Activities of "aeffegroup"
Since we haven't received an answer yet and we still have this problem let me clarify it again.
Deployment Scenario 1 We have deployed our ABP.IO application (frontend Angular and .NET Core backend) on an application server and configured everything to work with HTTP. Let's assume the DNS names for frontend and backend are "frontend.domain.com" and "backend.domain.com"; both DNS entries resolve to a private IP address (i.e. 10.10.10.10). We have configured the allowed CORS origin on the backend to allow http://frontend.domain.com. In this scenario everything is now working correctly.
Deployment Scenario 2 The second deployment scenario, the one that is not working it's exactly the same in terms of deploy but this time we have an F5 balancer in front of our application server. We have deployed the ABP.IO frontend and backend in the same exact way as scenario 1 and everything is configured to work on HTTP. The two DNS names this time resolve to the public IP address of the balancer and the protocol between clients and the balancer is now HTTPS (i.e. the user from the Internet is now accessing the frontend at URL https://frontend.domain.com"). The load balancer is "stripping" the HTTPS protocol and redirecting the call to http://frontend.domain.com. In the backend we have configured the allowed CORS origins to allow http://frontend.domain.com and https://frontend.domain.com. This scenario is not working and the client bowser is receiving the following error when attempting the first API call from the frontend to the backend: " Access to XMLHttpRequest at 'http://backend.domain.com/.well-known/openid-configuration' from origin 'https://frontend.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. " One thing we noticed is that the Origin header of the HTTP request to the backend is "https://frontend.domain.com" because the balancer is simply doing the redirection to HTTP but not changing the origin.
Can you please help us to make ABP.IO work in this deployment scenario as well ? This configuration is critical for our client because they do not want to handle SSL certificates for every application deployed but only on the balancer itself.
Thank you very much.
I made an Angular and .net Core application with abp Version 4.2.2 In the production environment, the application must respond in both http and https. Our customer has a load balancer. For technical reasons, all calls (http - https) made from the browser must be converted on http protocol. The "load balancer" runs them in https adding the ssl certificate. On the server where the apps run, the calls must be in http. The IIS ports are on 80 (http) for both the frontend and the backend. Do you have a solution for us?
Another question: is it possible to coexist both the http and https protocol for the same app?
I tried to change the configuration file in .net e Angular and i changed the settings for callback, cors and signout as in picture:
Can you attach me a complete configuration example for:
Angular (my config):
Backend .net (my config):
In the production environment, the application must respond in both http and https. Our customer has a load balancer. For technical reasons, all calls made from the browser must be on http. The "load balancer" runs them in https adding the ssl certificate. On the server where the apps run, the IIS ports are on 80 (http) for both the frontend and the backend. Do you have a solution for us?
Another question: is it possible to coexist both the http and https protocol for the same app?
I tried to change the configuration file in .net e Angular and i changed the settings for callback, cors and signout as in picture:
Can you attach me a complete configuration example for:
Angular (my config):
Backend .net (my config):
Hi,
You can try:
oAuthConfig: { ... clientId: 'Documentale_App', requireHttps: false }
It seems to work correctly! Great job, thanks. last thing. How can i manage Angular configurations without having to "build" and "deploy" every time? is it possible to have a configuration file as for the backend? (example "appsetting.config"). in my case, to solve the problem, I could just add "oAuthConfig: requireHttps: false" to my app.setting without rebuild and re-deploy the app.
Thank you, I sent you an email
As you can see in the screenshot, now on our deployment environment the OpenId discovery API call is working on HTTP as well.
The problem is that the Angular frontend is not calling the endpoint ".../.well-known/openid-configuration" at all.
As you can see in the second screenshot, the only call made from the frontend to the backend is to "application-configuration". If we try the same procedure in the development environment we see that the fronted is making a call to "openid-configuration" when it is accessed from the browser. Can you please confirm that this is the reason why the login button in the frontend is not working ? Can you please provide us a solution ?
Would it be possible to talk directly with one of your technicians in order to speed up the resolution of this issue ? it's starting to become really urgent for us.
