Synchronous Communication between Microservices #6506 | Support Center | ABP Commercial

abp4@feelaware.com created 3 months ago

ABP Framework version: v7.3.2
UI Type: MVC
Database System: EF Core (PostgreSQ)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:

When deploying to Docker When calling another microservie using "Synchronous Communication between Microservices", the error below occurs.

I need help.

[03:41:42 INF] Sending HTTP request GET https://10.200.40.25:44322/.well-known/openid-configuration [03:41:42 ERR] ---------- RemoteServiceErrorInfo ---------- { "code": null, "message": "An internal error occurred during your request!", "details": null, "data": {}, "validationErrors": null }

[03:41:42 ERR] Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://10.200.40.25:44322/.well-known/openid-configuration. The SSL connection could not be established, see inner exception.. Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://10.200.40.25:44322/.well-known/openid-configuration. The SSL connection could not be established, see inner exception.. at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName) at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at SCH.AdminPortalService.Projects.ProjectClientProxy.GetListAsync(GetProjectsInput input) in /var/lib/jenkins/workspace/SmartCloudHub-Docker/services/adminPortal/src/SCH.AdminPortalService.HttpApi.Client/ClientProxies/SCH/AdminPortalService/Projects/ProjectClientProxy.Generated.cs:line 22 at lambda_method1500(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [03:41:42 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'.

4 Answer(s)

0

Anjali_Musmade created 3 months ago
Support Team Support Team Member

Hi,

please check this similar issue https://support.abp.io/QA/Questions/4558/The-SSL-connection-could-not-be-established-see-inner-exception--BLAZOR-SERVER

also check this discussion https://github.com/abpframework/abp/issues/11844

thanks

gterdem created 3 months ago

Support Team Senior .NET Developer

In the MVC/BlazorServer apps, you can see a configuration as below under the OpenIdConnect configuration:

if (Convert.ToBoolean(configuration["AuthServer:IsOnK8s"]))
    {
        context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
        {
            options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
                                      ".well-known/openid-configuration";

            var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
            options.Events.OnRedirectToIdentityProvider = async ctx =>
            {
                // Intercept the redirection so the browser navigates to the right URL in your host
                ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";

                if (previousOnRedirectToIdentityProvider != null)
                {
                    await previousOnRedirectToIdentityProvider(ctx);
                }
            };
            var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
            options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
            {
                // Intercept the redirection for signout so the browser navigates to the right URL in your host
                ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";

                if (previousOnRedirectToIdentityProviderForSignOut != null)
                {
                    await previousOnRedirectToIdentityProviderForSignOut(ctx);
                }
            };
        });

You should be setting [AuthServer:IsOnK8s] to true since you are running it on containers; which means you will be logging in through the browser but obtaining/validating the tokens through the internal network. Set the [AuthServerMetaAddress] to real DNS. Set the [AuthServerMetaAddress] to internal docker service address.

0

abp4@feelaware.com created 3 months ago

Hi,

please check this similar issue https://support.abp.io/QA/Questions/4558/The-SSL-connection-could-not-be-established-see-inner-exception--BLAZOR-SERVER

also check this discussion https://github.com/abpframework/abp/issues/11844

thanks

thank you for your help.

I checked it and The general web - gateway - service route works well, but this phenomenon only occurs in communication between microservices.
0
gterdem created 3 months ago
Support Team Senior .NET Developer
Okay, now I understand.

First, for microservice-to-microservice calls, we introduced Integration Services. We strongly recomment using integration services for this kind of usage.

If you want to keep using existing authorized endpoints, you probably have IdentityClient configuration as below:

"IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "BookStore_OrderService", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", -> On production this must be the internal service name "Scope": "ProductService" } }

Instead of using https://10.200.40.25:44322 try using docker service name something like http://myauthservice.

The token validation etc should be (will be) done through the internal network.

Have an answer to this question? Log in and write your answer.