

  • 0
    maliming created
    Support Team

    What are the steps for you to deploy to AKS? configuration files?

  • 0
    amolk created

    We are using YAML files for the deployment.

  • 0
    maliming created
    Support Team

    Can you share the YAML files?

  • 0
    amolk created

    Yes, shared the YAML files.

  • 0
    maliming created
    Support Team

    hi

    Can you try using nginx as Ingress Service ?

  • 0
    gterdem created
    Support Team

    You are using kubernetes.io/ingress.class: azure/application-gateway. It seems like it is related to that. I have no idea about azure/application-gateway but I assume there is a guide, gui about configuring it since it seems like a gateway.

  • 0
    amolk created

    Hello,

    We tried deploying the app using nginx instead application gateway. But we are facing same issue as reported : "400 internal error occurred during your request !" Also images on the landing pages are broken.

  • 0
    maliming created
    Support Team

    Does the local K8S have this problem? Does this problem only exist in Azure?

  • 0
    amolk created

    This issue is only in Azue. Locally it works fine. Signin-oidc URL throws 400 error on Azure.

  • 0
    maliming created
    Support Team

    hi

    We are not experts of azure, Can you ask azure support staff?

  • 0
    amolk created

    Azure support team said everything is fine from their end. There might be some code issues

  • 0
    maliming created
    Support Team

    Local k8s works, indicating that this is not a code problem, but an environmental problem.

  • 0
    amolk created

    locally IsOnK8s is false in Kubernetes we are changing that to true

    these are the logs of publicwebapp

    [08:36:34 INF] Request starting HTTP/1.1 POST http://publicweb.domain.in/signin-oidc application/x-www-form-urlencoded 1623 [08:36:35 ERR] Exception occurred while processing message. System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).

  • 0
    maliming created
    Support Team

    changing that to true

    Please clear all logs and try to log in, then share all logs. Thanks

  • 0
    amolk created

    [09:08:48 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Account/Login - - [09:08:48 INF] Executing endpoint 'testmvc.PublicWeb.Controllers.AccountController.Login (testmvc.PublicWeb)' [09:08:48 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller testmvc.PublicWeb.Controllers.AccountController (testmvc.PublicWeb). [09:08:48 INF] Executing ChallengeResult with authentication schemes (["oidc"]). [09:08:49 INF] AuthenticationScheme: oidc was challenged. [09:08:49 INF] Executed action testmvc.PublicWeb.Controllers.AccountController.Login (testmvc.PublicWeb) in 242.9054ms [09:08:49 INF] Executed endpoint 'testmvc.PublicWeb.Controllers.AccountController.Login (testmvc.PublicWeb)' [09:08:49 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Account/Login - - - 302 0 - 247.9773ms [09:08:55 INF] Request starting HTTP/1.1 POST http://publicweb.domain.in/signin-oidc application/x-www-form-urlencoded 1623 [09:08:56 ERR] Exception occurred while processing message. System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() [09:08:56 INF] Error from RemoteAuthentication: Response status code does not indicate success: 401 (Unauthorized).. [09:08:56 ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.GetUserInformationAsync(OpenIdConnectMessage message, JwtSecurityToken jwt, ClaimsPrincipal principal, AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler 1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context) at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context) at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task) [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task 1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [09:08:56 WRN] The required antiforgery request token was not provided in either form field "__RequestVerificationToken" or header value "RequestVerificationToken". [09:08:56 INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'. [09:08:56 INF] Executing StatusCodeResult, setting HTTP status code 400 [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 4.8833ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Request finished HTTP/1.1 POST http://publicweb.domain.in/signin-oidc application/x-www-form-urlencoded 1623 - 302 0 - 291.4193ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=400 - - [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task 1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [09:08:56 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [09:08:56 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 10.6264ms. [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 12.8478ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 13.9861ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/__bundles/LeptonX.Global.93323F96EFDA8E72586BA53EC07EC0CC.css?_v=638108393257921123 - - [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css?_v=638108393268180293 - - [09:08:56 INF] The file /__bundles/LeptonX.Global.93323F96EFDA8E72586BA53EC07EC0CC.css was not modified [09:08:56 INF] Sending file. Request path: '/__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css'. Physical path: 'N/A' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css?_v=638108393268180293 - - - 200 168 text/css 0.8408ms [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/__bundles/LeptonX.Global.93323F96EFDA8E72586BA53EC07EC0CC.css?_v=638108393257921123 - - - 304 - text/css 2.9592ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/api/account/profile-picture-file/ - - [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/__bundles/LeptonX.Global.7C52D832CFF1FE12C30D365E0ABA8293.js?_v=638108393264672610 - - [09:08:56 INF] The file /__bundles/LeptonX.Global.7C52D832CFF1FE12C30D365E0ABA8293.js was not modified [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/__bundles/LeptonX.Global.7C52D832CFF1FE12C30D365E0ABA8293.js?_v=638108393264672610 - - - 304 - application/javascript 0.5117ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Abp/ApplicationLocalizationScript?cultureName=en - - [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/api/account/profile-picture-file/ - - - 302 0 - 6.6612ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Abp/ApplicationConfigurationScript - - [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Abp/ServiceProxyScript - - [09:08:56 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [09:08:56 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 5.7943ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Abp/ServiceProxyScript - - - 200 8170 application/javascript 7.1387ms [09:08:56 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 12.2527ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Abp/ApplicationConfigurationScript - - - 200 3019 application/javascript 13.8801ms [09:08:56 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 16.2644ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 37558 application/javascript 19.5811ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=404 - - [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task 1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [09:08:56 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. [09:08:56 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 5.7186ms. [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 7.158ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 8.0069ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/libs/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2 - - [09:08:56 INF] Sending file. Request path: '/libs/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2'. Physical path: '/app/wwwroot/libs/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/libs/@fortawesome/fontawesome-free/webfonts/fa-regular-400.woff2 - - - 200 13224 font/woff2 0.9160ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/api/account/profile-picture-file/ - - [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/api/account/profile-picture-file/ - - - 302 0 - 0.6499ms [09:08:56 INF] Request starting HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=404 - - [09:08:56 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [09:08:56 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. [09:08:56 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 6.209ms. [09:08:56 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 7.9914ms [09:08:56 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [09:08:56 INF] Request finished HTTP/1.1 GET http://publicweb.domain.in/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 9.2092ms

