Hi Team,
we are facing issue with swagger login only on the production environment
using the below page to login
after entering valid id and password the post call to the login page throws page not found 404
Post call https://gateway.net/ui/login return 404
this does not happen at lower environment , in lower env the post call https://gateway.net/ui/login returns 302 and login is succesfull
the below page loads for lower env but not for the prod
what might be issue , we are not able to reproduce this issue locally
7 Answer(s)
-
0
Hi,
For production,
HomePageUrlin your appsettings.json is used. You can configure it as you wish. You can also check source code of HomeController under Host project to understand howHomePageUrlis used. -
0
Hi ,
we were able to reproduce this in lower environment uat after upgrading Nginx Ingress from v3.X to v4.X, the issue is intermittent , some time it works and some time throws 404 but in production its never working
some error logs ERROR 2024-04-19 05:27:20,146 [45 ] spNetCore.Antiforgery.DefaultAntiforgery - An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {99aeb753-da2e-4f7b-9a42-e50a8028fba0} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext) ERROR 2024-04-19 05:37:25,996 [56 ] e.Diagnostics.ExceptionHandlerMiddleware - An unhandled exception has occurred while executing the request. Abp.UI.UserFriendlyException: [Login failed] at Stealth.Web.Controllers.UiController.GetLoginResultAsync(String usernameOrEmailAddress, String password, String tenancyName) in /src/ApiGateway/Stealth.Web.Gateway/Controllers/UiController.cs:line 132 at Stealth.Web.Controllers.UiController.Login(LoginModel model, String returnUrl) in /src/ApiGateway/Stealth.Web.Gateway/Controllers/UiController.cs:line 93 at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker) at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Abp.AspNetZeroCore.Web.Authentication.JwtBearer.JwtTokenMiddleware.<>c__DisplayClass0_0.<<UseJwtTokenMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) ERROR 2024-04-19 05:56:41,266 [11 ] idateAntiforgeryTokenAuthorizationFilter - The antiforgery token could not be decrypted. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {0e5a013b-51b8-4e93-9f02-91eeb5903b18} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.DeserializeTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, AntiforgeryToken& cookieToken, AntiforgeryToken& requestToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) ERROR 2024-04-19 05:57:27,152 [11 ] idateAntiforgeryTokenAuthorizationFilter - The antiforgery token could not be decrypted. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {87a353ed-b5f0-4a3b-91bd-100fa89b8abf} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.DeserializeTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet, AntiforgeryToken& cookieToken, AntiforgeryToken& requestToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
-
0
Hi,
For production,
HomePageUrlin your appsettings.json is used. You can configure it as you wish. You can also check source code of HomeController under Host project to understand howHomePageUrlis used.tried this but still issue persist please find the above logs we are getting , the issue is intemittent and it might be related to persist data keys issue we are hosting the app on the container with multiple instances
the below issue may be related https://support.aspnetzero.com/QA/Questions/11025/An-exception-was-thrown-while-deserializing-the-token-MicrosoftAspNetCoreAntiforgeryAntiforgeryValidationException-The-antiforgery-token-could-not-be-decrypted
-
0
Hi,
If you have more than one instance of your app, please take a look at https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Clustered-Environment
-
0
Hi,
If you have more than one instance of your app, please take a look at https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Clustered-Environment
@ismcagdas so are you suggesting to use persist data keys at some central store like cloud blob storage
-
0
Hi,
If you have more than one instance of your app, please take a look at https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Clustered-Environment
@ismcagdas will the below code work for multi instance environment
public async Task<GetCurrentLoginInformationsOutput> GetCurrentLoginInformationsAsync() { var httpContext = _httpContextAccessor.HttpContext; if (httpContext == null) { return await _sessionAppService.GetCurrentLoginInformations(); }
var cachedValue = httpContext.Items["__PerRequestSessionCache"] as GetCurrentLoginInformationsOutput; if (cachedValue == null) { cachedValue = await _sessionAppService.GetCurrentLoginInformations(); httpContext.Items["__PerRequestSessionCache"] = cachedValue; } return cachedValue; } -
0
Hi,
I think this will not work because it is instance specific. You can store those keys in database as well, see https://aspnetzero.com/blog/persist-data-protection-keys-to-database
