Open Closed

Mix ANZ and Abp.Io #10681


0
andmattia created

Hi

I look to ABP.IO Commercial for next upgrade on our solition based on ANZ because we need some options based on MongoDb. Our solution is not very simple to move in one single step to ABP.IO for this reason I need to invastigate if it's possibile to start some service on ABP.IO and step by step move other.

I check if we can share the same database but I think is not possibile beacuse now the defualt id is GUID and on ANZ is int. So I read the documentation on ABP.IO and, if I correct undestand, I can use ANZ site for autentication and use ABP.IO like a separate service in that way I can share DB or not it's not blocking (my idea / goal could be some microservice that use ANZ solution for autentication)

I terms of license can we have some support during this transition phase (I work on ANZ since ver 0.7)

Any idea o support is appreciated.

Regards


33 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    Yes, you can move your app part by part to ABP Commercial. You can use ANZ as an auth server (by enabling Identity Server) and then configuring ABP Commercial to use ANZ with OpenID Connect. If you face any problems, I can try to help you.

  • 0
    andmattia created

    Hi @ismcagdas

    great to hear can anyone support me for APB.IO commercial I try to reach support many time to give the first year license whithout success.

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    Could you send an email to info@aspnetzero.com about this ? We will help you about it.

  • 0
    andmattia created

    Hi @ismcagdas

    we are focus on release new version of our app and now we return to move forward our solution.

    We have cretated a new module, very simple and start to integrate two solution ANZ and ABP Commercial module. So if I correct understed your suggestion we need to:

    • configure IdentityServer on ANZ
    • configure ABP.IO Commercial module to use Identity (ANZ)

    My question is is not best case use ABP.IO for Identiy and ANZ client?

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    Yes, using ABP.IO for Identity and ANZ as client is better but in that case, you need to migrate your users from ANZ to ABP.IO. If that's not a problem, you can follow this approach.

  • 0
    andmattia created

    Ok

    In this case I need to start a new database with user and tenants? Or I can share the same database? I see that user ID on ABP.IO is GUID and not INT. On ANZ where I can find a guide/how to to use an external autentication throw APB.IO (or quite similar)?

    UPDATE

    we use standard document to allow Identity on ANZ ANZ Identity Config

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    I don't suggest using the same database for ABP.IO and AspNet Zero. They even use same names for some tables.

  • 0
    andmattia created

    Hi @ismcagdas

    So your suggestion is to create a separete DB for ABP.IO solution and use ANZ for identity but If I've a module (es. CRM) develop on ANZ (in a monolitic solution) I need to separete it on ABP.IO module and I can attach existing database?

    About identity on new solution it works fine IS+HttpHOST. So I try to change IS for ABP.IO to ANZ

    on appsettings.json Api.Host I've

     "AuthServer": {
        "Authority": "http://localhost:22742",
        "RequireHttpsMetadata": "false",
        "SwaggerClientId": "test_Swagger",
        "SwaggerClientSecret": "1q2w3e*"
      }
    

    On ANZ

    "IdentityServer": {
      "IsEnabled": "true",
      "Authority": "http://localhost:22742/",
      "ApiName": "default-api",
      "ApiSecret": "secret",
      "Clients" : [
      {
          "ClientId": "test_Swagger",
          "AllowedGrantTypes": [
            "password"
          ],
          "ClientSecrets": [
            {
              "Value": "1q2w3e*"
            }
          ],
          "AllowedScopes": [
            "default-api"
          ]
        }
      ]
    

    I run both solution and works but if I try to authenticate from Swagger (ABP.IO) I see the correct URL

