Base solution for your next web application
Open Closed

After switching to Cloudflare proxy, getting 500 internal server error on impersonate login #11329


0
kylem created
  • What is your product version? 11.1.0
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .net core

Until now we had our ASPNet.Core + Angular app running on AWS behind AWS Load Balancer and it worked fine. Recently we made change when our DNS is hosted by Clouflare and we are proxying calls to AWS Load Balancer.

We can deploy and run applicatin, however when we try impersonate login, we are getting error 500 internal server error.

This is the call that is failing in the browser

and on the Host side we are seeing this in logs:

      "INFO  2022-11-03 20:53:42,610 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 OPTIONS http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 - - - 204 - - 0.3677ms",
      "INFO  2022-11-03 20:53:42,690 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 application/json 0",
      "INFO  2022-11-03 20:53:42,690 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.",
      "INFO  2022-11-03 20:53:42,691 [orker] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate (DenvrDashboard.Web.Core)'",
      "INFO  2022-11-03 20:53:42,693 [orker] c.Infrastructure.ControllerActionInvoker - Route matched with {action = \"ImpersonatedAuthenticate\", controller = \"TokenAuth\", area = \"\"}. Executing controller action with signature System.Threading.Tasks.Task`1[DenvrDashboard.Web.Models.TokenAuth.ImpersonatedAuthenticateResultModel] ImpersonatedAuthenticate(System.String) on controller DenvrDashboard.Web.Controllers.TokenAuthController (DenvrDashboard.Web.Core).",
      "INFO  2022-11-03 20:53:42,701 [orker] osoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 6.0.1 initialized 'DenvrDashboardDbContext' using provider 'Npgsql.EntityFrameworkCore.PostgreSQL:6.0.2+854d2438884c0bf3a4ba8ccde2c47f7ba1ea3a4c' with options: None",
      "ERROR 2022-11-03 20:53:42,705 [orker] Mvc.ExceptionHandling.AbpExceptionFilter - Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
      "System.Exception: Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
      "   at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.CheckCurrentTenant(Nullable`1 tenantId) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 113",
      "   at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.GetImpersonatedUserAndIdentity(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 42",
      "   at DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Web.Core\\Controllers\\TokenAuthController.cs:line 388",
      "   at lambda_method2457(Closure , Object )",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
      "   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",

I tried solutions to similar question suggested here: https://github.com/aspnetzero/aspnet-zero-core/pull/4198 but that didn't work (btw. we are already on the patched version of code).

Please let us know if you have any suggestion what we can do to resolve the issue.

Thanks, Peja


7 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @kylem

    Do you use subdomain as the tenancy name or all tenants are using the same domain ?

  • 0
    kylem created

    All tenants are using same domain

  • 0
    ismcagdas created
    Support Team

    Hi @kylem

    Is it possible to share a test user credentials with [email protected] so we can test this and offer you a solution ?

    Thanks,

  • 0
    kylem created

    I just sent you an email with required information. We can provide additinal information. Thanks for your help, Peja

  • 0
    admin created

    Hi,

    Thank you for sharing the details. Could you check if Abp.TenantId request header is blocked by CloudFlare ?

  • 0
    kylem created

    That was it :)

    It looks like that Cloudflare will strip any header containing dot (.) character. So I searched it up a bit and realized that I can configure my app to use some other header name for TenandId.

    I ended up adding this line into {MyApp}CoreModule.cs:

     //Clouflare doesn't like default TenantIdResolveKey Abp.TenantId
    Configuration.MultiTenancy.TenantIdResolveKey = "MyApp-TenantId";
    

    Also, I changed this line in abp.js:

    abp.multiTenancy.tenantIdCookieName = 'MyApp-TenantId';
    

    Also, needed to adjust some test cases on server side that are utilizing TenandIdResolveKey

    I tested it and it looks good when deployed with cloudflare.

    Can you please confirm if those changes are enough?

    Thanks again for the quick turnaround on this issue.

    Peja

  • 0
    ismcagdas created
    Support Team

    Hi @kylem

    Yes, those changes, Configuration.MultiTenancy.TenantIdResolveKey and abp.multiTenancy.tenantIdCookieName are enough. Glad that it is solved :).