sent u an email
Hello,
added ur code. "Logn as User" worked locally. pushed the code to Azure and it doesn't work. this is in the logs
[Information] Token request validation success, TokenRequestValidationLog { ClientId: "Synergyz_App", ClientName: "Synergyz_App", GrantType: "Impersonation", Scopes: "address email offline_access openid phone profile role Synergyz", AuthorizationCode: "", RefreshToken: "", UserName: null, AuthenticationContextReferenceClasses: null, Tenant: null, IdP: null, Raw: [("access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIzNDU4QkI4QTJGQ0RGRkVFOTlCQkU1NEVBRkJCMzdFIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NTQyNjUwMzUsImV4cCI6MTY1NDI2ODYzNSwiaXNzIjoiaHR0cHM6Ly9zeW5lcmd5ei10ZXN0Lm90aXNlZC5uZXQiLCJhdWQiOiJTeW5lcmd5eiIsImNsaWVudF9pZCI6IlN5bmVyZ3l6X0FwcCIsInN1YiI6IjEwYzcyM2JkLTQxZDktNGE4OS1hMmNkLWIzOTAyNDQ2YzlmNiIsImF1dGhfdGltZSI6MTY1NDI2NTAzMSwiaWRwIjoibG9jYWwiLCJ0ZW5hbnRpZCI6IjgwM2Q1MDZhLTQzMjctNDcyMy05NzJkLTU4NzhlOTgwYzZiYiIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2dpdmVubmFtZSI6ImFkbWluIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc3VybmFtZSI6IlNtaXRoIiwidW5pcXVlX25hbWUiOiJhZG1pbiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZ2l2ZW5fbmFtZSI6ImFkbWluIiwiZmFtaWx5X25hbWUiOiJTbWl0aCIsInJvbGUiOiJhZG1pbiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiZW1haWwiOiJuby1yZXBseUBvdGlzZWQuY29tIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwiZWRpdGlvbmlkIjoiZTQ2MDYyN2EtYzEyMi01ZjJmLWJjN2UtMzlmYWFmYTFhMTcxIiwibmFtZSI6ImFkbWluIiwic2lkIjoiMTU1QzI2QjEyQzRGQ0MzMEZEOEU0QzM2MzNDNjZBNjEiLCJpYXQiOjE2NTQyNjUwMzUsInNjb3BlIjpbIm9wZW5pZCIsIlN5bmVyZ3l6Iiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.nycRra-FJa0XFEIf0wMkPY-3egFN1O-OPGzPstB5PSjyXX29xBTLM0fNQqX-x7OIaCPtnXpKQ7_EJyLzI7Xdj2jDuda4F_soCs8TiqtnuUkZmcBez4AJnk5m3DC7tEs8NQMedA1nh6yo-C4kBO_5M5csiS64Affz6Qea8LNQEoRl9owAmUe4s8l8ZA5RGg8ijsHNFvlbg2YjxD9E-0TIiURMbSXeZS1fIkHEX-YcpLyWlViz4Sv0JqHgAFPZrSqqPkGuM0ML4UaSi8TpVa8t1MwzXyxQaf8GyVAORq9_4NjOe-8i2R5R27zZI2GvxTcRsJSn6eK-1NGHwzRmej_BxQ"), ("grant_type": "Impersonation"), ("Client_Id": "Synergyz_App"), ("Client_Secret": "REDACTED"), ("TenantId": "803d506a-4327-4723-972d-5878e980c6bb"), ("UserId": "ed79e37a-50cf-a647-7ddd-3a03a7df8368")] }
We will leave the code as is (w/ ur code fix) so u can look at the website
hello,
sent u an email. assuming this is to look at "Login as Tenant".
for the "Login as User" are u asking us to add the code in the link above? it looks like the code out of the box is missing something when we upgraded our solution. Again both "Logon as XXX" work locally in Development mode. Only when we are in Release Mode does it fail. The difference appears to be only that we are using the spa redirect. we are just trying to make sure we are on the same page, not point fingers
Emailed you logs for "Login as user" and "Login as Tenant"
Sent you a screen shot by email
We r looking into some options that will enable u to see the security issues. Not sure when it will be ready and this weekend is a holiday weekend for us.
We have created a new 5.3 project, almost out of the box (we added a spa redirect to it). The security scan is running now. if u r still interested in the security scan, please send me an email of where I can send the info
Yes all Clients have impersonation as a permission. emailed u screen shot
Sent an email to you
Yes, If i remove the spa redirect, the "Log in with this user" works. But the user cannot hit one ip and run both (this what the spa redirect accomplishes).