    But it doesn't work. this is the log from ANZ solution

    INFO  2022-02-14 16:49:16,147 [112  ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 GET http://localhost:22742/connect/authorize?response_type=code&client_id=test_Swagger&redirect_uri=https%3A%2F%2Flocalhost%3A44333%2Fswagger%2Foauth2-redirect.html&scope=clay&state=TW9uIEZlYiAxNCAyMDIyIDE2OjQ1OjAwIEdNVCswMTAwIChPcmEgc3RhbmRhcmQgZGVsbOKAmUV1cm9wYSBjZW50cmFsZSk%3D  
    INFO  2022-02-14 16:49:16,154 [112  ] Server4.Hosting.IdentityServerMiddleware - Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
    ERROR 2022-02-14 16:49:16,154 [112  ] er4.Validation.AuthorizeRequestValidator - Invalid redirect_uri: https://localhost:44333/swagger/oauth2-redirect.html
    {
    "ClientId": "test_Swagger",
    "AllowedRedirectUris": [],
    "SubjectId": "1",
    "RequestedScopes": "",
    "Raw": {
      "response_type": "code",
      "client_id": "test_Swagger",
      "redirect_uri": "https://localhost:44333/swagger/oauth2-redirect.html",
      "scope": "clay",
      "state": "TW9uIEZlYiAxNCAyMDIyIDE2OjQ1OjAwIEdNVCswMTAwIChPcmEgc3RhbmRhcmQgZGVsbOKAmUV1cm9wYSBjZW50cmFsZSk="
    }
    }
    
  • 0
    andmattia created

    I change the JSON config and now it works.

    {
            "ClientId": "test_Swagger",
            "AllowedGrantTypes": [
              "authorization_code"
            ],
            "ClientSecrets": [
              {
                "Value": "1q2w3e*"
              }
            ],
            "RedirectUris": [
              "https://localhost:44333/swagger/oauth2-redirect.html"
            ],
            "AllowedScopes": [
              "default-api", "test"
            ]
          },
    
    But in some case still say 403 not auth. I need to add somenthing on ANZ db or ABP.IO db?
    
  • 0
    ismcagdas created
    Support Team

    Hi,

    If you are getting 403 error, it might be related to some permissions. Could you share the full stacktrace ?

    Thanks,

  • 0
    andmattia created

    Hi

    from ANZ side the login works fine

    INFO  2022-02-14 17:36:23,525 [63   ] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.
    WARN  2022-02-14 17:36:23,526 [63   ] entityServer4.Hosting.CorsPolicyProvider - CorsPolicyService did not allow origin: https://localhost:44333
    INFO  2022-02-14 17:36:23,530 [63   ] Server4.Hosting.IdentityServerMiddleware - Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
    INFO  2022-02-14 17:36:23,944 [63   ] Server4.Validation.TokenRequestValidator - Token request validation success, {
      "ClientId": "test_Swagger",
      "GrantType": "authorization_code",
      "AuthorizationCode": "b5f5b172e7ffec89337f824ea1e0d0500d3d03fb7a7d11770c632fb053f04dc6",
      "Raw": {
        "grant_type": "authorization_code",
        "code": "b5f5b172e7ffec89337f824ea1e0d0500d3d03fb7a7d11770c632fb053f04dc6",
        "client_id": "test_Swagger",
        "client_secret": "***REDACTED***",
        "redirect_uri": "https://localhost:44333/swagger/oauth2-redirect.html"
      }
    }
    

    I try to call

    response

    Redis version redis_version:3.0.504

    log trace for this call

    2022-02-14 17:32:42.344 +01:00 [INF] Request starting HTTP/2 GET https://localhost:44333/api/audit-logging/audit-logs - -
    2022-02-14 17:32:42.347 +01:00 [INF] Executing endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
    2022-02-14 17:32:42.364 +01:00 [INF] Route matched with {area = "auditLogging", controller = "AuditLogs", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.AuditLogging.AuditLogDto]] GetListAsync(Volo.Abp.AuditLogging.GetAuditLogListDto) on controller Volo.Abp.AuditLogging.AuditLogsController (Volo.Abp.AuditLogging.HttpApi).
    2022-02-14 17:32:42.634 +01:00 [DBG] Added 0 entity changes to the current audit log
    2022-02-14 17:32:42.638 +01:00 [WRN] ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
    
