When I enter the full uri RedirectUris field We don't get the error.
We have the same issue with the CORSOrigins in the application settings/confguration.
We're a SaaS provider and currently have over 80 clients and growing every year. I thought I read a previous post (can't find it) where someone else had the same issue.
How can we use a wildcard to match the custom domains for our clients? (Note about 90% will have something like XXX.cloverleafcms.de).
Thank you
Provide us with the following info:
We're currently using the micro services template with the auth-server as an MVC application.
We're a SaaS provider with dozens of client tenants. Each has either their own domain or a subdomain under our brand domain. For example: auth.mydomain1.com auth.mydomain2.com etc.
What we want to do is have one auth-server application that is mapped to multiple domains and/or subdomains. However in the auth-server application configuration (appsettings) there is only one SelfUrl.
In our vue application we're using the oidc-client.ts NPM module to access the auth-server openiddict. In the oidc-client User Manager settings I can set the redirect url to ${window.location.origin}/signin-oidc, so it's correctly routed back to the Vue application after authentication. I can also specify the authority url to include the client domain auth.${window.location.origin}. In the above examples, if I specify auth.mydomain1.com as the authority, it won't find it since there's only 1 SelfUrl in the appsettings of the auth-server.
How do I have multiple "SelfUrls" based on tenant domain/subdomain in the auth server so I can call it from the Vue application (or any other application for that matter)?
I know one way is to have a different auth server application running for each domain instance but that gets expensive since we have over 80 clients today.
Looking forward to your response. Thank you.
We've developed a solution using the microservices template.
We have 2 services with their own database. We need to create a query using the Abp libraries that joins results from queries from each of the databases.
Use case:
The client microservices manages clients. The programs service manages programs that are assigned to clients.
We want to have one query that gets all of the programs of a given type. We want to have a second query that returns all of the clients associated with those programs.
How do we do that using the microservices template? Has anyone done this before and if so is there a sample we can follow?
Thank you for response but let me point out a couple of points since I was trying to use the eshopOnAbp demo source code as a reference:
Because of course there is no .env in the root directory. I'm assuming it's because there are sensitive values in your .env file that you don't want on GitHub. So it would be nice to either have something in the readme.md file with what needs to be included or a .env template with the sensitive values left out.
There is no elasticsearch directory in the helm charts of the eshopOnAbp and in the authserver values.yaml file this is what's under the config property: elasticsearchHost: #
In the microservices template /etc/k8s helm charts all of the values are #, it leaves the developer to figure out what each property is used for and then figure out what value to insert. A lot of that can be extrapolated from the appsettings.json files but it would be nice to have comments in the values file with some examples/instructions for filling out. For example this is from the authserver values.yaml file:
config: selfUrl: # corsOrigins: # allowedRedirectUrls: # disablePii: # identityService: connString: # administrationService: connString: # saasService: connString: # authServer: authority: # requireHttpsMetadata: # swaggerClientId: # dotnetEnv: # redisHost: # rabbitmqHost: # elasticsearchUrl: #
I would only ask if you're going to provide a template based on a solution you have running in a cloud Kubernetes environment that
a) The documentation is complete and accurate.
b) If the documentation is complete and accurate it actually works when you follow the instructions
Sorry to be negative, but I wanted to provide some feedback on what would help my team and other companies as well.
Please take this up the chain. We're getting increasingly frustrated with the lack of documentation and support from abp.io.
We paid for the commercial license thinking that it would greatly accelerate our deployment of a dotnet microservices architecture. However, we've spent countless hours digging through the code and documentation to get just a basic micro-service to work.
Everything works fine if you run the template solution locally using Docker desktop and Tye exactly as it's delivered in the template. Getting it deployed in the cloud or debugging issues with any modifications or a new service is a different story.
I would think that most companies who are deploying dotnet microservices are going to be deploying them on Azure. Others might use AWS or Google cloud.
If abp.io is going to provide a microservices template that includes the helm charts for deployment:
I would challenge one of the engineers to deploy the microservices template into a cloud Kubernetes service and get it to work. Azure would probably be a good place to start. If it doesn't work, fix it and included it in the next update.
This is the 2nd support ticket I've posted without resolution from abp.io. The first one I figured out on my own by digging into the source code on the framework Github repository and finding a demo of what I was trying to do.
Thank you.