Here's a section of our log file w/ the error
2022-05-12 15:00:46.304 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:Zipline_App,n:AbpIdentity.UserLookup
2022-05-12 15:00:46.304 -04:00 [DBG] Found in the cache: pn:C,pk:Zipline_App,n:AbpIdentity.UserLookup
2022-05-12 15:00:46.398 -04:00 [DBG] Executed AbpApplicationConfigurationAppService.GetAsync().
2022-05-12 15:00:46.480 -04:00 [DBG] CORS request made for path: /messaging-hub from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-12 15:00:53.052 -04:00 [DBG] CORS request made for path: /api/identity/roles from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-12 15:00:53.054 -04:00 [DBG] CORS request made for path: /api/identity/organization-units from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-12 15:00:53.056 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:303c757e-a11a-e358-d6a7-39ff39adc838,n:AbpIdentity.Roles
2022-05-12 15:00:53.056 -04:00 [DBG] Found in the cache: pn:U,pk:303c757e-a11a-e358-d6a7-39ff39adc838,n:AbpIdentity.Roles
2022-05-12 15:00:53.056 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles
2022-05-12 15:00:53.057 -04:00 [DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles
2022-05-12 15:00:53.057 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:Zipline_App,n:AbpIdentity.Roles
2022-05-12 15:00:53.058 -04:00 [DBG] Found in the cache: pn:C,pk:Zipline_App,n:AbpIdentity.Roles
2022-05-12 15:00:53.061 -04:00 [WRN] ---------- RemoteServiceErrorInfo ----------
{
"code": "Volo.Authorization:010001",
"message": "Authorization failed! Given policy has not granted.",
"details": null,
"data": {},
"validationErrors": null
}
2022-05-12 15:00:53.061 -04:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Auditing.AuditingInterceptor.ProceedByLoggingAsync(IAbpMethodInvocation invocation, IAuditingHelper auditingHelper, IAuditLogScope auditLogScope)
at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at lambda_method6414(Closure , Object )
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
2022-05-12 15:00:53.063 -04:00 [WRN] Code:Volo.Authorization:010001
2022-05-12 15:00:53.078 -04:00 [DBG] Added 0 entity changes to the current audit log
2022-05-12 15:00:53.089 -04:00 [DBG] Added 0 entity changes to the current audit log
2022-05-12 15:00:53.089 -04:00 [DBG] Added 0 entity changes to the current audit log
2022-05-12 15:00:53.149 -04:00 [DBG] CORS request made for path: /Account/AccessDenied from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-12 15:00:53.150 -04:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2022-05-12 15:00:53.159 -04:00 [DBG] Added bundle 'Lepton.Global' to the page in 1.31 ms.
2022-05-12 15:00:53.163 -04:00 [DBG] Added bundle 'Lepton.Global' to the page in 2.50 ms.
2022-05-12 15:00:53.372 -04:00 [DBG] CORS request made for path: /api/identity/users from origin: http://localhost:4200 but was ignored because path was not for an allowed IdentityServer CORS endpoint
2022-05-12 15:00:53.387 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:303c757e-a11a-e358-d6a7-39ff39adc838,n:AbpIdentity.Users
2022-05-12 15:00:53.388 -04:00 [DBG] Found in the cache: pn:U,pk:303c757e-a11a-e358-d6a7-39ff39adc838,n:AbpIdentity.Users
2022-05-12 15:00:53.388 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Users
2022-05-12 15:00:53.389 -04:00 [DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Users
2022-05-12 15:00:53.389 -04:00 [DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:Zipline_App,n:AbpIdentity.Users
2022-05-12 15:00:53.391 -04:00 [DBG] Found in the cache: pn:C,pk:Zipline_App,n:AbpIdentity.Users
2022-05-12 15:00:53.436 -04:00 [DBG] Added 0 entity changes to the current audit log
2022-05-12 15:00:54.761 -04:00 [DBG] Executing HealthCheck collector HostedService.
2022-05-12 15:00:54.762 -04:00 [INF] Start processing HTTP request GET "https://localhost:44338/health-status"
2022-05-12 15:00:54.762 -04:00 [INF] Sending HTTP request GET "https://localhost:44338/health-status"
2022-05-12 15:00:54.771 -04:00 [DBG] Added 0 entity changes to the current audit log
2022-05-12 15:00:54.771 -04:00 [INF] Received HTTP response headers after 9.5464ms - 200
2022-05-12 15:00:54.771 -04:00 [INF] End processing HTTP request after 9.6662ms - 200