    StackExchange.Redis.RedisServerException: ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
       at Volo.Abp.Caching.StackExchangeRedis.AbpRedisCache.SetManyAsync(IEnumerable`1 items, DistributedCacheEntryOptions options, CancellationToken token)
       at Volo.Abp.Caching.DistributedCache`2.<>c__DisplayClass54_0.<<SetManyAsync>g__SetRealCache|0>d.MoveNext()
    2022-02-14 17:32:43.702 +01:00 [DBG] Finished setting the cache items. Count: 104
    2022-02-14 17:32:43.707 +01:00 [DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:clay_Swagger,n:AuditLogging.AuditLogs
    2022-02-14 17:32:43.708 +01:00 [DBG] Not found in the cache: pn:C,pk:clay_Swagger,n:AuditLogging.AuditLogs
    2022-02-14 17:32:43.708 +01:00 [DBG] Getting all granted permissions from the repository for this provider name,key: C,clay_Swagger
    2022-02-14 17:32:43.710 +01:00 [DBG] Setting the cache items. Count: 104
    2022-02-14 17:32:43.725 +01:00 [WRN] ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
    StackExchange.Redis.RedisServerException: ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
       at Volo.Abp.Caching.StackExchangeRedis.AbpRedisCache.SetManyAsync(IEnumerable`1 items, DistributedCacheEntryOptions options, CancellationToken token)
       at Volo.Abp.Caching.DistributedCache`2.<>c__DisplayClass54_0.<<SetManyAsync>g__SetRealCache|0>d.MoveNext()
    2022-02-14 17:32:43.725 +01:00 [DBG] Finished setting the cache items. Count: 104
    2022-02-14 17:32:43.728 +01:00 [INF] Authorization failed. These requirements were not met:
    PermissionRequirement: AuditLogging.AuditLogs
    2022-02-14 17:32:43.754 +01:00 [WRN] ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
    StackExchange.Redis.RedisServerException: ERR Error running script (call to f_3915ee22fda531a1d5661f2523d0443fd35ff0a4): @user_script:2: @user_script: 2: Wrong number of args calling Redis command From Lua script 
       at StackExchange.Redis.ConnectionMultiplexer.ExecuteSyncImpl[T](Message message, ResultProcessor`1 processor, ServerEndPoint server) in /_/src/StackExchange.Redis/ConnectionMultiplexer.cs:line 2817
       at StackExchange.Redis.RedisBase.ExecuteSync[T](Message message, ResultProcessor`1 processor, ServerEndPoint server) in /_/src/StackExchange.Redis/RedisBase.cs:line 54
       at StackExchange.Redis.RedisDatabase.ScriptEvaluate(String script, RedisKey[] keys, RedisValue[] values, CommandFlags flags) in /_/src/StackExchange.Redis/RedisDatabase.cs:line 1189
       at Microsoft.Extensions.Caching.StackExchangeRedis.RedisCache.Set(String key, Byte[] value, DistributedCacheEntryOptions options)
       at Volo.Abp.Caching.DistributedCache`2.&lt;&gt;c__DisplayClass50_0.&lt;Set&gt;g__SetRealCache|0()
    2022-02-14 17:32:43.757 +01:00 [WRN] ---------- RemoteServiceErrorInfo ----------
    {
      "code": "Volo.Authorization:010001",
      "message": "Authorization failed! Given policy has not granted.",
      "details": null,
      "data": {},
      "validationErrors": null
    }
    
    2022-02-14 17:32:43.757 +01:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
    Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
       at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
       at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
       at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Features.FeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Volo.Abp.AuditLogging.AuditLogsController.GetListAsync(GetAuditLogListDto input)
       at lambda_method2556(Closure , Object )
       at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeActionMethodAsync&gt;g__Logged|12_1(ControllerActionInvoker invoker)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    2022-02-14 17:32:43.757 +01:00 [WRN] Code:Volo.Authorization:010001
    2022-02-14 17:32:43.761 +01:00 [INF] AuthenticationScheme: Bearer was forbidden.
    2022-02-14 17:32:43.762 +01:00 [INF] Executed action Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) in 1398.681ms
    2022-02-14 17:32:43.763 +01:00 [INF] Executed endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
    2022-02-14 17:32:43.763 +01:00 [INF] Request finished HTTP/2 GET https://localhost:44333/api/audit-logging/audit-logs - - - 403 0 - 1418.9789ms
    2022-02-14 17:32:51.404 +01:00 [DBG] Executing HealthCheck collector HostedService.
    
