Single Auth Server With Tenant and Multiple Application #6553

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

What was the problem or error you got?

0

dipak.z created 3 months ago

hi

What was the problem or error you got?

I Created Project from abp suite with separate tenant schema and Tiered as Auth Server i created another project with Application Template . now i want to use Auth Server for Authentication and Authorization in this and same for other two projects.because in this already openiddict and login register all. and all projects has own pages and apis and also tenant base and use database of tenant which are configure in auth server tenant.

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

I Created Project from abp suite with separate tenant schema and Tiered as Auth Server i created another project with Application Template .

There is a Web host project in MVC tiered projects. which uses AddAbpOpenIdConnect in it.

https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L142-L213

You can check this project.

0

dipak.z created 3 months ago

I Created Different Solution from ABP Suite (Application Template/EF CorePostgres/MVC) in this solution i have Models and its tenant based and i want to use auth server identity (with tenant) use in this solution

Auth Server is in Different solution and its used Different database

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

You can add OpenIdConnect as authentication to your new app and then add a new client/application on the Authserver project.

See https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L142-L213

0

dipak.z created 3 months ago

In WebModule I added

private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration) { context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); options.CheckTokenExpiration(); }) .AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"); options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

         options.ClientId = configuration["AuthServer:ClientId"];
         options.ClientSecret = configuration["AuthServer:ClientSecret"];

         options.UsePkce = true;
         options.SaveTokens = true;
         options.GetClaimsFromUserInfoEndpoint = true;

         options.Scope.Add("roles");
         options.Scope.Add("email");
         options.Scope.Add("phone");
         options.Scope.Add("ULB");
     });
 /*
 * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
 * Configuring the redirecting URLs for internal network and the web
 * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
 * The token acquired and validated from the the internal network AuthServer URL.
 */
 if (configuration.GetValue&lt;bool&gt;("AuthServer:IsContainerized"))
 {
     context.Services.Configure&lt;OpenIdConnectOptions&gt;("oidc", options =>
     {
         options.TokenValidationParameters.ValidIssuers = new[]
         {
                 configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
                 configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
             };

         options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
                                 ".well-known/openid-configuration";

         var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
         options.Events.OnRedirectToIdentityProvider = async ctx =>
         {
             // Intercept the redirection so the browser navigates to the right URL in your host
             ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";

             if (previousOnRedirectToIdentityProvider != null)
             {
                 await previousOnRedirectToIdentityProvider(ctx);
             }
         };
         var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
         options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
         {
             // Intercept the redirection for signout so the browser navigates to the right URL in your host
             ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";

             if (previousOnRedirectToIdentityProviderForSignOut != null)
             {
                 await previousOnRedirectToIdentityProviderForSignOut(ctx);
             }
         };
     });
 }

 context.Services.Configure&lt;AbpClaimsPrincipalFactoryOptions&gt;(options =>
 {
     options.IsDynamicClaimsEnabled = true;
 });

}

then throw when i click on login button =>

An unhandled exception occurred while processing the request. ComponentNotRegisteredException: The requested service 'Volo.Abp.Account.Public.Web.Pages.Account.LoginModel' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency.

See https://autofac.rtfd.io/help/service-not-registered for more info. Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable<Parameter> parameters)

Stack Query Cookies Headers Routing ComponentNotRegisteredException: The requested service 'Volo.Abp.Account.Public.Web.Pages.Account.LoginModel' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency. See https://autofac.rtfd.io/help/service-not-registered for more info.

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

Please share the source code of your WebModule and WebModule.csproj; I think you should remove the account module from the csproj file.

0

dipak.z created 3 months ago

hi

Please share the source code of your WebModule and WebModule.csproj; I think you should remove the account module from the csproj file.

Only From Web Project?

0

maliming created 3 months ago

Support Team Fullstack Developer

Yes, Let me take a look at these two files first.

Thanks, liming.ma@volosoft.com

WebModule.cs and WebModule.csproj

0

dipak.z created 3 months ago

i created Application Template/MVC/EfCore(Postgres) from Abp Suite (No selected any other tired or seprate tenant scehma / public site all are unchecked) and in this in web project i changed ConfigureAuthentication method as per given. not changed anything in web module it is as it is which are created

0

maliming created 3 months ago

Support Team Fullstack Developer

ok

Please try to remove the below code

csproj: <ProjectReference Include="..\..\..\..\..\account\src\Volo.Abp.Account.Pro.Public.Web.OpenIddict\Volo.Abp.Account.Pro.Public.Web.OpenIddict.csproj" />

cs: AbpAccountPublicWebOpenIddictModule

Add a new class.

public class AccountController : ChallengeAccountController
{

}

0

dipak.z created 3 months ago

An unhandled exception occurred while processing the request. ComponentNotRegisteredException: The requested service 'Volo.Abp.AspNetCore.Authentication.OpenIdConnect.IOpenIdLocalUserCreationClient' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency.

See https://autofac.rtfd.io/help/service-not-registered for more info.

Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable<Parameter> parameters) AuthenticationFailureException: An error was encountered while handling the remote login.

Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

Stack Query Cookies Headers Routing 

ComponentNotRegisteredException: The requested service 'Volo.Abp.AspNetCore.Authentication.OpenIdConnect.IOpenIdLocalUserCreationClient' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency. See https://autofac.rtfd.io/help/service-not-registered for more info.

i removed typeof(AbpAccountPublicWebOpenIddictModule), from webmodule.cs

0

dipak.z created 3 months ago

<PropertyGroup> <TargetFramework>net8.0</TargetFramework> <Nullable>enable</Nullable> <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel> <RootNamespace>ULB.Web</RootNamespace> <AssetTargetFallback>$(AssetTargetFallback);portable-net45+win8+wp8+wpa81;</AssetTargetFallback> <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects> <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType> <GenerateRuntimeConfigurationFiles>true</GenerateRuntimeConfigurationFiles> <MvcRazorExcludeRefAssembliesFromPublish>false</MvcRazorExcludeRefAssembliesFromPublish> <PreserveCompilationReferences>true</PreserveCompilationReferences> </PropertyGroup>

<ItemGroup Condition="Exists('./openiddict.pfx')"> <None Remove="openiddict.pfx" /> <EmbeddedResource Include="openiddict.pfx"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </EmbeddedResource> </ItemGroup>

<ItemGroup> <Content Include="Pages**.js"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </Content> <Content Include="Pages**.css"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </Content> </ItemGroup>

</Project>

this is the web project .csproj file

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

Try to depend on the typeof(AbpAspNetCoreAuthenticationOpenIdConnectModule) in your web project.

0

dipak.z created 3 months ago

Yes ,Thank You but its works if i use same database for both but if i change the database of the application and auth server then its not work...i want Different Database for Auth Server and Different for Application

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

but if i change the database of the application and auth server then its not work.

Please share the details of your changes and logs. Thanks.

0

dipak.z created 3 months ago

In Auth Server i Used IdentityAuth database and in Application I Used Different database .

in Application i removed below code from WebModule and remove account package

typeof(AbpAccountPublicWebOpenIddictModule), app.UseAbpOpenIddictValidation();

added Volo.Abp.AspNetCore.Authentication.OpenIdConnect this package and typeof(AbpAspNetCoreAuthenticationOpenIdConnectModule) in web project of application

due to different database in application project

[10:00:58 WRN] User not found: 3a10485f-3e23-7e7e-31da-5bdee5aba0af Volo.Abp.Domain.Entities.EntityNotFoundException: There is no such an entity. Entity type: Volo.Abp.Identity.IdentityUser, id: 3a10485f-3e23-7e7e-31da-5bdee5aba0af at Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.<>c__DisplayClass23_0.<<GetAsync>b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context)

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id)

Which project does the log come from?

Please share the full request logs.

0

dipak.z created 3 months ago

hi

Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id)

Which project does the log come from?

Please share the full request logs.

from Application's Web Project logfile

2024-01-29 10:00:58.413 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44319/_vs/browserLink - 200 null text/javascript; charset=UTF-8 13.2284ms 2024-01-29 10:00:58.413 +05:30 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' 2024-01-29 10:00:58.414 +05:30 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). 2024-01-29 10:00:58.416 +05:30 [DBG] Filling dynamic claims cache for user: 3a10485f-3e23-7e7e-31da-5bdee5aba0af 2024-01-29 10:00:58.416 +05:30 [WRN] User not found: 3a10485f-3e23-7e7e-31da-5bdee5aba0af Volo.Abp.Domain.Entities.EntityNotFoundException: There is no such an entity. Entity type: Volo.Abp.Identity.IdentityUser, id: 3a10485f-3e23-7e7e-31da-5bdee5aba0af at Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.<>c__DisplayClass23_0.<<GetAsync>b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable`1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context) 2024-01-29 10:00:58.417 +05:30 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' 2024-01-29 10:00:58.417 +05:30 [INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). 2024-01-29 10:00:58.448 +05:30 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid" 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/timeago/jquery.timeago.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\timeago\jquery.timeago.js' 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/abp/luxon/abp.luxon.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\abp\luxon\abp.luxon.js' 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/bootstrap-daterangepicker/daterangepicker.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\bootstrap-daterangepicker\daterangepicker.js' 2024-01-29 10:00:58.450 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44319/libs/abp/luxon/abp.luxon.js?_v=638415968503970000 - 499 1361 application/javascript 87.2179ms

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

Please try to set IsDynamicClaimsEnabled of AbpClaimsPrincipalFactoryOptions to false in Application's Web Project.

It indirectly depends on the Identity module.

You can also add AbpIdentity to your ConnectionStrings.

  "ConnectionStrings": {
    "Default": "",
    "AbpIdentity": ""
  },

0

dipak.z created 3 months ago

private void ConfigureAuthentication(ServiceConfigurationContext context) { // context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; }); }

its already enabled

0

maliming created 3 months ago

Support Team Fullstack Developer

hi

set IsDynamicClaimsEnabled of AbpClaimsPrincipalFactoryOptions to false

0

dipak.z created 3 months ago

i have to remove this app.UseDynamicClaims(); also?

i set this to IsDynamicClaimsEnabled to false but same error occured i set ConnectionString AbpIdentity in appsetting.json any other settings?

0

dipak.z created 3 months ago

namespace ULBIDC.EntityFrameworkCore;

[ReplaceDbContext(typeof(IIdentityProDbContext))] [ReplaceDbContext(typeof(ISaasDbContext))] [ConnectionStringName("Default")] public class ULBIDCDbContext : AbpDbContext<ULBIDCDbContext>, IIdentityProDbContext, ISaasDbContext { ...... }

in db context there is any option to give Identity Connection String?

0

maliming created 3 months ago

Support Team Fullstack Developer

If IsDynamicClaimsEnabled is false then UseDynamicClaims will skip it.

https://docs.abp.io/en/abp/latest/Connection-Strings#configure-the-connection-strings

33 Answer(s)