Activities of "alaa.ghabra.eng"

Hi,

I have created another solution using the following ABP cli command abp new Sample --tiered -u angular --database-management-system PostgreSQL --separate-auth-server The login issue has been solved. it turned out that i have set the the "Authoriry" key in the 'AuthServer' section in API configuration to 'https://localhost/auth' instead of internal url 'http://localhost:4000' since in this environment, API and Auth server must communicate internally over plain http behind the reverse proxy.

So the app now logins correctly, However, i had another issue. when i try to edit a user in the Identity Management Module (in the default template i have created using the command above) the request fails. looking into the logs, it turned out that PUT, POST and DELETE http request are failing with the following error on the API server The required antiforgery header value "RequestVerificationToken" is not present.

here is the general steps i made to run the solution behind nginx, 1- Configured the connection string on Auth, API and Migrator projects. 2- Run the migrator -> run successfully 3- Added {"Urls": "http://localhost:4444"} to Appsettings in Auth Server to force kestrel to listen on a custom post of 4444 and made sure that it runs ok and the admin can login... 4- Added "Urls" : "http://localhost:5555" to API Project to force kestrel to listen on port 5555 5- Configured Angular app to tagret https://localhost/auth as Auth server and [https://localhost as](https://localhost as) API server and [https://localhost as](https://localhost as) app url. 6- Updated OpenID Applications configuration on the DB to reflect app url changes 7- Added app.UsePathBase("/auth/"); middleware to Auth Server to inform the app of its virtual directory 8- Set RequireHttpsMetadata to 'false' on Auth Server in order to allow internal communication over plain http between nginx and the auth server 9- set Authority": "https://localhost/auth" on Auth Server 10 Added app.UseForwardedHeaders(new ForwardedHeadersOptions{ ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All }); middle-ware to Auth Server to forward the connection scheme correctly allowing the correct generation of discovery document links 11- Configured the API server with the following to enable plain http communication with Auth Server "AuthServer": { "Authority": "http://localhost:4444", "RequireHttpsMetadata": false, "MetaAddress": "https://localhost:44327", "SwaggerClientId": "Sample_Swagger" }, 12- Configured a valid issuer by code using options.TokenValidationParameters.ValidIssuer = "https://localhost/auth"; 13- Added [https://localhost as](https://localhost as) a cors-origin in Auth and API projects

And here is the complete error for a put request after enable detailed logging

2024-06-01 15:26:16.963 +03:00 [INF] Request starting HTTP/1.0 PUT http://localhost/api/identity/users/3a12e56b-d4e0-6f39-43ad-7341f51ca8e5 - application/json 791 2024-06-01 15:26:16.963 +03:00 [DBG] PUT requests are not supported 2024-06-01 15:26:16.963 +03:00 [DBG] 1 candidate(s) found for the request path '/api/identity/users/3a12e56b-d4e0-6f39-43ad-7341f51ca8e5' 2024-06-01 15:26:16.963 +03:00 [DBG] Endpoint 'Volo.Abp.Identity.IdentityUserController.UpdateAsync (Volo.Abp.Identity.Pro.HttpApi)' with route pattern 'api/identity/users/{id}' is valid for the request path '/api/identity/users/3a12e56b-d4e0-6f39-43ad-7341f51ca8e5' 2024-06-01 15:26:16.963 +03:00 [DBG] Request matched endpoint 'Volo.Abp.Identity.IdentityUserController.UpdateAsync (Volo.Abp.Identity.Pro.HttpApi)' 2024-06-01 15:26:16.963 +03:00 [DBG] The request has an origin header: 'https://localhost'. 2024-06-01 15:26:16.963 +03:00 [INF] CORS policy execution successful. 2024-06-01 15:26:16.964 +03:00 [DBG] Successfully validated the token. 2024-06-01 15:26:16.964 +03:00 [DBG] AuthenticationScheme: Bearer was successfully authenticated. 2024-06-01 15:26:16.967 +03:00 [DBG] Get dynamic claims cache for user: 3a12e56b-d4e0-6f39-43ad-7341f51ca8e5 2024-06-01 15:26:16.968 +03:00 [DBG] Static files was skipped as the request already matched an endpoint. 2024-06-01 15:26:16.969 +03:00 [INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.UpdateAsync (Volo.Abp.Identity.Pro.HttpApi)' 2024-06-01 15:26:16.972 +03:00 [INF] Route matched with {area = "identity", controller = "User", action = "Update", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Identity.IdentityUserDto] UpdateAsync(System.Guid, Volo.Abp.Identity.IdentityUserUpdateDto) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi). 2024-06-01 15:26:16.972 +03:00 [DBG] Execution plan of authorization filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter"] 2024-06-01 15:26:16.972 +03:00 [DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"] 2024-06-01 15:26:16.973 +03:00 [DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Order: -3000)","Volo.Abp.AspNetCore.Mvc.GlobalFeatures.GlobalFeatureActionFilter","Volo.Abp.AspNetCore.Mvc.Auditing.AbpAuditActionFilter","Volo.Abp.AspNetCore.Mvc.Response.AbpNoContentActionFilter","Volo.Abp.AspNetCore.Mvc.Features.AbpFeatureActionFilter","Volo.Abp.AspNetCore.Mvc.Validation.AbpValidationActionFilter","Volo.Abp.AspNetCore.Mvc.Uow.AbpUowActionFilter"] 2024-06-01 15:26:16.973 +03:00 [DBG] Execution plan of exception filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.ExceptionHandling.AbpExceptionFilter"] 2024-06-01 15:26:16.973 +03:00 [DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"] 2024-06-01 15:26:16.973 +03:00 [WRN] The required antiforgery header value "RequestVerificationToken" is not present. 2024-06-01 15:26:16.973 +03:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'. 2024-06-01 15:26:16.973 +03:00 [INF] Executing StatusCodeResult, setting HTTP status code 400 2024-06-01 15:26:16.973 +03:00 [INF] Executed action Volo.Abp.Identity.IdentityUserController.UpdateAsync (Volo.Abp.Identity.Pro.HttpApi) in 0.664ms 2024-06-01 15:26:16.973 +03:00 [INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.UpdateAsync (Volo.Abp.Identity.Pro.HttpApi)' 2024-06-01 15:26:16.989 +03:00 [DBG] Added 0 entity changes to the current audit log 2024-06-01 15:26:16.990 +03:00 [DBG] Added 0 entity changes to the current audit log 2024-06-01 15:26:16.990 +03:00 [DBG] Added 0 entity changes to the current audit log 2024-06-01 15:26:16.990 +03:00 [DBG] Connection id "0HN426NKSCQ15" received FIN. 2024-06-01 15:26:16.990 +03:00 [DBG] Connection id "0HN426NKSCQ15" sending FIN because: "The Socket transport's send loop completed gracefully." 2024-06-01 15:26:16.991 +03:00 [DBG] Connection id "0HN426NKSCQ15" disconnecting. 2024-06-01 15:26:16.991 +03:00 [INF] Request finished HTTP/1.0 PUT http://localhost/api/identity/users/3a12e56b-d4e0-6f39-43ad-7341f51ca8e5 - 400 0 null 27.3721ms