Thank you very much.
Hi,
I can't see anything error in your logs. can I check it remotely? shiwei.liang@volosoft.com
Exactly, there are no errors on the subject in the log file. Unfortunately online it is not possible to reach the domain due to problems related to the http port. If you prefer, I can send you my solution, both net core and angular.
Please share the error log, thanks.
I'm sorry, but i can't attach my log file. Thi is only the last part of my log: 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.AbpAspNetCoreMvcUiModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.AbpAspNetCoreMvcUiBootstrapModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Bundling.AbpAspNetCoreMvcUiBundlingModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Packages.AbpAspNetCoreMvcUiPackagesModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Widgets.AbpAspNetCoreMvcUiWidgetsModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.AbpAspNetCoreMvcUiThemeSharedModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.MultiTenancy.AbpAspNetCoreMvcUiMultiTenancyModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.LeptonTheme.Management.LeptonThemeManagementWebModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Theme.Commercial.AbpAspNetCoreMvcUiThemeCommercialModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Mvc.UI.Theme.Lepton.AbpAspNetCoreMvcUiLeptonThemeModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.AspNetCore.Authentication.JwtBearer.AbpAspNetCoreAuthenticationJwtBearerModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.Identity.AspNetCore.AbpIdentityAspNetCoreModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.Account.Public.Web.AbpAccountPublicWebModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.Account.Web.AbpAccountPublicWebIdentityServerModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.Swashbuckle.AbpSwashbuckleModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.BlobStoring.FileSystem.AbpBlobStoringFileSystemModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.Hangfire.AbpHangfireModule 2021-06-01 14:14:49.727 +02:00 [INF] - Volo.Abp.BackgroundJobs.Hangfire.AbpBackgroundJobsHangfireModule 2021-06-01 14:14:49.727 +02:00 [INF] - Aeffegroup.COOP.Documentale.DocumentaleHttpApiHostModule 2021-06-01 14:14:50.337 +02:00 [INF] Start installing Hangfire SQL objects... 2021-06-01 14:14:50.565 +02:00 [INF] Hangfire SQL objects installed. 2021-06-01 14:14:50.582 +02:00 [INF] Starting Hangfire Server using job storage: 'SQL Server: SRVWNAEFFEAPP01\SQLEXPRESS@COOP_Documentale' 2021-06-01 14:14:50.582 +02:00 [INF] Using the following options for SQL Server job storage: Queue poll interval: 00:00:15. 2021-06-01 14:14:50.582 +02:00 [INF] Using the following options for Hangfire Server: Worker count: 10 Listening queues: 'default' Shutdown timeout: 00:00:15 Schedule polling interval: 00:00:15 2021-06-01 14:14:50.653 +02:00 [INF] Starting IdentityServer4 version 4.1.1+cebd52f5bc61bdefc262fd20739d4d087c6f961f 2021-06-01 14:14:50.829 +02:00 [INF] Server srvwnaeffeapp01:17188:5f4bf36d successfully announced in 227,4412 ms 2021-06-01 14:14:50.867 +02:00 [INF] Server srvwnaeffeapp01:17188:5f4bf36d is starting the registered dispatchers: ServerWatchdog, ServerJobCancellationWatcher, ExpirationManager, CountersAggregator, Worker, DelayedJobScheduler, RecurringJobScheduler... 2021-06-01 14:14:51.433 +02:00 [INF] Server srvwnaeffeapp01:17188:5f4bf36d all the dispatchers started 2021-06-01 14:14:52.004 +02:00 [INF] Using the default authentication scheme Identity.Application for IdentityServer 2021-06-01 14:14:52.717 +02:00 [INF] Initialized all ABP modules. 2021-06-01 14:14:52.785 +02:00 [INF] Application started. Press Ctrl+C to shut down. 2021-06-01 14:14:52.785 +02:00 [INF] Hosting environment: Production 2021-06-01 14:14:52.785 +02:00 [INF] Content root path: C:\inetpub\wwwroot\RT_Backend 2021-06-01 14:14:52.824 +02:00 [INF] Request starting HTTP/1.1 GET http://registrotrattamenti-back.coopitalia.coop.it/api/abp/application-configuration - - 2021-06-01 14:14:55.442 +02:00 [INF] CORS policy execution successful. 