Our users complain that somethimes there is a notification that "Current user is not logged in", both mobile and angular pages. I have noticed couple of times when I have opened mobile app, but this happens during normal use.
Mika
20 Answer(s)
-
0
Can you see this information(Current user is not logged in) in the backend log?
If the
Current user did not login to the applicationnotification appears, the application will go to the login page. This means that the user must log in again.Is this the case for your application?
-
0
No there was no such info at audit logs and not at server log files. I only checked our staging server where we saw this happen on mobile app last night.
I will try to reply the situation and double check logs.
Mika
-
0
Hi @mika
Waiting for your response than, thanks.
-
0
Hi
I have the app on my android test phone and I tried to reproduce the problem but it did not happen. I left the app open and closed screen. Next day I unlocked the phone and app was running as expected. I tried to open next screen and got the "User not logged in". App newer changed to Login screen. I checked backend log and there was "Current user did not login to the application".
I closed the app and and when I started it, it did not start the login screen but opened my main screen and complained that user is not logged in.
Should the app refresh token automatically if it is expired and not force to relogin?
-
0
I use my self our app every day and it is really annoying when app says that user is not logged in. I need to relogin and my passphrase is quite complex so I don't remember it. I have got multiple complains about this feature so please help as fast as possible..
Mika
-
0
Hi @mika
Normally, a new token must be retrieved using the refresh token stored in the mobile app. This might be the cause of your problem https://github.com/aspnetzero/aspnet-zero-core/issues/2648
-
0
Hi
So v7.2.2 this problem might be resolved? I can try to merge these changes and test.
-
0
v7.2.2 enhances related features, you can give it a try.
-
0
So I updated our Staging to V7.2.2 and tried to connect my mobile which has v7.0.0 version still running, targeting to staging server. The app crashes immediately after start without any info.
I tested debugging and it connects to the server, where I see "Refresh token is not valid".
At mobile end I see "Internal Server Exception" and the crashing happens when app is trying to translate word "Error" without appContext.Configuration. The app is calling RefreshTokenAsync ( var response = await client.Request(RefreshTokenUrlSegment) .PostUrlEncodedAsync(new { refreshToken = AuthenticateResult.RefreshToken }) .ReceiveJson<AjaxResponse<RefreshTokenResult>>(); ) but the request is failing.
After that, app tries to produce translation for this. Exception is being thrown at L.cs when appContext.Configuration == null (throw new Exception("Set configuration before using remote localization!").
Here is log from server:
INFO 2019-09-21 07:18:22,349 [78 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 GET http://ourstagingsite.net/AbpUserConfiguration/GetAll INFO 2019-09-21 07:18:22,351 [78 ] uthentication.JwtBearer.JwtBearerHandler - Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired. ValidTo: "[PII is hidden]", Current time: "[PII is hidden]". at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable"1 notBefore, Nullable"1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable"1 notBefore, Nullable"1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Company.App.Web.Authentication.JwtBearer.AppicationJwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in C:\Projects\Appication\src\Company.App.Web.Core\Authentication\JwtBearer\AppicationJwtSecurityTokenHandler.cs:line 40 at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() INFO 2019-09-21 07:18:22,357 [78 ] uthentication.JwtBearer.JwtBearerHandler - Bearer was not authenticated. Failure message: IDX10223: Lifetime validation failed. The token is expired. ValidTo: "[PII is hidden]", Current time: "[PII is hidden]". INFO 2019-09-21 07:18:22,358 [78 ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint "Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore)" INFO 2019-09-21 07:18:22,361 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "GetAll", controller = "AbpUserConfiguration", area = ""}. Executing controller action with signature System.Threading.Tasks.Task"1[Microsoft.AspNetCore.Mvc.JsonResult] GetAll() on controller Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController (Abp.AspNetCore). INFO 2019-09-21 07:18:22,367 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore) - Validation state: Valid INFO 2019-09-21 07:18:22,408 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action method Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore), returned result Microsoft.AspNetCore.Mvc.JsonResult in 39.723ms. INFO 2019-09-21 07:18:22,422 [78 ] matters.Json.Internal.JsonResultExecutor - Executing JsonResult, writing value of type "Abp.Web.Models.AjaxResponse". INFO 2019-09-21 07:18:22,426 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore) in 63.4793ms INFO 2019-09-21 07:18:22,427 [78 ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint "Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore)" INFO 2019-09-21 07:18:22,427 [78 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 78.0453ms 200 application/json; charset=utf-8 INFO 2019-09-21 07:18:23,276 [78 ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://ourstagingsite.net/api/TokenAuth/RefreshToken application/x-www-form-urlencoded; charset=utf-8 866 INFO 2019-09-21 07:18:23,278 [78 ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint "Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core)" INFO 2019-09-21 07:18:23,281 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "RefreshToken", controller = "TokenAuth", area = ""}. Executing controller action with signature System.Threading.Tasks.Task"1[Company.App.Authorization.Accounts.Dto.RefreshTokenResult] RefreshToken(System.String) on controller Company.App.Web.Controllers.TokenAuthController (Company.App.Web.Core). INFO 2019-09-21 07:18:23,298 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core) - Validation state: Valid ERROR 2019-09-21 07:18:23,313 [78 ] Mvc.ExceptionHandling.AbpExceptionFilter - Refresh token is not valid! System.ComponentModel.DataAnnotations.ValidationException: Refresh token is not valid! at Company.App.Web.Controllers.TokenAuthController.RefreshToken(String refreshToken) in C:\Projects\Appication\src\Company.App.Web.Core\Controllers\TokenAuthController.cs:line 222 at lambda_method(Closure , Object ) at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult() at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at System.Threading.Tasks.ValueTask"1.get_Result() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync() INFO 2019-09-21 07:18:23,315 [78 ] .Mvc.Infrastructure.ObjectResultExecutor - Executing ObjectResult, writing value of type "Abp.Web.Models.AjaxResponse". INFO 2019-09-21 07:18:23,315 [78 ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core) in 33.3464ms INFO 2019-09-21 07:18:23,316 [78 ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint "Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core)" INFO 2019-09-21 07:18:23,317 [78 ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 40.3461ms 500 application/json; charset=utf-8So this brings me two questions:
Why this missing configuration can crash the whole app without any notice? Now user is not logged out or anything so the app broken. I know I have now kind of special case, but I am thinking ahead if someday there is going to be some other server inner exception and app is just crashing without any notice.
