Base solution for your next web application
Open Closed

User not logged Web and Mobile #7607


User avatar
0
mika created

Our users complain that somethimes there is a notification that "Current user is not logged in", both mobile and angular pages. I have noticed couple of times when I have opened mobile app, but this happens during normal use.

Mika


20 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    Can you see this information(Current user is not logged in) in the backend log?

    If the Current user did not login to the application notification appears, the application will go to the login page. This means that the user must log in again.

    Is this the case for your application?

  • User Avatar
    0
    mika created

    No there was no such info at audit logs and not at server log files. I only checked our staging server where we saw this happen on mobile app last night.

    I will try to reply the situation and double check logs.

    Mika

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    Waiting for your response than, thanks.

  • User Avatar
    0
    mika created

    Hi

    I have the app on my android test phone and I tried to reproduce the problem but it did not happen. I left the app open and closed screen. Next day I unlocked the phone and app was running as expected. I tried to open next screen and got the "User not logged in". App newer changed to Login screen. I checked backend log and there was "Current user did not login to the application".

    I closed the app and and when I started it, it did not start the login screen but opened my main screen and complained that user is not logged in.

    Should the app refresh token automatically if it is expired and not force to relogin?

  • User Avatar
    0
    mika created

    I use my self our app every day and it is really annoying when app says that user is not logged in. I need to relogin and my passphrase is quite complex so I don't remember it. I have got multiple complains about this feature so please help as fast as possible..

    Mika

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    Normally, a new token must be retrieved using the refresh token stored in the mobile app. This might be the cause of your problem https://github.com/aspnetzero/aspnet-zero-core/issues/2648

  • User Avatar
    0
    mika created

    Hi

    So v7.2.2 this problem might be resolved? I can try to merge these changes and test.

  • User Avatar
    0
    maliming created
    Support Team

    v7.2.2 enhances related features, you can give it a try.

  • User Avatar
    0
    mika created

    So I updated our Staging to V7.2.2 and tried to connect my mobile which has v7.0.0 version still running, targeting to staging server. The app crashes immediately after start without any info.

    I tested debugging and it connects to the server, where I see "Refresh token is not valid".

    At mobile end I see "Internal Server Exception" and the crashing happens when app is trying to translate word "Error" without appContext.Configuration. The app is calling RefreshTokenAsync ( var response = await client.Request(RefreshTokenUrlSegment) .PostUrlEncodedAsync(new { refreshToken = AuthenticateResult.RefreshToken }) .ReceiveJson<AjaxResponse<RefreshTokenResult>>(); ) but the request is failing.

    After that, app tries to produce translation for this. Exception is being thrown at L.cs when appContext.Configuration == null (throw new Exception("Set configuration before using remote localization!").

    Here is log from server:

    INFO  2019-09-21 07:18:22,349 [78   ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 GET http://ourstagingsite.net/AbpUserConfiguration/GetAll  
    INFO  2019-09-21 07:18:22,351 [78   ] uthentication.JwtBearer.JwtBearerHandler - Failed to validate the token.
    Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired. ValidTo: "[PII is hidden]", Current time: "[PII is hidden]".
       at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable"1 notBefore, Nullable"1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters)
       at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable"1 notBefore, Nullable"1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
       at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
       at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
       at Company.App.Web.Authentication.JwtBearer.AppicationJwtSecurityTokenHandler.ValidateToken(String securityToken, TokenValidationParameters validationParameters, SecurityToken& validatedToken) in C:\Projects\Appication\src\Company.App.Web.Core\Authentication\JwtBearer\AppicationJwtSecurityTokenHandler.cs:line 40
       at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
       
       
    INFO  2019-09-21 07:18:22,357 [78   ] uthentication.JwtBearer.JwtBearerHandler - Bearer was not authenticated. Failure message: IDX10223: Lifetime validation failed. The token is expired. ValidTo: "[PII is hidden]", Current time: "[PII is hidden]".
    INFO  2019-09-21 07:18:22,358 [78   ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint "Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore)"
    INFO  2019-09-21 07:18:22,361 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "GetAll", controller = "AbpUserConfiguration", area = ""}. Executing controller action with signature System.Threading.Tasks.Task"1[Microsoft.AspNetCore.Mvc.JsonResult] GetAll() on controller Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController (Abp.AspNetCore).
    INFO  2019-09-21 07:18:22,367 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore) - Validation state: Valid
    INFO  2019-09-21 07:18:22,408 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Executed action method Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore), returned result Microsoft.AspNetCore.Mvc.JsonResult in 39.723ms.
    INFO  2019-09-21 07:18:22,422 [78   ] matters.Json.Internal.JsonResultExecutor - Executing JsonResult, writing value of type "Abp.Web.Models.AjaxResponse".
    INFO  2019-09-21 07:18:22,426 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore) in 63.4793ms
    INFO  2019-09-21 07:18:22,427 [78   ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint "Abp.AspNetCore.Mvc.Controllers.AbpUserConfigurationController.GetAll (Abp.AspNetCore)"
    INFO  2019-09-21 07:18:22,427 [78   ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 78.0453ms 200 application/json; charset=utf-8
    INFO  2019-09-21 07:18:23,276 [78   ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://ourstagingsite.net/api/TokenAuth/RefreshToken application/x-www-form-urlencoded; charset=utf-8 866
    INFO  2019-09-21 07:18:23,278 [78   ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint "Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core)"
    INFO  2019-09-21 07:18:23,281 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {action = "RefreshToken", controller = "TokenAuth", area = ""}. Executing controller action with signature System.Threading.Tasks.Task"1[Company.App.Authorization.Accounts.Dto.RefreshTokenResult] RefreshToken(System.String) on controller Company.App.Web.Controllers.TokenAuthController (Company.App.Web.Core).
    INFO  2019-09-21 07:18:23,298 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Executing action method Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core) - Validation state: Valid
    ERROR 2019-09-21 07:18:23,313 [78   ] Mvc.ExceptionHandling.AbpExceptionFilter - Refresh token is not valid!
    System.ComponentModel.DataAnnotations.ValidationException: Refresh token is not valid!
       at Company.App.Web.Controllers.TokenAuthController.RefreshToken(String refreshToken) in C:\Projects\Appication\src\Company.App.Web.Core\Controllers\TokenAuthController.cs:line 222
       at lambda_method(Closure , Object )
       at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
       at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
       at System.Threading.Tasks.ValueTask"1.get_Result()
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
       at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
       
