Activities of "ten3systems"

• ABP Framework version: v6.0.2
• UI type: MVC, module template
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:

1. create new module from template abp new MyModule -t module-pro -d ef --dbms MySQL -v 6.0.2
2. add chat module abp add-module Volo.Chat
3. modify UnifiedDbContext for Web.Unified host project: modelBuilder.ConfigureChat();
4. perform db migrations and run
5. enable chat in tenant => manage host features

Expected result is to see the Chat menu item on the left menu and the messages waiting indicator in the top nav menu; but neither are showing and I don't know how to engage the URL to visit the chat ui page to see if it will render. I am at a loss on how to make the chat module feature work in my host project while developing my module.

Followed the instructions at https://docs.abp.io/en/commercial/6.0/modules/chat

• ABP Framework version: v6.0.2
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): single-layer (no-layers) template with Pro Account module

I have an app configured with roles based permissions as per the template, all works great for an actual logged in user. Now I want to have a page for anonymous users that uses certain services to get data and render to this "guest" user.

Obviously I want the app to be secure so I have devised a way that a unique URL slug is passed to the page and then verified as valid before rendering. I don't want to [AllowAnonymous] on my services obviously, but I do want this guest user with this un-guessable URL to access certain service methods after the initial page request.

I thought that I could create a Guest Role and assign the .Default permission group permissions to the role and use the identity system to mimic a logged in user in this case.

I cannot figure out how to keep utilizing the regular identity authentication system AND allow this scenario. I would even be okay with a cookie that is set on my initial request which is then used for further authorization or user authentication.

I have tried:

• faking the HttpContext.User with a new claims principal but this does not allow AJAX service calls from my page (b/c only the page has an 'authorized' user, not the API controller)
• using authentication middleware to detect the requested route and creating a guest principal, but in order to make that work i had to set "Cookies" as the default authentication scheme which breaks the regular authentication system

Am I going about this the wrong way? Is there a better way? How can I add a new authentication scheme to the existing project that will work alongside the regular authentication system and allow this user who makes their initial request at a specific URL an authenticated user with the system, but with my limited Guest Role?

I realize this is an advanced situation but I'm at my ropes end and am about to brute force the feature by asserting an actual user in the identity system with a Guest role but I'd rather not pollute the system and all the tenants with these needless users (note that I also may not have the guest users email address).

Any/all recommendations/insight is highly appreciated.

• ABP Framework version: v6.0.2
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes, tiered
• Exception message and stack trace:

