- What is your product version? 11.1.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
Until now we had our ASPNet.Core + Angular app running on AWS behind AWS Load Balancer and it worked fine. Recently we made change when our DNS is hosted by Clouflare and we are proxying calls to AWS Load Balancer.
We can deploy and run applicatin, however when we try impersonate login, we are getting error 500 internal server error.
This is the call that is failing in the browser
and on the Host side we are seeing this in logs:
"INFO 2022-11-03 20:53:42,610 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 OPTIONS http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 - - - 204 - - 0.3677ms",
"INFO 2022-11-03 20:53:42,690 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 application/json 0",
"INFO 2022-11-03 20:53:42,690 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.",
"INFO 2022-11-03 20:53:42,691 [orker] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate (DenvrDashboard.Web.Core)'",
"INFO 2022-11-03 20:53:42,693 [orker] c.Infrastructure.ControllerActionInvoker - Route matched with {action = \"ImpersonatedAuthenticate\", controller = \"TokenAuth\", area = \"\"}. Executing controller action with signature System.Threading.Tasks.Task`1[DenvrDashboard.Web.Models.TokenAuth.ImpersonatedAuthenticateResultModel] ImpersonatedAuthenticate(System.String) on controller DenvrDashboard.Web.Controllers.TokenAuthController (DenvrDashboard.Web.Core).",
"INFO 2022-11-03 20:53:42,701 [orker] osoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 6.0.1 initialized 'DenvrDashboardDbContext' using provider 'Npgsql.EntityFrameworkCore.PostgreSQL:6.0.2+854d2438884c0bf3a4ba8ccde2c47f7ba1ea3a4c' with options: None",
"ERROR 2022-11-03 20:53:42,705 [orker] Mvc.ExceptionHandling.AbpExceptionFilter - Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
"System.Exception: Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
" at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.CheckCurrentTenant(Nullable`1 tenantId) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 113",
" at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.GetImpersonatedUserAndIdentity(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 42",
" at DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Web.Core\\Controllers\\TokenAuthController.cs:line 388",
" at lambda_method2457(Closure , Object )",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
I tried solutions to similar question suggested here: https://github.com/aspnetzero/aspnet-zero-core/pull/4198 but that didn't work (btw. we are already on the patched version of code).
Please let us know if you have any suggestion what we can do to resolve the issue.
Thanks, Peja
11 Answer(s)
-
0
Hi @kylem
Do you use subdomain as the tenancy name or all tenants are using the same domain ?
-
0
All tenants are using same domain
-
0
Hi @kylem
Is it possible to share a test user credentials with [email protected] so we can test this and offer you a solution ?
Thanks,
-
0
I just sent you an email with required information. We can provide additinal information. Thanks for your help, Peja
-
0
Hi,
Thank you for sharing the details. Could you check if
Abp.TenantIdrequest header is blocked by CloudFlare ? -
0
That was it :)
It looks like that Cloudflare will strip any header containing dot (.) character. So I searched it up a bit and realized that I can configure my app to use some other header name for TenandId.
I ended up adding this line into {MyApp}CoreModule.cs:
//Clouflare doesn't like default TenantIdResolveKey Abp.TenantId Configuration.MultiTenancy.TenantIdResolveKey = "MyApp-TenantId";Also, I changed this line in abp.js:
abp.multiTenancy.tenantIdCookieName = 'MyApp-TenantId';Also, needed to adjust some test cases on server side that are utilizing TenandIdResolveKey
I tested it and it looks good when deployed with cloudflare.
Can you please confirm if those changes are enough?
Thanks again for the quick turnaround on this issue.
Peja
-
0
Hi @kylem
Yes, those changes,
Configuration.MultiTenancy.TenantIdResolveKeyandabp.multiTenancy.tenantIdCookieNameare enough. Glad that it is solved :). -
0
Hi
We are having the same issue however, The only reason I am reviving the thread is because in our version of the application (11.2.1 MVC & Jquery) does not have the line abp.multiTenancy.tenantIdCookieName in the abp.js file.
When we implement the Configuration.MultiTenancy.TenantIdResolveKey update the API works with cloudflare but it breaks the impersonation feature.
Is there anything specific to our version that we should be doing?
-
0
Please ignore the above response. We were looking at the incorrect abp.js file.
The correct abp.js file is in the abp-web-resources node module.
After amending the line it works as expected
-
0
The above approach is still problematic though. The file will obviously be lost every time we do a clean install or we upgrade / reinstall the node module. Obviously this is not acceptable from a DevOps perspective. Any ideas on how to address this? All configuration changes should reside within the solution, not in external modules and dependencies.
-
0
Hi MightyIt,
We also had this problem (happens with lots of different hosting proxies, including cloudflare, azure app services etc).
But the file we modify is in angular\src\assets\abp-web-resources\abp.js
This file doesn't change when we upgrade any node modules to my knowledge and when we upgrade aspnetzero we're just careful on the merge to make sure it retains our value.
Rick
