Open Closed

With tenant selected the token no longer exists when deployed to IIS Server #4664

User avatar
0
trendline created
  • ABP Framework version: v7.0.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:

deployed to IIS server, when selected a tenant login, the auth server logging below logs:

2023-03-08 12:23:23.963 +08:00 [INF] Request finished HTTP/2 POST https://account2.yxx.top/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient\_id%3DSchool\_Web%26redirect\_uri%3Dhttps%253A%252F%252Fschool.yxx.top%252Fsignin-oidc%26response\_type%3Dcode%2520id\_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520School%26response\_mode%3Dform\_post%26nonce%3D638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz%26state%3DCfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q%26x-client-SKU%3DID\_NET6\_0%26x-client-ver%3D6.15.1.0 application/x-www-form-urlencoded 291 - 302 - - 282.5697ms
2023-03-08 12:23:23.971 +08:00 [INF] CAP message 'Volo.Abp.Users.User.Updated' published, internal id '7648707208777474049'
2023-03-08 12:23:24.001 +08:00 [INF] Request starting HTTP/2 GET https://account2.yxx.top/connect/authorize?client\_id=School\_Web&redirect\_uri=https%3A%2F%2Fschool.yxx.top%2Fsignin-oidc&response\_type=code%20id\_token&scope=openid%20profile%20roles%20email%20phone%20School&response\_mode=form\_post&nonce=638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz&state=CfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q&x-client-SKU=ID\_NET6\_0&x-client-ver=6.15.1.0 - -
2023-03-08 12:23:24.002 +08:00 [INF] The request URI matched a server endpoint: "Authorization".
2023-03-08 12:23:24.002 +08:00 [INF] The authorization request was successfully extracted: {
"client\_id": "School\_Web",
"redirect\_uri": "https://school.yxx.top/signin-oidc",
"response\_type": "code id\_token",
"scope": "openid profile roles email phone School",
"response\_mode": "form\_post",
"nonce": "638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz",
"state": "CfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q",
"x-client-SKU": "ID\_NET6\_0",
"x-client-ver": "6.15.1.0"
}.
2023-03-08 12:23:24.008 +08:00 [INF] Executing subscriber method 'CmsUserSynchronizer.HandleEventAsync' on group 'cap.queue.viewtance.srp.authserver.0.v1'
2023-03-08 12:23:24.039 +08:00 [INF] The authorization request was successfully validated.
2023-03-08 12:23:24.052 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.053 +08:00 [INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). 2023-03-08 12:23:24.053 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-03-08 12:23:24.091 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 2023-03-08 12:23:24.131 +08:00 [INF] The authorization response was successfully returned to 'https://school.yxx.top/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8B3bBiDHFkhLrQs4_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5_p0P_MKt6Ano6XGkKraandkBPY_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q", "iss": "https://account2.yxx.top/" }. 2023-03-08 12:23:24.132 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 79.1682ms 2023-03-08 12:23:24.132 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.134 +08:00 [INF] Request finished HTTP/2 GET https://account2.yxx.top/connect/authorize?client_id=School_Web&redirect_uri=https%3A%2F%2Fschool.yxx.top%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20School&response_mode=form_post&nonce=638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz&state=CfDJ8B3bBiDHFkhLrQs4_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5_p0P_MKt6Ano6XGkKraandkBPY_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q&x-client-SKU=ID_NET6_0&x-client-ver=6.15.1.0 - - - 200 2118 text/html;charset=UTF-8 132.9270ms 2023-03-08 12:23:24.259 +08:00 [INF] Request starting HTTP/1.1 POST https://account2.yxx.top/connect/token application/x-www-form-urlencoded 183 2023-03-08 12:23:24.260 +08:00 [INF] The request URI matched a server endpoint: "Token". 2023-03-08 12:23:24.270 +08:00 [INF] The token request was successfully extracted: { "client_id": "School_Web", "client_secret": "[redacted]", "code": "[redacted]", "grant_type": "authorization_code", "redirect_uri": "https://school.yxx.top/signin-oidc" }. 2023-03-08 12:23:24.292 +08:00 [INF] Executed subscriber method 'CmsUserSynchronizer.HandleEventAsync' on group 'cap.queue.viewtance.srp.authserver.0.v1' with instance '172_21_0_11' in 278.9283ms 2023-03-08 12:23:24.306 +08:00 [INF] The token request was successfully validated. 2023-03-08 12:23:24.309 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.309 +08:00 [INF] Route matched with {action = "Handle", controller = "Token", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.TokenController (Volo.Abp.OpenIddict.AspNetCore).
2023-03-08 12:23:24.309 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2023-03-08 12:23:24.323 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal.
2023-03-08 12:23:24.338 +08:00 [INF] The token 'a82fcef4-1f86-77c8-2539-3a09d1a27ebe' was successfully marked as redeemed.
2023-03-08 12:23:24.382 +08:00 [INF] The response was successfully returned as a JSON document: {
"access\_token": "[redacted]",
"token\_type": "Bearer",
"expires\_in": 3600,
"scope": "openid profile roles email phone School",
"id\_token": "[redacted]"
}.
2023-03-08 12:23:24.382 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 72.9924ms
2023-03-08 12:23:24.382 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.389 +08:00 [INF] Request finished HTTP/1.1 POST https://account2.yxx.top/connect/token application/x-www-form-urlencoded 183 - 200 2783 application/json;charset=UTF-8 129.8559ms
2023-03-08 12:23:24.390 +08:00 [INF] Request starting HTTP/1.1 GET https://account2.yxx.top/connect/userinfo - -
2023-03-08 12:23:24.390 +08:00 [INF] The request URI matched a server endpoint: "Userinfo".
2023-03-08 12:23:24.391 +08:00 [INF] The userinfo request was successfully extracted: {
"access\_token": "[redacted]"
}.
2023-03-08 12:23:24.395 +08:00 [INF] The userinfo request was successfully validated.
2023-03-08 12:23:24.398 +08:00 [INF] The authentication demand was rejected because the token had no valid audience.
2023-03-08 12:23:24.399 +08:00 [INF] OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
2023-03-08 12:23:24.399 +08:00 [INF] OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
2023-03-08 12:23:24.401 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.401 +08:00 [INF] Route matched with {action = "Userinfo", controller = "UserInfo", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Userinfo() on controller Volo.Abp.OpenIddict.Controllers.UserInfoController (Volo.Abp.OpenIddict.AspNetCore). 2023-03-08 12:23:24.401 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-03-08 12:23:24.404 +08:00 [INF] Executing ChallengeResult with authentication schemes (["OpenIddict.Server.AspNetCore"]). 2023-03-08 12:23:24.412 +08:00 [INF] The response was successfully returned as a challenge response: { "error": "invalid_token", "error_description": "The specified access token is bound to an account that no longer exists.", "error_uri": "https://documentation.openiddict.com/errors/ID2025" }. 2023-03-08 12:23:24.412 +08:00 [INF] AuthenticationScheme: OpenIddict.Server.AspNetCore was challenged. 2023-03-08 12:23:24.412 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore) in 11.271ms 2023-03-08 12:23:24.412 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.413 +08:00 [INF] Request finished HTTP/1.1 GET https://account2.yxx.top/connect/userinfo - - - 302 - - 23.6954ms 2023-03-08 12:23:24.414 +08:00 [INF] Request starting HTTP/1.1 GET https://account2.yxx.top/Error?httpStatusCode=401 - - 2023-03-08 12:23:24.417 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2023-03-08 12:23:24.418 +08:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
2023-03-08 12:23:24.424 +08:00 [INF] Executing ViewResult, running view \~/Views/Error/401.cshtml.
2023-03-08 12:23:24.438 +08:00 [INF] Executed ViewResult - view \~/Views/Error/401.cshtml executed in 14.5437ms.
2023-03-08 12:23:24.438 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 20.2675ms
2023-03-08 12:23:24.438 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-03-08 12:23:24.439 +08:00 [INF] Request finished HTTP/1.1 GET https://account2.yxx.top/Error?httpStatusCode=401 - - - 401 - text/html;+charset=utf-8 24.7454ms
2023-03-08 12:23:35.459 +08:00 [INF] Request starting HTTP/2 GET https://account2.yxx.top/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient\_id%3DSchool\_Web%26redirect\_uri%3Dhttps%253A%252F%252Fschool.yxx.top%252Fsignin-oidc%26response\_type%3Dcode%2520id\_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520School%26response\_mode%3Dform\_post%26nonce%3D638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz%26state%3DCfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q%26x-client-SKU%3DID\_NET6\_0%26x-client-ver%3D6.15.1.0 - -
2023-03-08 12:23:35.466 +08:00 [INF] Executing endpoint '/Account/Login'