  • 0
    andmattia created

    HI

    You can ignore the error related to CacheRedis I update to 6.2.x version and it disappear, so I'still have permission issue. If you look the log below you can see the problem that "PermissionRequirement: AuditLogging.AuditLogs", I try with other method but I've the same result. So I can suppose that is relate dot Identity configuration (scope and permission)

    2022-02-16 12:35:52.173 +01:00 [INF] Request starting HTTP/2 GET https://localhost:44333/api/audit-logging/audit-logs?SkipCount=0&MaxResultCount=10 - -
    2022-02-16 12:35:52.175 +01:00 [INF] Executing endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
    2022-02-16 12:35:52.200 +01:00 [INF] Route matched with {area = "auditLogging", controller = "AuditLogs", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.AuditLogging.AuditLogDto]] GetListAsync(Volo.Abp.AuditLogging.GetAuditLogListDto) on controller Volo.Abp.AuditLogging.AuditLogsController (Volo.Abp.AuditLogging.HttpApi).
    2022-02-16 12:35:52.479 +01:00 [DBG] Added 0 entity changes to the current audit log
    2022-02-16 12:35:52.627 +01:00 [DBG] Executing HealthCheck collector HostedService.
    2022-02-16 12:35:52.628 +01:00 [INF] Start processing HTTP request GET "https://localhost:44333/health-status"
    2022-02-16 12:35:52.628 +01:00 [INF] Sending HTTP request GET "https://localhost:44333/health-status"
    2022-02-16 12:35:52.639 +01:00 [INF] Request starting HTTP/1.1 GET https://localhost:44333/health-status - -
    2022-02-16 12:35:52.641 +01:00 [INF] Executing endpoint 'Health checks'
    2022-02-16 12:35:52.647 +01:00 [DBG] Added 0 entity changes to the current audit log
    2022-02-16 12:35:52.647 +01:00 [INF] Executed endpoint 'Health checks'
    2022-02-16 12:35:52.647 +01:00 [DBG] Added 0 entity changes to the current audit log
    2022-02-16 12:35:52.647 +01:00 [INF] Request finished HTTP/1.1 GET https://localhost:44333/health-status - - - 200 - application/json 8.1237ms
    2022-02-16 12:35:52.656 +01:00 [INF] Received HTTP response headers after 28.5052ms - 200
    2022-02-16 12:35:52.657 +01:00 [INF] End processing HTTP request after 28.6498ms - 200
    2022-02-16 12:35:52.657 +01:00 [DBG] HealthReportCollector - health report execution history saved.
    2022-02-16 12:35:52.657 +01:00 [DBG] HealthReport history already exists and is in the same state, updating the values.
    2022-02-16 12:35:52.657 +01:00 [DBG] HealthReportCollector has completed.
    2022-02-16 12:35:52.657 +01:00 [DBG] HealthCheck collector HostedService executed successfully.
    2022-02-16 12:35:53.107 +01:00 [INF] Executing action method Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) - Validation state: "Valid"
    2022-02-16 12:35:53.384 +01:00 [DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:1,n:AuditLogging.AuditLogs
    2022-02-16 12:35:53.388 +01:00 [DBG] Found in the cache: pn:U,pk:1,n:AuditLogging.AuditLogs
    2022-02-16 12:35:53.388 +01:00 [DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:clay_Swagger,n:AuditLogging.AuditLogs
    2022-02-16 12:35:53.392 +01:00 [DBG] Found in the cache: pn:C,pk:clay_Swagger,n:AuditLogging.AuditLogs
    2022-02-16 12:35:53.392 +01:00 [INF] Authorization failed. These requirements were not met:
    PermissionRequirement: AuditLogging.AuditLogs
    2022-02-16 12:35:53.428 +01:00 [WRN] ---------- RemoteServiceErrorInfo ----------
    {
      "code": "Volo.Authorization:010001",
      "message": "Authorization failed! Given policy has not granted.",
      "details": null,
      "data": {},
      "validationErrors": null
    }
    
    2022-02-16 12:35:53.429 +01:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
    Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
       at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
       at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
       at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Features.FeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Volo.Abp.AuditLogging.AuditLogsController.GetListAsync(GetAuditLogListDto input)
       at lambda_method2577(Closure , Object )
       at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    2022-02-16 12:35:53.429 +01:00 [WRN] Code:Volo.Authorization:010001
    2022-02-16 12:35:53.437 +01:00 [INF] AuthenticationScheme: Bearer was forbidden.
    2022-02-16 12:35:53.438 +01:00 [INF] Executed action Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) in 1237.7755ms
    2022-02-16 12:35:53.438 +01:00 [INF] Executed endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
    2022-02-16 12:35:53.439 +01:00 [INF] Request finished HTTP/2 GET https://localhost:44333/api/audit-logging/audit-logs?SkipCount=0&MaxResultCount=10 - - - 403 0 - 1265.7960ms
    
  • 0
    andmattia created

    How can I share the permission?

