Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Server restart causes users with active impersonations to lost their grants #10259


User avatar
0
hra created

Prerequisites

10.0.0 (20210301) Angular .Net Core Multitenancy

I am receiving reports from my super users (those who have access to impersonate tenant accounts) that sometimes they lose their access to administrative menu pages, such as the "Tenants" and "Maintenance" menus. The menus disappears from the navigation tree, and even if the user types the administrative page address directly into the address bar, they are bounced as if they do not have permissions. I have traced this back to, when the user is impersonating a tenant account, the server application has been recycled. The user then "returns to my account", and they are still logged in, but they have lost their claims to administrative permissions. There is no way for the user to fix this - no amount of logging in and out, clearing cookies, etc, will fix it.

The only fix I have found, is to ask the user to log out, then recycle the application pool again - as you can imagine, this just raises the risk of it happening to another user.

Please advise,

thanks and regards,


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @hra

    We got a similar report before but couldn't reproduce it with the latest version. Could you check if this is the same error https://github.com/aspnetzero/aspnet-zero-core/issues/3638#issuecomment-791324556 ?

    Thanks,

  • User Avatar
    0
    hra created

    hi,

    yes, that looks like the same issue I'm having. I also found those 2 actions (editing the user permissions, or recycling the application pool) were the only solutions.

    Of course, neither are really acceptable for my production customers...

    Is there some part of the authentication token/crypto that is generated on app-start? If so, it would explain why recycling the server breaks active session tokens - i.e, theyre not expired, but essentially become corrupted...

    I can reproduce this issue consistently. I can share a screen recording with you (privately) if you wish.

  • User Avatar
    0
    hra created

    Hi, I have tracked down the issue.

    After restarting the application server, and clicking "return to my account", all caches are empty - and the RoleManager will repopulate the cache with the admin user role permissions (role 1). The Role Manager calls "PermissionManager.GetAllPermissions(true)", and you can see that AbpSession still contains all the information for the impersonated account - rather than the impersonator account.

    This fails to return the permissions on the Host side, and hence, a much smaller permission set (50, instead of 70-something) - but you can clearly see that this permission set is assigned in the cache to cacheKey "1@0".

    This is what "GetAllPermissions" should look like...

    Because these corrupt permissions are then stored in the cache, this explains why the application must be reset, or permissions changed (to trigger repopulation of the cache).

    I guess the real question is - why is AbpSession still returning "MultiTenancySide == Tenant" after returning back to the Host account?

  • User Avatar
    0
    hra created

    Hi @imscagdas,

    I have created a PR in AspNetBoilerplate which fixes the issue for me. Please review.

    UserManager and PermissionManager appear to use different techniques to determine the active MultiTenancySide - by copying across the UserManager technique to PermissionManager, it appears to resolve the issue.

    Thanks and regards,

    https://github.com/aspnetboilerplate/aspnetboilerplate/pull/6116

  • User Avatar
    0
    musa.demir created

    Thanks alot @hra. Since we can follow the progress in pr, I am closing this.