  • 0
    maliming created
    Support Team

    hi

    Can you share these logs by email?

    Web and AuthServer

  • 0
    maliming created
    Support Team

    hi

    Please send the AuthServer logs as well.

  • 0
    amolk created

    AuthServer logs and PublicWebApp logs are present in logs.txt file once check mail

  • 0
    maliming created
    Support Team

    AuthServer first returns the access_token, and the Web will check it, and try to use it to get UserInfo. But AuthServer says it doesn't exist. I really don't understand.

    It seems that the HTTP request has been tampered with.

    [09:31:12 INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal.
    [09:31:12 INF] The token 'eee2d6af-f98a-0c19-2a7a-3a091e7db469' was successfully marked as redeemed.
    [09:31:12 INF] The response was successfully returned as a JSON document: {
      "access_token": "[redacted]",
      "token_type": "Bearer",
      "expires_in": 3600,
      "scope": "openid profile roles email phone AccountService AdministrationService ProductService",
      "id_token": "[redacted]"
    }.
    [09:31:12 INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 86.1095ms
    [09:31:12 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
    [09:31:12 INF] Request finished HTTP/1.1 POST http://authserver.domain.in/connect/token application/x-www-form-urlencoded 193 - 200 2732 application/json;charset=UTF-8 235.7982ms
    [09:31:12 INF] Request starting HTTP/1.1 GET http://authserver.domain.in/connect/userinfo - -
    [09:31:12 INF] The request URI matched a server endpoint: Userinfo.
    [09:31:12 INF] The userinfo request was successfully extracted: {}.
    [09:31:12 INF] The userinfo request was rejected because the mandatory 'access_token' parameter was missing.
    [09:31:12 INF] The response was successfully returned as a challenge response: {
      "error": "missing_token",
      "error_description": "The mandatory 'access_token' parameter is missing.",
      "error_uri": "https://documentation.openiddict.com/errors/ID2029"
    }.
    [09:31:12 INF] Request finished HTTP/1.1 GET http://authserver.domain.in/connect/userinfo - - - 302 0 - 9.2758ms
    [09:31:12 INF] Request starting HTTP/1.1 GET http://authserver.domain.in/Error?httpStatusCode=401 - -