       
    INFO  2019-09-21 07:18:23,315 [78   ] .Mvc.Infrastructure.ObjectResultExecutor - Executing ObjectResult, writing value of type "Abp.Web.Models.AjaxResponse".
    INFO  2019-09-21 07:18:23,315 [78   ] ore.Mvc.Internal.ControllerActionInvoker - Executed action Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core) in 33.3464ms
    INFO  2019-09-21 07:18:23,316 [78   ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint "Company.App.Web.Controllers.TokenAuthController.RefreshToken (Company.App.Web.Core)"
    INFO  2019-09-21 07:18:23,317 [78   ] soft.AspNetCore.Hosting.Internal.WebHost - Request finished in 40.3461ms 500 application/json; charset=utf-8
    

    So this brings me two questions:

    1. Why this missing configuration can crash the whole app without any notice? Now user is not logged out or anything so the app broken. I know I have now kind of special case, but I am thinking ahead if someday there is going to be some other server inner exception and app is just crashing without any notice.

    2. There is some changes for v7.2.2 but I would like to have our old apps (< V7.2.2) still working at least somewhat as they were so this token expired => server inner exception is not good for me. How come before the app just started with saying "Current user is not logged in"? Shoult there be "Unauthorized exception" and not "Server Inner exception" when token refresh is not ok??

    We have some issues with our iOS version, so we can't force our customers to update for v7.2.2 mobile apps, so I need to find a way to get server communicate with both old and newer versions.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    Sorry but I couldn't understand why this happened. Is it because of the mobile app stores an old token ?

  • User Avatar
    0
    mika created

    Hi @ismcagdas

    The mobile apps token is generated with V7.0.0 and when I updated server side to v7.2.2, the mobile app (still v.7.0.0) is not starting at all. The mobile apps token may be old or corrupted because of the initial problem, but updating server to v7.2.2 generated this new problem. Now I need to know how I can allow apps to connect new server without crashing.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    You also need update mobile app and remove old tokens I guess. Did you try anything like that in your dev environment ?

    Thanks,

  • User Avatar
    0
    mika created

    Hi

    It is quite bad experience if we update our server and every customers mobile app will crash before they update it!

    And I just tested, yesterday I installed app (v7.2.2) to my tablet (no previous app version) and there is same "Customer not logged in error".

    We get daily complaints about this error so it would be nice to have some quicker responce..

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    Sorry for this problem, we are trying to help you but you have a modified app and it is hard to find the problem. Do you believe that the default 7.2.x version has this problem by default ? If so, we will test it again to find the problem.

  • User Avatar
    0
    mika created

    I was hoping to get some detailed steps to determine what the problem is.

    This problem started after mergin V7.x.x if i remember correctly and we have not customized any authentication codes.

    I now tried to debug mobile app with our staging server at V7.2.2 and my other mobile device with V7.2.2. There is token refresh call in the UserConfigurationService.GetAuthenticatedUserConfig that is called on startup. After that, my main view starts and I try to load profile picture. That call fails and AuthenticationHttpHandler:s RefreshToken is called. After that I get "User not logged in".

    The get profile picture call uses same token that was received with UserConfigurationService.RefreshAccessTokenAndSendRequestAgain at first time but it fails and new token is received from server. Then there is a loop to refresh token, try to get picture again, fail, refresh token......

    So the refreshed token is not workin for some reason?

    Here is apicall sequence after startup (AuthenticationHttpHandler.SendAsync):

    1. AbpUserConfiguration/GetAll
    2. RefreshToken
    3. AbpUserConfiguration/GetAll
    • Startup screen closes and my main view starts
    1. Profile/GetProfilePictureById
    2. RefreshToken
    3. Profile/GetProfilePictureById
    4. RefreshToken

    => "Error user not logged in"

  • User Avatar
    0
    mika created

    Now I took the refreshToken from mobile app, and with postman I was able to get new access token. But with that token, I got Unauthorized access with api call /api/services/app/User/GetUserForEdit?Id=5.

    How tenancy is handled with apicalls?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    Thank you for your detailed explanation and sorry for this problem. As far as I remember, Tenancy must be handled using the request URL.

    We will test this and get bck to you as soon as possible.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    With the latest version, this should work correctly. Could you try that ?

  • User Avatar
    0
    mika created

    Hi **@ismcagdas **

    Could you tell me how did you test this as you said 4 months ago?

    What is changed in latest version that should affect this problem?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mika

    It seems like our test was wrong. Could this be your case as well https://support.aspnetzero.com/QA/Questions/8565#answer-4f793627-e759-d917-ba1c-39f3ad5d7aa9 ?

    But, I couldn't reproduce it on Angular project.