Base solution for your next web application
Open Closed

user loses tenancy identifier #6790


User avatar
0
BobIngham created

A very basic question with the likelihood of feeling stupid when someone gives me an answer. I have a set of users sharing a PC. They all use the same shortcut on the desktop which directs them to the subdomain for the tenancy. Occassionally a user will use the shortcut and try sign in and get a failed login error. When I check the audit logs I can see the error has been placed against the host audit trail. I follow the code in the TokenAuthController and it has to be because the call to Authenticate() does not contain the tenancy identifier.

  1. Can anyone point to a reason why this should or even could happen?
  2. If I tell users to refresh the page when they have a failed sign in attempt would this instantiate the tenancy identifier and thus remove the problem?

I thank anyone who can throw light into my darkness.


17 Answer(s)
  • User Avatar
    0
    BobIngham created

    Any ideas anyone?

  • User Avatar
    0
    maliming created
    Support Team

    Do you mean subdomains (such as tenant1.mydomain.com) cannot determining the current tenant?

  • User Avatar
    0
    BobIngham created

    Hi @maliming. yes. that's exactly what I mean. The user selects the shortcut from a browser bookmark bar (Chrome), the address is tenant1.mydomain.com but when s/he signs in the system throws an error. The error appears in the audit log of the host.

  • User Avatar
    0
    maliming created
    Support Team

    Can you share the complete log?

  • User Avatar
    0
    BobIngham created

    Hi maliming,

    Here is my audit log for the host (I use Kendo grids so it looks a little different): IP 5.198.106.135 is the IP address for my tenant. The detail audit for the top entry reads: Parameters:

    {
        "model": {
            "userNameOrEmailAddress": "LHUGILL",
            "twoFactorVerificationCode": null,
            "rememberClient": false,
            "twoFactorRememberClientToken": null,
            "singleSignIn": false,
            "returnUrl": null
        }
    }
    

    The error state reads:

    Abp.UI.UserFriendlyException: Login failed!
       at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__32.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__19.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at lambda_method(Closure , Object )
       at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
    

    The records for the same user in the AbpUserLoginAttempts table read as follows: Lines 25 to 16 show several unsuccessful attempts to sign in (all are in the host audit). Lines 15-13 show sign-ins using the same credentials using an Ionic app which keeps the tenant identifier in local storage. The user is confused and contacts her admin user who resets the passwords and then signs in using an impersonated sign-in at line 12.

    What is the meaning of Result value "3"? Hoping you can help.

  • User Avatar
    0
    maliming created
    Support Team

    3 = InvalidPassword

    The case of the subdomain URL can also cause problems. Such as: The tenant name is: Default, but the Url is default.mydomain.com This will not determining the correct tenant.

    Can you share the application log? (Generally in App_Data/Logs/Logs.txt)

  • User Avatar
    0
    BobIngham created

    Hi @maliming, unfortunately I can't share my logs because I don't save them. The last time this issue occured was Sunday morning and the logs for the date are long gone. I will keep an eye out for a re-occurence of the problem and immediately download the logs so I can post here. Can we leave the issue open until that date?

  • User Avatar
    0
    maliming created
    Support Team

    of course can. Please note the case of the subdomain URL.

  • User Avatar
    0
    BobIngham created

    The name of the tenant is magdalen so that's not the problem.

  • User Avatar
    0
    ismcagdas created
    Support Team

    @bobingham

    Normally this shouldn't be a problem since requests are made to {Tenancy_Name}.mydomain.com and TenantId is resolved on the server side.

    Could you share your AspNet zero version ?

  • User Avatar
    1
    BobIngham created

    angular, dotnetcore, 6.8.0 .net 4.6.1 The problem is intermittent, I will try capture the logs next time it happens (it last happenned on Sunday morning).

  • User Avatar
    0
    BobIngham created

    This problem happened again last night. Here is an image of my host audit log showing the intermittent nature of these login failures from the same tenant (fixed IP at 86.18.107.193). Last night at 20:39:47 I have the following api entry. Parameters;

    {
        "model": {
            "userNameOrEmailAddress": "HELENB",
            "twoFactorVerificationCode": null,
            "rememberClient": false,
            "twoFactorRememberClientToken": null,
            "singleSignIn": false,
            "returnUrl": null
        }
    }
    

    And here is the error state:

    Abp.UI.UserFriendlyException: Login failed!
       at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__36.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__20.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at lambda_method(Closure , Object )
       at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
       at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
    

    Here is the entry in the log:

    WARN  2019-04-15 19:39:50,050 [105  ] Mvc.ExceptionHandling.AbpExceptionFilter - Login failed!
    Abp.UI.UserFriendlyException: Login failed!
       at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__36.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__20.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at lambda_method(Closure , Object )
       at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
       at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeInnerFilterAsync>d__13.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeNextExceptionFilterAsync>d__24.MoveNext()
    INFO  2019-04-15 19:39:50,050 [105  ] .Mvc.Infrastructure.ObjectResultExecutor - Executing ObjectResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
    INFO  2019-04-15 19:39:50,050 [105  ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Nuagecare.Web.Controllers.TokenAuthController.Authenticate (Nuagecare.Web.Core) in 2451.3904ms
    INFO  2019-04-15 19:39:50,050 [105  ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Nuagecare.Web.Controllers.TokenAuthController.Authenticate (Nuagecare.Web.Core)'
    INFO  2019-04-15 19:39:50,050 [105  ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 2479.118ms 500 application/json; charset=utf-8
    

    I have no idea how to attach the entire log file but these are the entries for thread 105. It's an on-going problem. The user has not attempted a sign in since so I can't say whether the problem has been fixed.

  • User Avatar
    0
    maliming created
    Support Team

    Send log file to [email protected]

  • User Avatar
    0
    maliming created
    Support Team

    I guess your tenant has magdalen,lindsey,westfield , but someone in the log is trying to log in with lindseyhall, which will definitely cause problems. Can you confirm it?

    http://lindseyhall.nuagecare.io/api/TokenAuth/Authenticate

  • User Avatar
    0
    BobIngham created

    @maliming, that's brilliant. Thank you for pointing this out, now I know how to find and analyse this particular problem. One question before I close the issue. In the log the details read:

    Request starting HTTP/1.1 POST http://lindseyhall.nuagecare.io/api/TokenAuth/Authenticate
    

    When I have everything set up as https why is this logged as a http call?

  • User Avatar
    0
    maliming created
    Support Team

    Most of them have a proxy server (http/https) and then proxy your application (http)

    https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-2.2

  • User Avatar
    0
    BobIngham created

    @maliming, thank you.