As you can see from my original question I have tried that and got this error: It was not possible to connect to the redis server(s). UnableToConnect on redis:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.2.4.27433 at StackExchange.Redis.ConnectionMultiplexer.ConnectImpl(ConfigurationOptions configuration, TextWriter log) in /_/src/StackExchange.Redis/ConnectionMultiplexer.cs:line 1163
This is the redis deployment file and it is running: apiVersion: apps/v1 kind: Deployment metadata: name: redis spec: replicas: 1 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - image: redis:alpine name: redis ports: - name: redis containerPort: 6379
Here's the output from the kubectl describe Name: redis-696dfdfbfc-nvd2m Namespace: abp-infrastructure Priority: 0 Node: aks-agentpool-19446568-vmss000002/10.0.0.6 Start Time: Thu, 04 May 2023 13:18:54 -0500 Labels: app=redis pod-template-hash=696dfdfbfc Annotations: <none> Status: Running IP: 10.0.0.113 IPs: IP: 10.0.0.113 Controlled By: ReplicaSet/redis-696dfdfbfc Containers: redis: Container ID: containerd://8882f84973aea2ea652dd43e5a2430971cc9d69caab5b67b7ec8855cd221276b Image: redis:alpine Image ID: docker.io/library/redis@sha256:cbcf5bfbc3eaa232b1fa99e539459f46915a41334d46b54bf894f8837a7f071e Port: 6379/TCP Host Port: 0/TCP State: Running Started: Thu, 04 May 2023 13:18:57 -0500 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-jsmn9 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-jsmn9: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: <none>
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
1 optionsAction) at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action1 optionsAction)
at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
at AuthServer.Program.Main(String[] args) in /src/Program.cs:line 27This is line 141 from AuthserverModule.cs
var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
This is my auth server deployment.yaml
# Source: authserver/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: authserver
namespace: abp-app
spec:
selector:
matchLabels:
app: authserver
replicas: 1
template:
metadata:
labels:
app: authserver
spec:
containers:
- name: authserver
image: cprtestregistry.azurecr.io/authserver:v1.1
imagePullPolicy: Always
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
env:
- name: StringEncryption__DefaultPassPhrase
value: ert134134t1qqerg
- name: App__CorsOrigins
value: https://public-gateway.cloverleafcms.dev,https://web-gateway.cloverleafcms.dev
- name: App__DisablePII
value: "true"
- name: App__RedirectAllowedUrls
value: https://admin.cloverleafcms.dev,https://admin.cloverleafcms.dev,
- name: App__SelfUrl
value: https://auth.cloverleafcms.dev
- name: AuthServer__Authority
value: https://auth.cloverleafcms.dev
- name: AuthServer__RequireHttpsMetadata
value: "false"
- name: AuthServer__SwaggerClientId
value: WebGateway_Swagger
- name: ConnectionStrings__AdministrationService
value: Server=***
- name: ConnectionStrings__IdentityService
value: Server=***
- name: ConnectionStrings__SaasService
value: Server=***
- name: DOTNET_ENVIRONMENT
value: Staging
- name: ElasticSearch__Url
value: http://elasticsearch
- name: Redis__Configuration
value: http://redis
This is my redis service.yaml file:
apiVersion: v1
kind: Service
metadata:
labels:
name: redis
name: redis
spec:
type: ClusterIP
ports:
- name: redis
port: 6379
selector:
app: redis
I've verified that the redis service is running via kubectl get services redis ClusterIP 10.2.92.53
I've also tried using value: redis for the Redis__Configuration env and get this in the pod log: It was not possible to connect to the redis server(s). UnableToConnect on redis:6379/Interactive, Initializing/NotStarted, last: NONE, origin: BeginConnectAsync, outstanding: 0, last-read: 0s ago, last-write: 0s ago, keep-alive: 60s, state: Connecting, mgr: 10 of 10 available, last-heartbeat: never, global: 0s ago, v: 2.2.4.27433 at StackExchange.Redis.ConnectionMultiplexer.ConnectImpl(ConfigurationOptions configuration, TextWriter log) in /_/src/StackExchange.Redis/ConnectionMultiplexer.cs:line 1163
We'd like to use the abp modules/libraries rather than write our own OAUTH flow.
The template project is already integrated with Identity Server or OpenIddict. You don't need to write any code.
What I'd like to know is if those routes can be exposed as external REST API's that can be called using Axios or Ajax from the Vuejs app. yo
On the contrary if AJAX returns token this may require more code.
Hi and thanks again for your quick response. I may not be asking the question correctly so I'll try to be more specific.
We need to be able to get the authentication / authorization credentials that are used in the [Authorize] interface of the microservices.
We will have a custom web application built with Vuejs and we will also need to expose REST API's to some of our clients who are using other applications.
So, the work flow would look something like this:
We do not want a redirect to another application UI for authentication given that we'll also have external applications accessing the API's directly.
I realize we'll have additional code to write, but can we use the Abp modules (specifically Account, Identity and OpendIDDict) for the above using only REST API's? If so, how would we go about doing that?
Thanks
It seems the login from a web app is only through a redirect to the MVC Authentication app. Is that accurate?
hi
You can use
oauth2-oidclibrary in vue like angular-oauth2-oidcabp supports authorization code and password grant types to get access token and id token.
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type https://developer.okta.com/blog/2018/06/29/what-is-the-oauth2-password-grant#the-oauth-20-password-grant
Thank you but that doesn't really answer my question.
We'd like to use the abp modules/libraries rather than write our own OAUTH flow.
Going through the code on GitHub it looks like the login route (for example) is used in the Nuget package that contains the MVC app. abp/modules/account/src/Volo.Abp.Account.HttpApi/Volo/Abp/Account/AccountController.cs
What I'd like to know is if those routes can be exposed as external REST API's that can be called using Axios or Ajax from the Vuejs app.
Thanks