Activities of "jason.smith"
- ABP Framework version: v3.2.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace: none
- Steps to reproduce the issue:
-
- AsyncBackgroundJob that calls an AppService with and [Authorize] attribute on the method called.
Looking for the correct method to supply the calling users permissions / authorisations to a background job so that long running actions can be performed on behalf of that user.
[Authorize(ReprosPermissions.TimeSeriesMetaData.Default)]
public class TimeSeriesMetaDataAppService : ApplicationService, ITimeSeriesMetaDataAppService
{
[Authorize(ReprosPermissions.TimeSeriesMetaData.Create)]
public virtual async Task<TimeSeriesMetaDataDto> CreateAsync(TimeSeriesMetaDataCreateDto inputDto)
{
//Added record to the database
}
}
public class ResCsvIngestJob : AsyncBackgroundJob<ResCsvIngestArgs>, ITransientDependency
{
public ResCsvIngestJob(
ITimeSeriesMetaDataAppService timeSeriesMetaDataAppService)
{
_timeSeriesMetaDataAppService = timeSeriesMetaDataAppService;
}
public override async Task ExecuteAsync(ResCsvIngestArgs args)
{
//How do I call the following without getting the auth exception?
await _timeSeriesMetaDataAppService.CreateAsync(new TimeSeriesMetaDataCreateDto());
}
}
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
- ABP Framework version: v3.3.1 Commerical
- UI type: Angular
- Tiered (MVC) or Identity Server Seperated (Angular): Identity Server Included
- Exception message and stack trace: Server Logs:
2020-11-12 15:51:05.452 +11:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.Fk0-jtlgxmU" is not present.
2020-11-12 15:51:05.452 +11:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
Response: 400 Bad Request
- Steps to reproduce the issue: Create new commerical application using suite
- Create new solution
- Select
- Template Type: Application Template
- Project Name: Testing
- Output Folder: C:\Testing
- Create Solution Folder: Yes
- UI Framework: Angular
- Mobile: None
- DB Provider: Entity Framework Core
- Connection String: Valid string to database
- Separated Identity Server: No
- Preview Version: No
- Created single entity with a single property of "Name"
- Built and ran DB migrations
- Built and ran Host
Using Insomina - No Cookies
- POST api/account/login using
{
"userNameOrEmailAddress": "admin",
"password": "1q2w3E*",
"rememberMe": true
}
- Response contains SetCookies. Insomina stores cookies
set-cookie idsrv.session=d2M1gwv8ziO_pceYBykIKg; path=/; secure; samesite=none
set-cookie .AspNetCore.Identity.Application=CfDJ8M-y0buRRcFEoHZEdek9NePLI14KQ97IYsT4VilLHF88t8-bxgISjtyF2g6YdLy39ZTAKLjlLDff55CCtwT8R2bY1oYEPslAzQ17Lj61N3aqeq8uws7RubMp2RE-LIVwXb9pLlybM0hxXLfSyAbC9wfHFVL07Ki_2UV4R-RpICbGQ3ETR7nUmJGcYc7lSsdVKGlms7N149nd-l3MVO8kG1Z2WOs_6SrJ8WDxwU41fZQTrv7bMu7ao41Kj9U78qg4TzuH-3zPliPJyAbHHYFjubXKRdT8M8IZdKwUrNo_ASMtblkmo3B2xUC7uJNPc7IjrOt2jRUdiHOPrszWHzbRbCy7FtCbZP5z1sUiQMmkazXfcVZlTUPlw4I2KldoTYgcjnsq-tFjNl-kMpY8GsAaWn96qwTaXQomhK_xdrta5MZcn9Kv2KXOXz-gkh-G4Q2RLPVOKRrTmx1eEL5EFQg7yOAEF2K2YuAI1LfEiIZCtqMcJGl3LM1GWRJa5UgUdeedTE_YnWFM5Ix8UeD6pZ_W7Z3B_-nh--bSGXb2adpLydl-BPdBhD2ZSOnh9z8O9NgWcjjNnKl28S82jDYY5TZrtlZp75XflU_MoG_QKB2HIK4LHSWNJh5nKqVEXyqnSQQZw1uiExHHuFrpSO0_3G0fyCTtfWr731VwODEnq1Hh_o4HnfBMoyzAg8d0HGjptl2dxBlHZ0PQaeEpdCzxCGagqA6SjVu4tUHUkOndQX4TCIkjqhybA7sW6u3WhMNOdT3i4IMT1m7Vsu0LXZ9roOdnOCsHZFC1UUkByrKoG0Dt_7UHg1Pf9N5S-55vnoAyYYqvrWJidzgYek-ZFEhtdoMkYLMC3SNotwLohR-RwRt6PB7WTUUUrFh6jWum3hPkYiFZFOjvWqi0vvxMKkbJsjrL1V4aKO_DVBpIzpmXGyJen5q_7Bp2NACiyxG0Cdn3Tx-jRUKmtJHnSWLEJCIuUmqWg1z5va6zaX_HZUmdwavFlqjYCglEdR1GUOVWR6x5dRg2ESIXA0fjq88hpIxBuR5vMGRYMoIfIjEwNBB3ZgSenB0TCoihPMjIpHgWa5WCq_VIg0HSJ1agZS6EFcBfSJA2E8WRUOaBYN0YPg5g8L2WI8a1wVSEtyvtn0JzSBOsJatWwQ; expires=Thu, 26 Nov 2020 21:52:49 GMT; path=/; secure; samesite=none; httponly
- Don't see any XSRF-TOKEN cookie at this stage
- POST api/app/scenarios
- Response BAD Request
- On the server see the following:
2020-11-12 15:51:05.452 +11:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.Fk0-jtlgxmU" is not present.
