Open Closed

Tenancy Name is Null During Form Authentication #10115


0
Pharm3r created

Product Version: 10.2.0 Product Type: Angular Framework Type: .Net Core API Deployed To: Docker Container on Linux (Azure Web App) UI Deployed To: Azure Storage with Azure CDN

Dear Support Professional,

During the form login process, for the API endpoint api/TokenAuth/Authenticate, the Tenancy Name is Null. However, the form request is sent from a client browser's URL with a subdomain, for example, https://demo.MyCustomDomain.com  (<-- where "MyCustomDomain.com" is our custom domain)

In Chrome's Developer Tools, in the Request Headers for the Authenticate API call, "origin" and "referrer" property is https://demo.MyCustomDomain.com

I successfully created the Tenant named Demo and setup the user that I am attempting to login with.

I can confirm the remote API can read the app setting ServerRootAddress. I added the app setting as follows:

"ServerRootAddress": "https://{TENANCY_NAME}.MyCustomDomain.com/"

In the Angular appconfig.json, I set the appBaseUrl as https://{TENANCY_NAME}.MyCustomDomain.com


4 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @Pharm3r

    Are you hosting your app with nginx ? If so, is your request contains Abp.TenantId request header ? As far as I know, nginx doesn't allow dot (.) in request headers. You can configure nginx to allow this, see http://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers.

  • 0
    Pharm3r created

    Thanks for your response @ismcagdas.

    The Angular code would not know what the Abp.TenantId to set in a cookie because the login attempt has not authenticated. Am I correct?

    In the Authenticate method, I ran the following code on the Linux Azure Web App and returned the header values to the Angular client in the error message. The Referer and Origin values were:

    Referer https://demo.MyCustomDomain.com/ Origin https://demo.MyCustomDomain.com

    How does AbpSession from Abp.AspNetCore.Mvc.Controllers determine the subdomain other than using the Referer or Origin header?

    string headers = ""; foreach (var header in Request.Headers) { headers += " Key: " + header.Key + " value: " + header.Value; }

  • 0
    ismcagdas created
    Support Team

    Hi,

    Angular app gets the TenantID using the subdomain and sends it back to server. Is it possible to share your deployed app's URL with us ? Please also share the URL for a tenant.

    Thanks,

  • 0
    Pharm3r created

    If helpful to resolve the issue, below is the code I added in appInitializerFactory (root.module.ts)  before  the line appSessionService.init()...

    function setTenantIdCookieIfTenancyNameIsNotNull(injector: Injector) {
        return new Promise<void>((resolve, reject) => {
            abp.utils.deleteCookie(abp.multiTenancy.tenantIdCookieName);
    
            //new variable AppConsts.subdomain was set in AppPreBootstrap.getApplicationConfig()
            if (AppConsts.subdomain && AppConsts.subdomain != 'www') {
                let input = new IsTenantAvailableInput();
                input.tenancyName = AppConsts.subdomain;
    
                let accountServiceProxy: AccountServiceProxy = injector.get(AccountServiceProxy);
    
                accountServiceProxy.isTenantAvailable(input).subscribe((result: IsTenantAvailableOutput) => {
                    if (result.state == TenantAvailabilityState.Available) {
                        abp.multiTenancy.setTenantIdCookie(result.tenantId);
                    }
                    resolve();
                });
            } else {
                resolve();
            }
        });
    }