There is some changes for v7.2.2 but I would like to have our old apps (< V7.2.2) still working at least somewhat as they were so this token expired => server inner exception is not good for me. How come before the app just started with saying "Current user is not logged in"? Shoult there be "Unauthorized exception" and not "Server Inner exception" when token refresh is not ok??
We have some issues with our iOS version, so we can't force our customers to update for v7.2.2 mobile apps, so I need to find a way to get server communicate with both old and newer versions.
-
0
Hi @mika
Sorry but I couldn't understand why this happened. Is it because of the mobile app stores an old token ?
-
0
Hi @ismcagdas
The mobile apps token is generated with V7.0.0 and when I updated server side to v7.2.2, the mobile app (still v.7.0.0) is not starting at all. The mobile apps token may be old or corrupted because of the initial problem, but updating server to v7.2.2 generated this new problem. Now I need to know how I can allow apps to connect new server without crashing.
-
0
Hi @mika
You also need update mobile app and remove old tokens I guess. Did you try anything like that in your dev environment ?
Thanks,
-
0
Hi
It is quite bad experience if we update our server and every customers mobile app will crash before they update it!
And I just tested, yesterday I installed app (v7.2.2) to my tablet (no previous app version) and there is same "Customer not logged in error".
We get daily complaints about this error so it would be nice to have some quicker responce..
-
0
Hi @mika
Sorry for this problem, we are trying to help you but you have a modified app and it is hard to find the problem. Do you believe that the default 7.2.x version has this problem by default ? If so, we will test it again to find the problem.
-
0
I was hoping to get some detailed steps to determine what the problem is.
This problem started after mergin V7.x.x if i remember correctly and we have not customized any authentication codes.
I now tried to debug mobile app with our staging server at V7.2.2 and my other mobile device with V7.2.2. There is token refresh call in the UserConfigurationService.GetAuthenticatedUserConfig that is called on startup. After that, my main view starts and I try to load profile picture. That call fails and AuthenticationHttpHandler:s RefreshToken is called. After that I get "User not logged in".
The get profile picture call uses same token that was received with UserConfigurationService.RefreshAccessTokenAndSendRequestAgain at first time but it fails and new token is received from server. Then there is a loop to refresh token, try to get picture again, fail, refresh token......
So the refreshed token is not workin for some reason?
Here is apicall sequence after startup (AuthenticationHttpHandler.SendAsync):
- AbpUserConfiguration/GetAll
- RefreshToken
- AbpUserConfiguration/GetAll
- Startup screen closes and my main view starts
- Profile/GetProfilePictureById
- RefreshToken
- Profile/GetProfilePictureById
- RefreshToken
=> "Error user not logged in"
-
0
Now I took the refreshToken from mobile app, and with postman I was able to get new access token. But with that token, I got Unauthorized access with api call /api/services/app/User/GetUserForEdit?Id=5.
How tenancy is handled with apicalls?
-
0
Hi @mika
Thank you for your detailed explanation and sorry for this problem. As far as I remember, Tenancy must be handled using the request URL.
We will test this and get bck to you as soon as possible.
-
0
Hi @mika
With the latest version, this should work correctly. Could you try that ?
-
0
Hi **@ismcagdas **
Could you tell me how did you test this as you said 4 months ago?
What is changed in latest version that should affect this problem?
-
0
Hi @mika
It seems like our test was wrong. Could this be your case as well https://support.aspnetzero.com/QA/Questions/8565#answer-4f793627-e759-d917-ba1c-39f3ad5d7aa9 ?
But, I couldn't reproduce it on Angular project.