    My scenario is:

    • ANZ solution name test1 with its own permission
    • ABP solution name test2 with its own permission (es. blog auth)

    When I open swagger on abp.io page tha auth process call ANZ identity and receive a correct token but when i call it from swagger I need to indecate scope the scope name available is test2, because I'm on test2 abp.io app. I look into redis and I see that Volo.Abp.PermissionManamente.PermissionGrant.test2.pn.C.test2_swagger all sub key has isgranted set to false.

    My dubt is that test2_swagger has no permission, how can give permission to that user profile?

  • 0
    andmattia created

    Hi

    I try from 2 new clean solution ANZ (7.1.0) ABP.IO (lastest) but nothing change ANZ say autenthication complete but APB.IO on swagger say "Unable to fatch" and no auth completed. I can share with you.

  • 0
    andmattia created

    I've send souce code of both solution to info email.

  • 0
    gterdem created
    Support Team

    APB.IO on swagger say "Unable to fatch" and no auth completed.

    You are getting CORS error. You need to add swagger url to authentication server allowed CORS urls on appsettings.

  • 0
    andmattia created

    Hi

    I add https://localhost:44367 to appsetting on ANZ solution AZN

    "App": {
        "ServerRootAddress": "http://localhost:22742/",
        "ClientRootAddress": "http://localhost:4200/",
        "CorsOrigins": "http://*.mycompany.com,http://localhost:4200,http://localhost:49152,https://localhost:44333,https://localhost:44367",
        "SwaggerEndPoint": "/swagger/v1/swagger.json",
        "AllowAnonymousSignalRConnection": "true"
      },
    

    ABP.IO

      "App": {
        "SelfUrl": "https://localhost:44367",
        "AngularUrl": "http://localhost:4200",
        "MVCPublicUrl": "https://localhost:44306",
        "CorsOrigins": "https://*.test2demo.com,http://localhost:4200,http://localhost:22742"
      },
    

    but problem still exixts.

    So on your side has you test and works? Has you the correct permission to query data on ABP.IO authenticated from ANZ?

  • 0
    andmattia created

    Ok, this issue is related to IIS if I call using debug via console it works. now the problem is permission on ANZ I've this permission

    ANZ

       "Pages.Tenants",
      "Pages.Tenants.Create",
      "Pages.Tenants.Edit",
      "Pages.Tenants.ChangeFeatures",
      "Pages.Tenants.Delete",
      "Pages.Tenants.Impersonation"
    

    on ABP.IO

        "Saas.Tenants"
    

    I try to add a row on ABP db on AbpPermissionGrants (picture below) but now on swagger I get an error "Bad Request, error: invalid_grant"

    So now my question is: how can it works? If I add permission on ABP I get an error if I don't add it I'm not authorized. About permission: ABP send permission name to ANZ? It not make sense... or it happen only beacuse I chosse authorization_code...

    For us it's important to undestend this point becasue at the moment we have 2 payed subscrption on ANZ & ABP but we cannot bring the max from both.

  • 0
    andmattia created

    Hi

    has you see the 2 solution sended via wetransfer?

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    Yes, we have received the email. But, there might be a missunderstanding here. If you use OpenID Connect, it will just allow you to login, it will not retrieve permissions from one system to the other one. Permissions must be arranged on each system separately with the current design.

  • 0
    andmattia created

    Hi

    ok I can understand it but why if authenticate my abp.io client on ANZ I get an 403 error and if I put a row on abppermissiongrant I get an invalid_grant.

    ANZ only give ok or KO for user access (evenutaly can share some date on OpenId configuration like name,email, etc). The scope on ABP.IO give the role/persmission configure.

    Are you able to make it work with my two solution? Colud you please share what we need to change?

  • 0
    andmattia created

    Hi I see that is a cache related issue. If I give permission to a scope client and not delete / refrash the Redis permission not works fine but I need to delete only key related to client and not all db.

  • 0
    andmattia created

    So now we can share access from ANZ & ABP.IO (at the moment only via authentication_code in next day we check different auth mode).

