- What is your product version? ASPNETZERO Version 8.9.2
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .Net Core
We encounter issues when dealing with the framework on ASP.NET Core + Angular and IdentityServer Here’s the draft of the scenario on (1 Webhost API, and 2 clients) where the solution was acquired from AspNetZero. SSO Access Portal:
- Centralize portal of user management, role & permission management, managing edition & customer subscription.
- Database 1 using ABP schema.
- Web.Host API = localhost:44301
- Angular Client = localhost:4200
Customer End / Client Access:
- Another hosted client for customer transactions.
- Database 2 using Custom Schema with ABPUsers.Id as the transaction references
- Web.Host API = localhost:44302
- Angular Client = localhost:4300
As per AspNetZero documentation of Identity Server for ASP.NET Core + Angular solution: https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Infrastructure-Core-Angular-Identity-Server4-Integration We can set the Web.Host as an IdentityServer which also supports OpenID as social login https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Social-Logins
When top up this 2 line code too at localhost:44301 Web.Host\StartUp\AuthConfigurer.cs Here’s the setup details for localhost:44302 : AppSettings.Json And Here’s another config for localhost:4300 at login.service.ts. and remoteSeviceBaseURL set to localhost:44302 at appconfig.json Below is the result we get.
- From localhost:4300 login with OpenID, URL redirected to localhost:4200 with this generated URL http://localhost:4200/account/login?response_type=id_token%20token&client_id=custclient&state=MWE2azM3RExoYWZxanBRSWx0VnREUGxmMTk1Z2hnbUdRUDN-SjV4TUVnWGx5%3BopenIdConnect%253D1&redirect_uri=http%3A%2F%2Flocalhost%3A4300%2Faccount%2Flogin&scope=openid%20profile%20email%20default-api&nonce=MWE2azM3RExoYWZxanBRSWx0VnREUGxmMTk1Z2hnbUdRUDN-SjV4TUVnWGx5
- After successful login it did not redirect back to localhost:4300
- Localhost:4200 has AccessToken value at cookies
- Manually redirect to Localhost:4300 and it already login thru the app, but not having AccessToken at cookies. Soon received exceptions at localhost:44302 that AccessToken is null when try to read access token from cookies.
In the second attempt, we follow the step mentioned for ASP.NET Core + angular documentation https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Infrastructure-Core-Angular-Identity-Server4-Integration by changing the Login URL on the OpenID config at localhost:44302 to: and returned this generated URL which is having the same URL param as the previous one https://localhost:44301/UI/Login?response_type=id_token%20token&client_id=custclient&state=MUZ6LnhFZUphcjJMLVVBeWxsWk9UaG9LSW5URmlQNTNUZXBORFh3cmdhRjNI%3BopenIdConnect%253D1&redirect_uri=http%3A%2F%2Flocalhost%3A4300%2Faccount%2Flogin&scope=openid%20profile%20email%20default-api&nonce=MUZ6LnhFZUphcjJMLVVBeWxsWk9UaG9LSW5URmlQNTNUZXBORFh3cmdhRjNI But having the same output, which after successful login the page stays at localhost:44301 and not returned to localhost:4300 to triggers the OpenId callback.
While with the MVC client sample we manage to get the access token after login with https://localhost:44301/UI/Login page. and here’s the redirect URL generated from the MVC client sample: https://localhost:44301/UI/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Datnclient%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A7002%252Fsignin-oidc%26response_type%3Dcode%26scope%3Ddefault-api%2520openid%2520profile%2520email%2520offline_access%26response_mode%3Dform_post%26nonce%3D637626478879962555.OTQ4ZjUxYWMtNjU4MC00N2IzLTgzOTEtODYwNDdiOTkyZDlhNjBkZmRkM2QtNDljYy00N2JlLThiZTYtOTBlNDg3Y2Y3MDE2%26state%3DCfDJ8LjpsvQIPopBleTfM5mDVEET_4L_K5liABk8FxhNffyECDWrkG8totdkqsZK9dcqeW7P2WKOCVWMwXBExoU1p8C96SBNw9a2QdALGPl6B9yCbVfHW4ZDjYeAV6R1-MSJgxRgbZ_s-Rf6Y4b9aeGCInApo8x04N7ySepAp3NFZWzBSRwdAzG4K9uTpTIPyy66ab_R8VHWPi40g1h4NTxpZEhmKw3Z2YQy8rS0YF_mT4LXzZSHXSiEbHjqrE39385AICKFdER4AoOatDmVnTdDFZbIi2Uv4Ig0Ya6HYrMnE7VIAx5R_vBCdvFKvufRaUSzjg%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D22.214.171.124
We noticed there’s a difference between the URL generated from the angular client and the MVC client. While on the documentation for ASP.NET Core MVC & JQuery solutions https://docs.aspnetzero.com/en/aspnet-core-mvc/v8.2.0/Infrastructure-Core-Mvc-Identity-Server4-Integration we see in the documentation the client is having ReturnURL param as well with the same login page as the angular client.
Thank you for your prompt reply.
We re-build it with the latest AspNetZero version for angular v.10.4.0.
https://localhost:44303 appsettings.json LoginURL set to https://localhost:44301, but upon successful login, it did not redirect back to the requestor (http://localhost:4300) and stay at https://localhost:44301 instead.
At the angular end http://localhost:4300, I found this version does not return the LoginURL value configured at the Web.Host level and always returned null, unlike the previous version. Temporary I hardcoded like this at http://localhost:4300 for LoginURL value
Please review the recorded result below: Result Video
Kindly advice and thanks in advance
We just sent you guys the source and the step on how to reproduce it via email to email@example.com.
Please check, thank you.
I have replied to your email. You can write back via email if the problem persists. We will also make some enhancements in AspNet Zero, see the related issue
Thank you for the solutions provided by you and the AspNetZero team via Email before. However, we still face an issue during login with the existing & active user (firstname.lastname@example.org) via OpenID, at the process the login user will create a new record instead of return the existing one. Here's the demo video: OpenId Demo
We do debug at TokenAuthController.cs > ExternalAuthenticate and we found that the EmailAddress field being filled with non-email value that’s why it always falls into AbpLoginResultType.UnknownExternalLogin case instead of AbpLoginResultType.Success case even login using existing and active user.
Thanks in advance