Base solution for your next web application
Open Closed

Authorization problems after update #7862


User avatar
0
FlexSolution created

We have a new developer on the team and he can't access the edit functions.

We've analyzed the whole thing. The fact is that if you don't use an old database but create a new one by migration, there are permission problems in the application. We then tested this with the other developers as well. They all deleted the database once and then simply had a new one created using migration.

No one has more access to the service we created. The only possibility is to remove "[AbpAuthorize(AppPermissions.XXX)]". It mainly affects the edit.

Could somebody please try this on their own?

Have there been any changes since version 7.0 that could cause this?

We had version 6.9 before and changed to 7.2.2 a couple of weeks ago.

We use the Core + Angular version.


8 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @FlexSolution

    Do you have any LOGS in log file (App_Data/Logs/Logs.txt) ?

  • User Avatar
    0
    FlexSolution created

    I found the logs.txt, this is from file:

    INFO  2019-10-19 15:37:49,929 [20   ] soft.AspNetCore.Hosting.Internal.WebHost - Request starting HTTP/1.1 POST http://localhost:22742/api/services/app/Customers/CreateOrEdit application/json-patch+json 1895
    INFO  2019-10-19 15:37:49,929 [20   ] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution failed.
    INFO  2019-10-19 15:37:49,929 [20   ] pNetCore.Cors.Infrastructure.CorsService - Request origin http://localhost:22742 does not have permission to access the resource.
    INFO  2019-10-19 15:37:49,933 [20   ] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'FlexSped.Customers.CustomersAppService.CreateOrEdit (FlexSped.Application)'
    INFO  2019-10-19 15:37:49,936 [20   ] ore.Mvc.Internal.ControllerActionInvoker - Route matched with {area = "app", action = "CreateOrEdit", controller = "Customers"}. Executing action FlexSped.Customers.CustomersAppService.CreateOrEdit (FlexSped.Application)
    INFO  2019-10-19 15:37:49,936 [20   ] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution failed.
    INFO  2019-10-19 15:37:49,936 [20   ] pNetCore.Cors.Infrastructure.CorsService - Request origin http://localhost:22742 does not have permission to access the resource.
    
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    • Are you hosting your app on http://localhost:22742 address ?
    • Are you hosting your apps in a single website or seperate websites ? Could you share their addresses ?
    • Are you using merged solution ?

    Normally Angular client app must be hosted on localhost:4200 and API on localhost:22742. These are default values. In such case, request origin must be localhost:4200, not localhost:22742.

  • User Avatar
    0
    FlexSolution created

    This has nothing to do with the problem.

    If I test directly via Swagger then the error is triggered via the API and therefore the port of the API is in the log.

    Of course it doesn't work with Angular too.

    As I said before, it only affects the edit pages. Create and delete are no problem.

    We continued to monitor the logs and found the following error message: Mvc.ExceptionHandling.AbpExceptionFilter - Missing type map configuration or unsupported mapping.

    Is anything different on the Automapper since the update, so that this problem can arise?

  • User Avatar
    0
    ryancyq created
    Support Team

    Hi, are you able to show more details on the exception in the log?

    Mvc.ExceptionHandling.AbpExceptionFilter - Missing type map configuration or unsupported mapping

    AutoMapper usually includes the missing types in the exception.

  • User Avatar
    0
    FlexSolution created

    OK, I check on mapings, and add .ReverseMap() where is missing, and look like problem is gone for missing type map.

    Initial problem, from begining, is when I drop DB, and create new one with all migrations, and run FlexSped.Web.Host in debug mode, when login through swagger to test API, with default tenant, admin username and password (123qwe), get this:

    Any help with that?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @FlexSolution,

    Sorry for the late reply. Did you clear your browser cookies after creating DB from scratch ?

    Thanks,

  • User Avatar
    0
    FlexSolution created

    We have not deleted the cookies. The problem is no longer present.

    Maybe it was the cookies.