* An exception was thrown while activating Volo.Abp.Account.AccountController -> Volo.Abp.Account.AccountAppService -> Volo.Abp.BlobStoring.BlobContainer`1[[Volo.Abp.Account.AccountProfilePictureContainer, Volo.Abp.Account.Pro.Public.Application, Version=6.0.2.0, Culture=neutral, PublicKeyToken=null]] -> Volo.Abp.BlobStoring.BlobContainerFactory -> Volo.Abp.BlobStoring.DefaultBlobContainerConfigurationProvider. Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.Abp.Account.AccountController -> Volo.Abp.Account.AccountAppService -> Volo.Abp.BlobStoring.BlobContainer`1[[Volo.Abp.Account.AccountProfilePictureContainer, Volo.Abp.Account.Pro.Public.Application, Version=6.0.2.0, Culture=neutral, PublicKeyToken=null]] -> Volo.Abp.BlobStoring.BlobContainerFactory -> Volo.Abp.BlobStoring.DefaultBlobContainerConfigurationProvider.
    \-\-\-\> Autofac\.Core\.DependencyResolutionException: An exception was thrown while invoking the constructor 'Void \.ctor\(Microsoft\.Extensions\.Options\.IOptions`1[Volo.Abp.BlobStoring.AbpBlobStoringOptions])' on type 'DefaultBlobContainerConfigurationProvider'. ---> System.ArgumentException: value can not be null, empty or white space! (Parameter 'value') at Volo.Abp.Check.NotNullOrWhiteSpace(String value, String parameterName, Int32 maxLength, Int32 minLength) at Volo.Abp.BlobStoring.Minio.MinioBlobProviderConfiguration.set_EndPoint(String value) at ten3.Utilz.UtilzApplicationModule.<>c__DisplayClass0_0.<ConfigureServices>b__3(MinioBlobProviderConfiguration minio) at Volo.Abp.BlobStoring.Minio.MinioBlobContainerConfigurationExtensions.UseMinio(BlobContainerConfiguration containerConfiguration, Action`1 minioConfigureAction)
    at ten3.Utilz.UtilzApplicationModule.<>c\_\_DisplayClass0\_0.b\_\_2(BlobContainerConfiguration container)
    at Volo.Abp.BlobStoring.BlobContainerConfigurations.Configure(String name, Action`1 configureAction) at ten3.Utilz.UtilzApplicationModule.&lt;&gt;c__DisplayClass0_0.&lt;ConfigureServices&gt;b__1(AbpBlobStoringOptions options) at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
    at Microsoft.Extensions.Options.UnnamedOptionsManager`1.get_Value() at lambda_method457(Closure , Object[] ) at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() --- End of inner exception stack trace --- at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() at Autofac.Core.Activators.Reflection.ReflectionActivator.&lt;&gt;c__DisplayClass12_0.&lt;UseSingleConstructorActivation&gt;b__0(ResolveRequestContext ctxt, Action`1 next)
    at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Builder.RegistrationBuilder`3.<>c\_\_DisplayClass41\_0.b\_\_0(ResolveRequestContext ctxt, Action`1 next) at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
    \-\-\- End of inner exception stack trace \-\-\-
    at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
    at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest request) at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest request) at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable`1 parameters, Object& instance)
    at Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable\`1 parameters)
    at Microsoft.AspNetCore.Mvc.Controllers.ServiceBasedControllerActivator.Create(ControllerContext actionContext)
    at Microsoft\.AspNetCore\.Mvc\.Controllers\.ControllerFactoryProvider\.&lt;\&gt;c\_\_DisplayClass6\_0\.g\_\_CreateController\|0\(ControllerContext controllerContext\)
    at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
    at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
    \-\-\- End of stack trace from previous location \-\-\-
    at Microsoft\.AspNetCore\.Mvc\.Infrastructure\.ResourceInvoker\.g\_\_Awaited\|26\_0\(ResourceInvoker invoker\, Task lastTask\, State next\, Scope scope\, Object state\, Boolean isCompleted\)

• Steps to reproduce the issue:"
• engage a typed BlobStore container in a module; configure it in ConfigureServices to use the Minio provider
• use that module in another project (web, tiered, mvc, ef core)
• try to use any Pro Account module features (login, profile picture)
• receive dependency error as noted in exception stack above

I configure my web project and my module with

[DependsOn(typeof(AbpBlobStoringMinioModule))]
    [DependsOn(typeof(AbpBlobStoringModule))]

and in module ConfigureServices() (web project and in the depended module)

        Configure<AbpBlobStoringOptions>(options =>
        {
            options.Containers.Configure<AttachmentsContainer>(container =>
            {
                container.UseMinio(minio =>
                {
                    minio.EndPoint = configuration[Constants.SettingsKeys.BlobStorage.Endpoint];
                    minio.AccessKey = configuration[Constants.SettingsKeys.BlobStorage.AccessKey];
                    minio.SecretKey = configuration[Constants.SettingsKeys.BlobStorage.SecretKey];
                    minio.BucketName = configuration[Constants.SettingsKeys.BlobStorage.BucketName];
                    minio.WithSSL = true;
                    minio.CreateBucketIfNotExists = true;
                });
            });
        });

So I do not touch the defaultContainer setup at all but somehow have destroyed the configuration of the **Volo.Abp.Account.AccountProfilePictureContainer ** in the depended module Volo.Abp.Account.Pro.Public.Application

I have followed the directions from the documentation found at https://docs.abp.io/en/abp/6.0/Blob-Storing specifically using a typed container as per the guidance because I am making a reusable module.

It is a good practice to always use a typed container while developing re-usable modules, so the final application can configure the provider for your container without effecting the other containers.

I am expecting to not have to re-configure any BlobStoring containers, but if I must, how can I re-use the default configuration of the Account PRO Module? And will that fix my issue?

• ABP Framework version: v6.0.2

• UI type: MVC

• DB provider: EF Core

• Tiered (MVC) or Identity Server Separated (Angular): no (single no-layers template with added modules)

• Exception message and stack trace:

• [15:02:43 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+InferIssuerFromHost. [15:02:43 INF] The request address matched a server endpoint: Authorization. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferEndpointType. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as skipped by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [15:02:43 DBG] AuthenticationScheme: Identity.Application was successfully authenticated. [15:02:46 ERR] An unhandled exception has occurred while executing the request. Volo.Abp.BusinessException: Exception of type 'Volo.Abp.BusinessException' was thrown. at Volo.Abp.Account.Public.Web.Pages.Account.ImpersonateUserModel.OnPostAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeNextResourceFilter() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

• Steps to reproduce the issue:"

• (I created my no-layer project using 6.0.1 and then upgraded but not sure that's necessary to reproduce)

• enable multitenancy, tenant impersonation and user impersonation

• log in with admin user.

