Base solution for your next web application
Open Closed

Impersonate doesn't work on AWS Elastic Beanstalk - Production environment #11426


User avatar
0
Aitor created

Greetings everyone, please I request your help with this case. We have a problem applying the concept of User Impersonate, which works correctly in the development environment, but in a production environment mounted on AWS Elastic Beanstalk and NGINX as a web server, it does not work because the cache loses the data of the user who performs the impersonation. The error we get is the following:

Abp.Authorization.AbpAuthorizationException: The current tenant is different from the given tenant. AbpSession.TenantId: , given tenant id: 1 in PARPlatform.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate(String impersonationToken) in /builds/webcreeklab/platformpar/aspnet-core/src/PARPlatform.Web.Core/Controllers/TokenAuthController.cs:line 402 at lambda_method4875(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object handler, Object[] arguments) Caller, TaskInTakerController, LastActionTask) Next State, Scope, Object State, Boolean is Completed)

And that happens in this method of the ImpersonationManager class where AbpSession.TenantId is NULL:

private void CheckCurrentTenant(int? tenantId) { if (AbpSession.TenantId != tenantId) { throw new Exception($"Current tenant is different than given tenant. AbpSession.TenantId: {AbpSession.TenantId}, given tenantId: {tenantId}"); } }

For this reason, we require your support to understand what the problem is and how to solve it. Thank you


10 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aitor

    Is your app running as 1 instance or more than 1 instance ?

    Thanks,

  • User Avatar
    0
    Aitor created

    Greetings and thanks for your response. Yes, we have several instances on EC2, because we are in the process of developing features and we have a working production environment.

    It is the same application that is deployed in different environments for quality control until it reaches Production, but they are completely separate instances from one another, each with its API, its web application (UI) and its own DB, access to these for the same domain in CloudFlare using cnames:

    https://dev.aequales.com/ https://qa.aequales.com/ https://uat.aequales.com/ ......

  • User Avatar
    0
    Aitor created

    Hi,

    I resend the required since it has been 15 days since last answer from support team and we need to progress with this issue. Thanks.

    "Greetings and thanks for your response. Yes, we have several instances on EC2, because we are in the process of developing features and we have a working production environment.

    It is the same application that is deployed in different environments for quality control until it reaches Production, but they are completely separate instances from one another, each with its API, its web application (UI) and its own DB, access to these for the same domain in CloudFlare using cnames:

    https://dev.aequales.com/ https://qa.aequales.com/ https://uat.aequales.com/ ......"

    image.png

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aitor,

    Sorry for our late reply. Somehow, your question was closed. Probably it is closed by you or by our team accidentally. That's why we couldn't see your question as a open question.

    If your API app is running on more than 1 instance, then you should switch to a distributed cache instead of memory cache. AspNet Zero uses memory cache by default. You can check https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Clustered-Environment#switching-to-a-distributed-cache to switch to Redis for example.

    Maybe before doing this, you can make sure for API app to run only 1 instance and see if it works in that case.

  • User Avatar
    0
    Aitor created

    Greetings to all.

    Following his recommendation, the use of Redis in the cloud was implemented, for which the ConnectionString was added and the correct cache exchange was verified. But unfortunately the problem persists in the Impersonate, the behavior is the same, the source user's session has been lost in the middle of the impersonate process.

    Can you please tell me if there are successful cases of the use of this functionality with your framework on AWS under the architecture that I explained in the original message?

    And if the answer is positive, can you please tell me if it is necessary to implement something additional so that the session is also maintained in Redis or it is enough to enable the use of Redis Cache at a general level without additional implementations?

    If the answer is negative, can you tell us what would be the alternative way to follow to be able to use this functionality please? Since we need to give a solution to this requirement.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aitor,

    Could you send an email to [email protected] and tell us how did you enable Redis on your app ? We will try to hlep you as fast as possible.

    Thanks,

  • User Avatar
    0
    Aitor created

    Hi ismcagdas,

    Yes, I will send an email as you requested, but we really need your assistance and support to make this functionality work by March 22nd. We have been trying to make this work for months, and we now need to close the project and this functionality still does not work at all.

    If it is easier, we can schedule a conference call with one of your experts to discuss further. In the meantime, we will send the email to [email protected]

    Thank you!

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aitor

    Sure, we can also arrange a meeting. Let us check the problem first. We haven't received the email yet by the way.

  • User Avatar
    0
    Aitor created

    Hi @ismcagdas.

    The email was sent on Wednesday. Please, if you can review it and answer it, or will it be necessary to resend it? The email address is correct according to my review.

    If possible, please tell us how we can schedule a meeting to discuss the issue interactively.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Aitor

    Sorry for our late reply. Your emails are marked as read somehow. I have replied to your last email. Probalby the problem is related to AWS not allowing (.) character in request headers.