user loses tenancy identifier #6790

BobIngham created 5 years ago

A very basic question with the likelihood of feeling stupid when someone gives me an answer. I have a set of users sharing a PC. They all use the same shortcut on the desktop which directs them to the subdomain for the tenancy. Occassionally a user will use the shortcut and try sign in and get a failed login error. When I check the audit logs I can see the error has been placed against the host audit trail. I follow the code in the TokenAuthController and it has to be because the call to Authenticate() does not contain the tenancy identifier.

Can anyone point to a reason why this should or even could happen?
If I tell users to refresh the page when they have a failed sign in attempt would this instantiate the tenancy identifier and thus remove the problem?

I thank anyone who can throw light into my darkness.

Go to accepted answer

17 Answer(s)

0

BobIngham created 5 years ago

Any ideas anyone?
0

maliming created 5 years ago
Support Team

Do you mean subdomains (such as tenant1.mydomain.com) cannot determining the current tenant?
0

BobIngham created 5 years ago

Hi @maliming. yes. that's exactly what I mean. The user selects the shortcut from a browser bookmark bar (Chrome), the address is tenant1.mydomain.com but when s/he signs in the system throws an error. The error appears in the audit log of the host.
0

maliming created 5 years ago
Support Team

Can you share the complete log?

BobIngham created 5 years ago

Hi maliming,

Here is my audit log for the host (I use Kendo grids so it looks a little different): IP 5.198.106.135 is the IP address for my tenant. The detail audit for the top entry reads: Parameters:

{
    "model": {
        "userNameOrEmailAddress": "LHUGILL",
        "twoFactorVerificationCode": null,
        "rememberClient": false,
        "twoFactorRememberClientToken": null,
        "singleSignIn": false,
        "returnUrl": null
    }
}

The error state reads:

Abp.UI.UserFriendlyException: Login failed!
   at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__32.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at lambda_method(Closure , Object )
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()

The records for the same user in the AbpUserLoginAttempts table read as follows: Lines 25 to 16 show several unsuccessful attempts to sign in (all are in the host audit). Lines 15-13 show sign-ins using the same credentials using an Ionic app which keeps the tenant identifier in local storage. The user is confused and contacts her admin user who resets the passwords and then signs in using an impersonated sign-in at line 12.

What is the meaning of Result value "3"? Hoping you can help.

0

maliming created 5 years ago
Support Team

3 = InvalidPassword

The case of the subdomain URL can also cause problems. Such as: The tenant name is: Default, but the Url is default.mydomain.com This will not determining the correct tenant.

Can you share the application log? (Generally in App_Data/Logs/Logs.txt)
0

BobIngham created 5 years ago

Hi @maliming, unfortunately I can't share my logs because I don't save them. The last time this issue occured was Sunday morning and the logs for the date are long gone. I will keep an eye out for a re-occurence of the problem and immediately download the logs so I can post here. Can we leave the issue open until that date?
0

maliming created 5 years ago
Support Team

of course can. Please note the case of the subdomain URL.
0

BobIngham created 5 years ago

The name of the tenant is magdalen so that's not the problem.
0

ismcagdas created 5 years ago
Support Team

@bobingham

Normally this shouldn't be a problem since requests are made to {Tenancy_Name}.mydomain.com and TenantId is resolved on the server side.

Could you share your AspNet zero version ?
1

BobIngham created 5 years ago

angular, dotnetcore, 6.8.0 .net 4.6.1 The problem is intermittent, I will try capture the logs next time it happens (it last happenned on Sunday morning).

BobIngham created 5 years ago

This problem happened again last night. Here is an image of my host audit log showing the intermittent nature of these login failures from the same tenant (fixed IP at 86.18.107.193). Last night at 20:39:47 I have the following api entry. Parameters;

{
    "model": {
        "userNameOrEmailAddress": "HELENB",
        "twoFactorVerificationCode": null,
        "rememberClient": false,
        "twoFactorRememberClientToken": null,
        "singleSignIn": false,
        "returnUrl": null
    }
}

And here is the error state:

Abp.UI.UserFriendlyException: Login failed!
   at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__36.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at lambda_method(Closure , Object )
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()

Here is the entry in the log:

WARN  2019-04-15 19:39:50,050 [105  ] Mvc.ExceptionHandling.AbpExceptionFilter - Login failed!
Abp.UI.UserFriendlyException: Login failed!
   at Nuagecare.Web.Controllers.TokenAuthController.<GetLoginResultAsync>d__36.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Nuagecare.Web.Controllers.TokenAuthController.<Authenticate>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at lambda_method(Closure , Object )
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionMethodAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeNextActionFilterAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeInnerFilterAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.<InvokeNextExceptionFilterAsync>d__24.MoveNext()
INFO  2019-04-15 19:39:50,050 [105  ] .Mvc.Infrastructure.ObjectResultExecutor - Executing ObjectResult, writing value of type 'Abp.Web.Models.AjaxResponse'.
INFO  2019-04-15 19:39:50,050 [105  ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Nuagecare.Web.Controllers.TokenAuthController.Authenticate (Nuagecare.Web.Core) in 2451.3904ms
INFO  2019-04-15 19:39:50,050 [105  ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Nuagecare.Web.Controllers.TokenAuthController.Authenticate (Nuagecare.Web.Core)'
INFO  2019-04-15 19:39:50,050 [105  ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 2479.118ms 500 application/json; charset=utf-8

I have no idea how to attach the entire log file but these are the entries for thread 105. It's an on-going problem. The user has not attempted a sign in since so I can't say whether the problem has been fixed.

0

maliming created 5 years ago
Support Team

Send log file to [email protected]
0

maliming created 5 years ago
Support Team

I guess your tenant has magdalen,lindsey,westfield , but someone in the log is trying to log in with lindseyhall, which will definitely cause problems. Can you confirm it?

http://lindseyhall.nuagecare.io/api/TokenAuth/Authenticate
0
BobIngham created 5 years ago
@maliming, that's brilliant. Thank you for pointing this out, now I know how to find and analyse this particular problem. One question before I close the issue. In the log the details read:

Request starting HTTP/1.1 POST http://lindseyhall.nuagecare.io/api/TokenAuth/Authenticate

When I have everything set up as https why is this logged as a http call?
0

maliming created 5 years ago
Support Team

Most of them have a proxy server (http/https) and then proxy your application (http)

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-2.2
0

BobIngham created 5 years ago

@maliming, thank you.

Have an answer to this question? Log in and write your answer.