    Now wich is the best approce to share "data" ANZ is monolityc ABP is modular supose we develop a now module Product (or move some API from ANZ to ABP) respect the picture above we can't have GW.(our UI in Angulr)

    How can we use data from new ABP service? From ANZ of course we can use normal TS proxy.

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    I just wanted to understand the scenario correctly here.

    1.You are hosting Identity Server in ANZ and your ABP.IO app logins using OpenID Connect via ANZ, is that right ? 2. And you want to retrieve data from ANZ using your ABP.IO service, is that right ?

    Thanks,

  • 0
    andmattia created

    Hi @ismcagdas

    yes it's correct. Consider that our solution (now has more or less 96 project). On this large solution we have 6 "service" already defined with their own DBContext and table so we have (core,app,shared,web for each service). We are moving to ABP.IO and to do that our path could be move one "service" into a ABP.IO microservice (we no that have some limitation (es. we can use only sync method beacuse RabbitMQ is not available on ANZ)).

    Like has you suggest out path is:

    • allow ABP.IO to authenticate via IS on ANZ and we did it only for authcode for now (I'm testing user but I get en infinite loop)
    • move a service in an ABP.IO module (or more)

    So our open point still:

    • data comunication from to service
    • SSO from ABP.IO -> ANZ with user credential

    For this reason I've create this 2 empty project to create an internla POC a prepare the guide line to implement our pattern.

    Our goal could be deploy different service / UI that it use ANZ for authentication (more or less that you do on public web site, support and commercial on ABP.IO) mixing ANZ and ABP.IO.

  • 0
    ismcagdas created
    Support Team

    Hi,

    Thanks, I got it now. If you want to call ANZ from ABP.IO, you need to use Token Based Auth if you are going to make requests to get data from ANZ.

    You can use this appraoch until you complete the migraiton process. You can create a user for each ABP.IO service and use it this way.

  • 0
    andmattia created

    Hi @ismcagdas

    I try some uses case to use ANZ has a Identity for ABP.IO but I think is more complex then migrate user and tenant on ABP.IO.

    The problem that I found is that ANZ is older then ABP and Identity soffert of this "distance". For example login page on ANZ is Angular on ABP.IO is part of IdentityServer module, or if I migrate a service to APB.IO I need to share user and permission from 2 different apps. In other words it's a nightmare, opposite migrate user and tenant colud be more simple the "only" impact is related to PK int -> Guid. So if we follow this path user and tenat could be take advantege on the new ABP.IO structure, our migrated module after migration colud be a link on ANZ site and move to ABP.IO using new Identity Server.

    So the question is how to change my appsettings.json in ANZ to use ABP.IO has a IdentityServer? We can build a simple guide that can be use for many users in our status.

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    In that case, you can just configure OpenIDConnect configuration in your AspNet Zero app's appsettings.json file. If you plan to store all users on ABP.IO database, you may disable the regular login onb your ANZ app and only allow OpenID Connect login.

    You are right, both apps (ABP.IO and ANZ) are using different auth approaches and it might be hard to use them together.

  • 0
    andmattia created

    hi can you explain more details about "disable regular login"?

    Now I go to test enable openId from ANZ in conjunction with ABP.IO

  • 0
    andmattia created

    I've an issue on IS ABP.IO becasue it not redirect back (opend ticket on ABP.IO).

    I've enable OpenId on ANZ

        "OpenId": {
          "IsEnabled": "true",
          "ClientId": "anz-client",
          "Authority": "https://localhost:44308",
          "LoginUrl": "https://localhost:44308/Account/Login",
          "ValidateIssuer": "false",
          "ClaimsMapping": [
            {
              "claim": "unique_name",
              "key": "preferred_username"
            }
          ]
        },
    

    But how can redirect user based on tennat to ABP.IO login page? For ex. :

    • app1.demo.com (tenant 1) -> ABP IS with tenant app1
    • app2.demo.com (tenant 1) -> ABP IS with tenant app2

    I don't want that user need to click OpenId button but I need user go directly to IS when try to login into the app

  • 0
    ismcagdas created
    Support Team

    Hi @andmattia

    Is the IDS URL changing depending on the tenant ? Or is it a fixed URL like app1.demo.com or app2.demo.com ?

  • 0
    andmattia created

    at the moment is fixed but to accomplish our saas model need to be per tenant url *.demo.com (app1 and app2 are tenants)

  • 0
    ismcagdas created
    Support Team