I have shared the code with you. please check out liming.ma@volosoft.com for the download link.

Thank you.

Hi,

OK sure, I will create a new project and will share the steps needed to recreate the issue shortly.

Thanks

hi

Can I check it remotely?

Sure,

let me prepare the environment and i will share a google meet id, Sounds good?

Hi, I'm running the environment locally on my development machine, all URLs are based on 'localhost' domain. AuthServe: https://localhost/auth (Virtual Directory on Nginx mapped to http://localhost:4444/auth/ ) API Server: https://localhost/api (Virtual Directory on Nginx mapped to http://localhost:5555/api/)

Thanks

Hello,

I have included the mentioned packages in the Http.Api.Host project and retried the action after rebuilding the project. I sent you the logs to the mail. Still fails with the same error and looping back and forth between Auth site the Angular App.

Thanks.

Hi,

I'm sorry but i didn't understand how to upgrade Microsoft.IdentityModel package. here are the packages installed in my API project, I'm unable to find the packages you mentioned.

Hi,

I have sent you the logs after enabling the logging.

Thank you.

Hello again,

I have tried to set the issuer on the API server to "https://localhost/auth" using the following,

private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration) { context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); options.MetadataAddress = configuration["AuthServer:Authority"] + "/.well-known/openid-configuration"; options.Audience = "BOMS"; options.TokenValidationParameters.ValidIssuer = "https://localhost/auth"; }); }

apparently, it has passed this validating but it is now failing with the following error

End of Request Header Dump **************************************************** [18:45:35 INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. No security keys were provided to validate the signature. at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) [18:45:35 INF] Bearer was not authenticated. Failure message: IDX10500: Signature validation failed. No security keys were provided to validate the signature.

and here is the token

{ "iss": "https://localhost/auth", "exp": 1716137135, "iat": 1716133535, "aud": "BOMS", "scope": "openid offline_access BOMS", "jti": "e62044b8-a4fc-4107-be12-40620c369d79", "sub": "3a127fcb-9fc2-1bb6-c070-b9a4fdfc3066", "unique_name": "admin", "oi_prst": "BOMS_App", "oi_au_id": "3a1280db-93cd-a9d1-9831-47f52bbafade", "preferred_username": "admin", "given_name": "admin", "role": "admin", "email": "admin@abp.io", "email_verified": "False", "phone_number_verified": "False", "client_id": "BOMS_App", "oi_tkn_id": "3a12a3b4-770e-2aea-699c-a9b474601962" }

<br> <br> What am I missing ?

Thank you for explaining. Most appreciated.

I will try the proposed solution and will get back to you shortly. thanks.

Hi,

I see, but the 'host' header in the http request is related to the host sending the request (in this case, the angular app hosted on https://localhost) whereas the 'Issuer' is indeed https://localhost/auth (where Auth server is running). I don't see why they should match. Please can you explain more?