Base solution for your next web application
Open Closed

Can't change permissions in production #2629


User avatar
0
sh0knah created

I have an application based on ASPNETZero. I run it in both my development and test environments and it works perfectly. When I deploy it my production environment, I lose certain functionality.

Critically to me right now, when I try to add a permission to a user, I get "You are not authorized." I'm logged in as the Admin user.

I also can't Impersonate users. I get a 500 error. Again, this is something that works correctly in both the development and test environments.

I've tried with and without a Redis server. That doesn't seem to make any difference.

Differences between test and production:

  • The test systems are all single-server. Projection in multi-server.
  • The production server is running https. I've run it that way in development and it seems to work fine.

Any ideas why this isn't working? I've spent way too many hours trying to figure it out.

This is a beautiful framework. But I can't go to production until I resolve this important issue.

Thank you for any help you can provide!


9 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Did you change website address on the host settins page ? Both problems might be because of this.

  • User Avatar
    0
    sh0knah created

    Thank you so much for your fast reply. You guys are always amazing!

    That might be it.

    I changed the value in the appsettings.json. But I didn't change anything directly in the tool. Where do I find that? I've gone through each of the settings pages when logged in as the Host Admin. I have: Tenant Management, User Management, Security, and Email. I can't find the website address on any of them. I also checked the Tenant Settings for the default tenant and the specific tenant I'm setting up. Didn't see anything there, either.

    I found ThisWebSiteRootAddress in the language files, but didn't find it referenced anywhere in the code.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    In one of the last versions this setting is moved to appsettings.json actually. Which version do you use by the way ? ASP.NET Core with jquery or angular2 ?

  • User Avatar
    0
    sh0knah created

    Asp.net core with jQuery

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Can you check the log file for error details. You can get the error message for impersonation, it can help.

    Thanks.

  • User Avatar
    0
    sh0knah created

    Thank you for all of your help.

    At this point, I think it's coming down to the fact that the address I'm putting in the appsettings file is a domain name that can't be resolved locally on the machine. It can only be resolved externally. That works fine for most things, but not for these few features.

    I tried putting the load-balanced internal IP address of the servers in the file. But then, when I do a rights assignment or an impersonation, that IP address ends up in the address bar of my browser, which, of course, can't resolve it externally.

    I think my solution is to add the domain name to the DNS table on the machines so that it can be resolved locally on the machines. But I'll have to setup a set of test servers to try that. That's probably a weekend project. I'll let you know if it works!

    Thanks again!

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thanks for your feedback.

  • User Avatar
    0
    sh0knah created

    I'm still unable to get this resolved. My application is deployed for the enterprise now. And it's fully functional, with two major exceptions that I've identified:

    I can't impersonate users. Trying to impersonate a user takes me to the 500 error page. There's literally nothing in the logs, other than the startup event. Nothing at all in the log4net logs. And after I do this, I'm logged out. Again, this works in production and staging (where I have one server each), but not in production, where I have multiple servers.

    **I'm unable to delete a role or to edit permissions on a user.**I can create a role and edit permissions there. But if I try to delete a role, or to edit permissions on a user directly, it says I'm not authorized. I'm logged in as Admin with full rights. Again, this is not an issue in dev or staging, just production.

    Any thoughts?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I can't impersonate users.

    For this one, can you open Chrome's console and check "Preserve log", then tyr to impersonate. After that, please send logs in the console to us.

    I'm unable to delete a role or to edit permissions on a user.

    Can you send a screenshot of admin user's permissions and your roleAppService class ?

    Thanks.