2021-06-01 14:14:55.918 +02:00 [INF] No CORS policy found for the specified request. 2021-06-01 14:14:55.978 +02:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' 2021-06-01 14:14:56.028 +02:00 [INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc). 2021-06-01 14:14:58.153 +02:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'. 2021-06-01 14:14:58.233 +02:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 2199.9412ms 2021-06-01 14:14:58.235 +02:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' 2021-06-01 14:14:58.271 +02:00 [INF] Request finished HTTP/1.1 GET http://registrotrattamenti-back.coopitalia.coop.it/api/abp/application-configuration - - - 200 - application/json;+charset=utf-8 5447.4280ms
i don't have "app.UseHttpsRedirection();"
This is my OnApplicationInitialization public override void OnApplicationInitialization(ApplicationInitializationContext context) { var app = context.GetApplicationBuilder(); var env = context.GetEnvironment();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAbpRequestLocalization();
if (!env.IsDevelopment())
{
app.UseErrorPage();
}
//per protocolo HTTP
app.UseCookiePolicy(); // added this, Before UseAuthentication or anything else that writes cookies.
app.UseCors(DefaultCorsPolicyName);
app.UseVirtualFiles();
app.UseRouting();
app.UseAuthentication();
app.UseJwtTokenMiddleware();
if (MultiTenancyConsts.IsEnabled)
{
app.UseMultiTenancy();
}
app.UseIdentityServer();
app.UseAuthorization();
app.UseSwagger();
app.UseAbpSwaggerUI(options =>
{
options.SwaggerEndpoint("/swagger/v1/swagger.json", "Documentale API");
});
app.UseAuditing();
app.UseConfiguredEndpoints();
// hangfire
app.UseHangfireDashboard();
}
Hi, we followed the instructions of the link you mentioned but we still cannot login from our frontend.
Here is a detailed description of the problem:
- We made the changes to the HttpApi.Host project as instructed and redeployed the backend.
- added the class "SameSiteCookiesServiceCollectionExtensions" to the HttpApi.Host project.
- modified the HttpApiHost module:
- added "context.Services.AddSameSiteCookiePolicy();" in "ConfigureServices" method.
- added "app.UseCookiePolicy()" in "OnApplicationInitialization" method.
- The backend's binding is on HTTP port 80 with header name of "mydomain-backend.xyz.it"
- The backend is working correctly, if we try to login manually calling the API method "/api/account/login" it works and we receive a "success" response.
- The frontend's binding is on HTTP port 80 with a different header name "mydomain-frontend.xyz.it".
- When we access the frontend, we can see the home page layout and we can see in the browser's network tab that a call is made to "application-configuration" on the backend; the HTTP status of this call is 200 and we can see the localization resources in the response body.
- When we try to click on the "Login" button on the frontend layout, nothing happens and the network tab does not report anything.
- If we try the same exact configuration on a local development PC, we see that when we click on the login button in the frontend, we are redirected to the "localhost:44360/Account/Login" page.
- In the development enviroment we see this call when we access the frontend: http://localhost:44360/.well-known/openid-configuration (we get the response: net::ERR_CONNECTION_RESET ).
- In the development environment, even if we configured everywhere to use HTTP, we see that the endpoint "https://localhost:44360/.well-known/openid-configuration" is still answering only on HTTPS.
- If we inspect the network browser on the local development machine we see that there is a call to an "openid-configuration" endpoint.
- In the deploy environment we do not see this call, we only see the call to the "application-configuration" endpoint.
- In the deploy environment DB, we double cheched the Identity configuration tables (IdentityServerClientRedirectUris, IdentityServerClientPostLogoutRedirectUris, IdentityServerClientCorsOrigins).
Can you please help us ?