2020-11-12 15:51:05.452 +11:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
I have recently updated our solution to use the commercial modules. This change the authentication method to the commerical module available which is fine. On testing cookie authentication for POST requests no longer work (GET requests are fine).
To see if this was an issue with my migration to the commercial modules I decided to create a simple Angular application using the Abp Suite. The same issue is present. For cookie auth POST requests no longer work. Also of interest, only the first POST to Login works. All subsequent calls result in a 400 Bad Request.
Any hints as to where to look would be greatly appreciated. The very strange behaviour is that GET requests work, yet POST requests fail for the same endpoint. My current next step is to debug AbpAutoValidateAntiforgeryTokenAuthorizationFilter, which I was hoping not to do.
I can see that the default options does the following:
AutoValidateIgnoredHttpMethods = new HashSet<string> {"GET", "HEAD", "TRACE", "OPTIONS"}; So that explains why the GET request is working, but the POST is not.
Yet the following:
TokenCookie = new CookieBuilder
{
Name = "XSRF-TOKEN",
HttpOnly = false,
IsEssential = true,
Expiration = TimeSpan.FromDays(3650) //10 years!
};
I never see this cookie returned from the service. Calling https://localhost:44382/api/account/login does not return this token, how is it retrieved using the login REST API call?
- ABP Framework version: v3.1.2
- UI type: Angular
- Tiered (MVC) or Identity Server Seperated (Angular): no (single host)
- Exception message and stack trace: None
- Steps to reproduce the issue:
The setup works find on the developers machine using localhost, and local database. Looking to now deploy using the following:
- Nginx reverse proxy
- host angular front end
- host API redirect
- AWS ec2 instance with ports 80, 443, and 5000 allowed
- RDS database setup as postgreSQL 12.4 (version used in development)
- dotnet kestrel service bound to localhost:5000 (Nginx redirects public_ip:5000 to this)
Angular environment file - replace <public_ip> with actual public address <br>
import { Config } from '@abp/ng.core';
const baseUrl = 'http://<public_ip>:80';
export const environment = {
production: false,
application: {
baseUrl,
name: 'Repros',
logoUrl: '',
},
oAuthConfig: {
issuer: 'http://<public_ip>:5000',
redirectUri: baseUrl,
clientId: 'Repros_App',
responseType: 'code',
scope: 'offline_access Repros',
},
apis: {
default: {
url: 'http://<public_ip>:5000',
rootNamespace: 'eWater.Repros'
},
},
} as Config.Environment;
<br> Http.Host environment file - again replace <public_ip> with actual public address, same for connection string <br>
{
"Urls": "[http://localhost:5000](http://localhost:5000)",
"App": {
"SelfUrl": "[http://localhost:5000](http://localhost:5000)",
"CorsOrigins": "http://<public_ip>,[http://localhost:80,http://localhost:4200](http://localhost:80,http://localhost:4200)"
},
"ConnectionStrings": {
"Default": "<connection_string>"
},
"AuthServer": {
"Authority": "[http://localhost:5000](http://localhost:5000)"
}
}
<br> Ngnix configuraiton file <br>
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 0;
server {
listen 80;
index index.html;
root scenario-datastore-debug/dist;
ignore_invalid_headers off;
underscores_in_headers on;
location / {
try_files $uri %uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 5000;
location / {
proxy_pass [http://127.0.0.1:5000](http://127.0.0.1:5000);
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
<br> The resulting behaviour is the following:
- The front end starts up and the Angular front end loads into the index page with user logged out.
- Clicking login results in the progress bar across the top, and only one endpoint being hit. Nothing is logged in the Host service log file.
<br>
Lastly I know the http host is working as expected as I can see it being called in the initial home page load.
I don't see any errors or activity in the dev console, host log, or nginx log. The script just seems to stop.
I am uncertain as to where to even start with an error like this. The dev environment works correctly, even having parts of it (i.e. not ng serve) go through nginx.
I found that the requireHttps for oAuth was set to the default of everything but localhost requires. So I turned this off and started getting the following error in the chrome dev console:
invalid issuer in discovery document expected: http://<public_ip>:5000 current: http://<public_ip>
My nginx configuration should be allowing this through, so confused as to what is occurring here.