Käyttäjän "cagriceylan" toiminnot

Firstly thanks for your online support Mr. Alper & Mr. Halil

As Mr. @alper said, our problem has been solved, and we have been continuing our tests for a while, and we did not see a problem.

The steps we take are as follows;

1- Add the Microsoft.AspNetCore.DataProtection.StackExchangeRedis package to Web project. 2- Redis is integrated into the web project to following steps.

• Add this two following methods yourprojectnameWebModule class ConfigurePersistKeysToStackExchangeRedis ve ConfigureRedis

 private void ConfigurePersistKeysToStackExchangeRedis(ServiceConfigurationContext context, IConfiguration configuration)
    {
        ConnectionMultiplexer redis = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);
        context.Services
            .AddDataProtection()
            .SetApplicationName("loyalty-web-ui")
            .PersistKeysToStackExchangeRedis(redis, "Loyalty.Web.UI-Protection-Keys");
    }

private void ConfigureRedis(ServiceConfigurationContext context, IConfiguration configuration)
    {
        ConnectionMultiplexer multiplexer = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);
        context.Services.AddSingleton<IConnectionMultiplexer>(multiplexer);
    }

• Also add this code blocks to ConfigureServices method

    ConnectionMultiplexer multiplexer = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);

context.Services.AddSingleton\<IConnectionMultiplexer>(multiplexer);

3- Run the following command in the web project directory for install Volo.Abp.Caching.StackExchangeRedis

• C:\Users\username\source\repos\yourprojectname\src\Web

    abp add-package Volo.Abp.Caching.StackExchangeRedis

• After this process, the [DependsOn(typeof(AbpCachingStackExchangeRedisModule))] attribute should be added yourprojectnameWebModule automatically.

4-

• Add the GetSigningCertificate method to yourprojectnameWebModule

private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
    {
        var fileName = "authserver.pfx";
        var passPhrase = "32165487-6547-6544-1236-123654789654"; 
        var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
        if (!System.IO.File.Exists(file)) 
        {
            throw new FileNotFoundException($"Signing Certificate couldn't found: {file}"); 
        }
        return new X509Certificate2(file, passPhrase);
    }

• Add this code blocks to PreConfigureServices method in yourprojectnameWebModule

        var hostingEnvironment = context.Services.GetHostingEnvironment();
        var configuration = context.Services.GetConfiguration();

        if (!hostingEnvironment.IsDevelopment())
        {
            PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
            {
                options.AddDevelopmentEncryptionAndSigningCertificate = false;
            });

            PreConfigure<OpenIddictServerBuilder>(builder =>
            {
                builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
            });
        }

• Run the following command in the web project directory

    * dotnet dev-certs https -v -ep ./authserver.pfx -p 32165487-6547-6544-1236-123654789654

We have no separate environment for AuthServer. We use build in openiddict to web application with api.

Like this:

There are 4 environment such as; playground, testing, staging and production and whole environments run k8s on the same network each.

There are only one specific configuration load balancer is sticky session.

There is a web application with api which runs k8s and we implement this solution on it.

We tried seperated application(authserver, web, apihost) and there are many other problems with communication eachothers and we changed the architecture this.

Yes, we have. We use corporate sso endpoint https://sso.setur.com.tr but our problem is api side. We get token for example https://localhost/connect/token pod1, when loadbalancer forwards the token we get from here(pod1(kubernetes)) to a different pod(pod2(kubernetes)), we get 401(unauthorized) in api services

For example We get token pod1 (https://localhost/connect/token) we can use this token https://localhost/api/app/configs bearer pod1_token => we get success When loadbalancer forward another pods; for example; pod2 => https://localhost/api/app/configs bearer pod1_token => we get 401 unauthorized

Thanks for your support we will try it.