• create another admin user.

• impersonate the new user from the users list using the (Log in With This User) action option

        //For impersonation in Saas module
        context.Services.Configure<AbpSaasHostWebOptions>(options => { options.EnableTenantImpersonation = true; });

        //For impersonation in Identity module
        context.Services.Configure<AbpIdentityWebOptions>(options => { options.EnableUserImpersonation = true; });

Not sure if this issue is being experienced by others or what the problem here could be without pulling the Account Pro project and integrating it with my template in order to step through (is that even possible w/ no-layers template?)

So, what can be done to eliminate this issue?

It may be worthy of note that I did extend the user entity with a GUID property using the following Extensibility procedure:

            ObjectExtensionManager.Instance
                .MapEfCoreProperty<IdentityUser, Guid>(
                    BusinessDomainConstants.Database.People.ColumnNameForExtraPropertyIdentityUserPersonId,
                    (entityBuilder, propertyBuilder) =>
                    {
                        propertyBuilder
                            .HasMaxLength(36)
                            .HasDefaultValue(null)
                        ;
                    }
                );

..however, removing this from the module startup does not change the error scenario.

I am using docker containers to house my app and redis and reverse proxy in production. But every time I deploy a new build to the server the currently authorized users in my mobile app (and the web-app, but this is less troublesome) lose their authentication.

From looking at the account module code and the tables that are created (ie. AbpUserTokens) and the documentation, I think the default template should be using the IPersistedGrantStore that writes to EF Core database instead of in-memory store. But I cannot figure out how to tell the system to use the persisted store instead of in-memory one. I didn't want to try and separate the IdentityServer4 from the MVC project because of the complexity of doing so. Any directions or hints?

ABP Framework version: v4.2.2 UI type: MVC DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes, tiered MVC Exception message and stack trace: Steps to reproduce the issue:

1. Spin up new solution
2. See the AbpUserTokens table is created
3. Use OAuth system (ie, with the react-native template) to login a user
4. See the AbpUserTokens table is empty
5. Restart the server and lose your authentication

I am also working on trying to get the mobile app to re-up the auth when/if it is lost but this above scenario is bugging me because I THINK it should be straight forward to accomplish and would allow me to only concentrate on getting refresh token instead of checking for broken auth before every API call in the mobile app.

I am trying to work with multiple developers with API generated via template and they are complaining the cookie handling and XSRF token header is causing error 400 and redirects to the login page.

• ABP Framework version: v4.2.2
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes, tiered MVC
• Exception message and stack trace:
• Steps to reproduce the issue:

1. spin up a project
2. create an aggregate root with app service to automatically expose
3. create a mobile react native app (or use POSTMAN to mimic the calls)
4. try to call API endpoints of your appService from mobile app or POSTMAN using /api/app/{aggregate root endpoint}
5. you will need to add RequestVerificationToken with value from XSRF cookies
6. try to disable that requirement with this in webmodule configure startup:

            Configure<AbpAntiForgeryOptions>(options =>
            {
                options.AutoValidate = false;
            });

7. in addition, try to disable at the controller level like

       [IgnoreAntiforgeryToken]

8. Scratch your head because you can't figure out why the XSRF is a requirement with API and how you can disable it on automaticly exposed app service endpoints like CreateAsync() or UpdateAsync()

Errors I am seeing in the logs

[17:13:24 ERR] The required antiforgery header value "RequestVerificationToken" is not present.

• if you do not provide the header value in a POST / PUT

[16:43:35 ERR] The provided antiforgery token was meant for a different claims-based user than the current user.

[16:43:44 ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.9TtSrW0hzOs" is not present.

[16:44:18 ERR] The antiforgery cookie token and request token do not match.

[18:16:19 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy

[18:19:05 ERR] The antiforgery token could not be decrypted.

• if you use an old token value?

[18:20:33 ERR] The provided antiforgery token was meant for a different claims-based user than the current user.

• if you do not use the fresh value of the XSRF-Token cookie from last request in this request