Aspnet Core MVC Version - 14.0.0
migrated from version 13.0 to 14.0
After migrating from version 13.0 to version 14.0 we are facing the following problem that did not occur previously:
We have our own MAUI application that uses the client project to communicate with the API (web.host project).
In the application, we have a request to the API that updates claims to use custom context filters.
After the migration, the claims are no longer updated; they are stuck in the data that was assigned at Login (looking like some kind of cache that is not updated).
In the Web application (MVC Project), the updates to the Claims using the same functions are reflected normally.
-
Request from the mobile application to the API (Wen.Host Project):
-
Added the Claim "Application_UserUnidadeNegocio" with the value: B6B42B82-E765-49A2-41C5-08DD1DF5646F
-
when we try to recover the value of the Claim, it has the value that was assigned during login.
17 Answer(s)
-
0
Hi @ricardo,
Could you share your project with support@aspnetzero.com?
-
0
Hi @m.aliozkaya
sent.
-
0
Hi @ricardo,
We can't run the project. Could you fix and resent it?
-
0
hi,
sent.
-
0
Hi @m.aliozkaya
Can you check?
tanks
Ricardo -
0
Hi @ricardo,
We have successfully executed the project and will provide you with an update at the earliest opportunity.
-
0
Hi @m.aliozkaya
We are unable to find the source of the problem as well as the solution. Can you please help us. We are unable to publish the update of our application.
-
0
Hi @ricardo
We are actively working on resolving this issue. We apologize for the delay and will provide you with a response as soon as possible. Thank you for your patience.
-
0
Hi @m.aliozkaya, how are you?
any progress?
Thank you.
-
0
Hi @ricardo
We are actively working on resolving this issue. We apologize for the delay and will provide you with a response as soon as possible. Thank you for your patience.
Hi @m.aliozkaya
any progress?
-
0
Hi @ricardo,
Sorry for the late reply. We're having trouble reproducing the error. Another teammate will be handling this issue from now on.
-
0
Hi @ricardo
First of all, we apologize for the late response. It took some time to reproduce the issue. Thank you for your understanding.
The reason why the claim update operation fails is that you are not removing the previous value from the Principal, which causes the initially loaded claim value to persist.
To resolve this, you can use the following example code. You need to perform this operation where you define the new
"UnidadeNegocioAtivaId"for the user because theGetCurrentUnidadeNegocioAtivaIdOrNullmethod is called before the await_userClaimsPrincipalFactory.CreateAsync(user)step.The claims defined in the
CreateAsyncmethod of theUserClaimsPrincipalFactoryclass are the initial values assigned when the application runs. To update them, you can use the following code snippet:If you want to update claims in
UserContextAppServiceor anywhere else, you need to injectIPrincipalAccessor.var identity = _principalAccessor.Principal?.Identity as ClaimsIdentity; if (identity != null) { var oldClaim = identity.FindFirst("Application_UserUnidadeNegocio"); if (oldClaim != null) { identity.RemoveClaim(oldClaim); } identity.AddClaim(new Claim("Application_UserUnidadeNegocio", UnidadeNegocioAtivaId.ToString())); }You need to perform this code snippet inside the
SetUnidadeNegocioAtivamethod before the stepGetPeriodoAtivoFromUnidadeNegocio -
0
Hi @oguzhanagir,
I really appreciate your feedback but the error still persists, even after applying the suggested change:
When we perform API tests with Swagger, everything works as expected, but when executing the call in the same method through the mobile application using AbpClient, the claim returned is always the one that was assigned to the user when the application runs.
Below are two prints, one executing the call via Swaggerand the other via the mobile app:
Swagger:
Mobile:
on mobile, the next requests made after defining the claim always return the opening claim.
In the case of requests via abpCliente on mobile, is something different necessary for the claims to be updated? Am I missing something?
I did all the custom claim configuration based on this article:
https://aspnetboilerplate.com/Pages/Documents/Articles%5CHow-To%5Cadd-custom-data-filter-ef-coreIn the MVC application and in the Host project via swhagger I can change the Claim value and it remains valid for all future requests, but on the cell phone it always displays the initial set for the user, not respecting the change requested in the function : SetUnidadeNegocioAtiva
I really appreciate your efforts in helping me solve this problem.
:) -
0
Hi @ricardo
Here, after updating the claims for the user, you update the session, but the token used by MAUI will be outdated. Here you need to send the newly created token to MAUI. And now, after updating the claims and updating the token, you need to make a request in the backend by MAUI. Because claims are made from tokens. Additionally, after the token is updated on the MAUI side, you need to put this old token on a black list and check the requests accordingly. Otherwise, the old token may be valid.
-
0
Hi @oguzhanagir,
Could you tell me the correct way to retrieve the new user token?
-
0
Hi @ricardo
You can use the token creation structure in the
CreateRefreshTokenandCreateAccessTokenmethods in theTokenAuthController. Logically, after receiving the logged in user information and the user whose claim has been updated, you need to create aRefreshTokenusing the User's Identity and User information. After creatingRefreshToken, you need to createAccessToken. You need to call the method that performs this operation from MAUI. You need to update the MAUI side using these tokens. For these operations, you can examine theAccessTokenManagerclass in the MAUI section. -
0
Hi @oguzhanagir
I appreciate all the help. Now everything works correctly.