<br>
* **Steps to reproduce the issue**:" deployed to IIS server, login with a tenant

In development Environment, the tenant id was taken, all processes working well. with below logs:
2023-03-08 01:04:12.931 +08:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ExtractTokenRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ExtractBasicAuthenticationCredentials\`1[[OpenIddict.Server.OpenIddictServerEvents+ExtractTokenRequestContext, OpenIddict.Server, Version=4.0.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
2023-03-08 01:04:12.931 +08:00 [INF] The token request was successfully extracted: {
 "client\_id": "School\_Web",
 "client\_secret": "[redacted]",
 "code": "[redacted]",
 "grant\_type": "authorization\_code",
 "redirect\_uri": "https://localhost:44302/signin-oidc",
 "\_\_tenant": "9c328224-e94b-eae6-7586-39fbfa952785"
}.
2023-03-08 01:04:12.931 +08:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ExtractTokenRequest.
Go to accepted answer
4 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The specified access token is bound to an account that no longer exists

    Please try to clear the Redis cache.

  • User Avatar
    0
    trendline created

    The specified access token is bound to an account that no longer exists

    Please try to clear the Redis cache.

    Tried, still occurred

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The authentication demand was rejected because the token had no valid audience.

  • User Avatar
    0
    trendline created

    Thanks, maliming, problems resolved by your suggestions

Assignee
User avatar maliming
Labels
Non yet
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11