Open Closed

Impersonaton issue after migrating to Redis cache manager #9529


0
shipserv created

Hi AspNetZero,

Thank you for responding to your inquiries. And here's another one.

Recently, we switched from in-memory cache to Redis cache and docker setup but impersonation is suddently not working as seen below. Do you have a clue on what's causing this issue?

Regards, Allan


26 Answer(s)
  • 0
    zony created
    Support Team

    Hi,shipserv Is your problem caused by switching to Redis? I learned from log information that IAbpSession did not obtain tenant information.

  • 0
    shipserv created

    hi Zony,

    It's not related to Redis upon further investigation. Because we tested the codes with Redis on different environment (not docker) and it worked fine.

    Regards, Allan

  • 0
    zony created
    Support Team

    Hi shipserv, Do you think it is the reason for Docker? I will try to reproduce the problem in a Docker environment.

  • 0
    shipserv created

    Hi Zony,

    Yes, we think it is. Hope you can reprodue it asap as we are quite tight with the deadline.

    Here are the base docker images we use for frontend. FROM node:10-alpine AS build-stage FROM nginx:alpine

    and, FROM mcr.microsoft.com/dotnet/core/sdk:2.2 for backend

    We tried this approach https://support.aspnetzero.com/QA/Questions/7642/Nginx-and-AbpTenantId-TenantIdResolveKey-Issue but problem still exists on "Login as Tenant" with backend error as seen in the stacktrace above.The tenantId is still missing from the session.

    <br> Another issue we've seen so far is during switching tenant as seen below. The GetCurrentlyLoginInformation() returns "tenant":null as a response after successful switch. This is working on our existing environment (not docker).

    Please keep us posted. Thank you!

    Regards, Allan

  • 0
    zony created
    Support Team

    Hi shipserv, The Cookie resolver used by ABP by default, when the cookie does not have a corresponding Key, it will cause the resolution to fail. I'm trying to reproduce this problem, you can also try to carry TenantId in the request header, its default Key is "Abp.TenantId".

    Can you provide a screenshot of the cookie page of the debugging tool?

    Please confirm whether there is a corresponding Cookie Key.

  • 0
    shipserv created

    Hi Zony,

    please see screenshots below, hope this helps

    Regards,

    JP

  • 0
    shipserv created

    Hi Support,

    Good morning!

    Just following up on this. Any updates?

    Regards,

    JP

  • 0
    zony created
    Support Team

    Hi shipserv, I was busy on weekends and did not deal with relevant content. I will check this issue today.

  • 0
    shipserv created

    Thanks zony. :)

  • 0
    zony created
    Support Team

    Hi shipserv, Can you provide the Request Headers information of the GetCurrentLoginInformations method, like this. I have deployed to the Docker environment, but this has not happened.

  • 0
    zony created
    Support Team

    In addition, I observed that your TenantIdResolveKey has changed. Please confirm whether you have configured it in the module.This Key should be consistent with the front end. Is there a reverse proxy server such as NGINX in the front end of your API service?

  • 0
    shipserv created

    HI Zony,

    Here's the screenshot of the Request Header, I don't see the Abp TenantId

    Yes, we've modified the TenantIResolvekey. We removed the dot to see if it will work. We've seen posts with similar issues and that worked for them. But on our side, it does not work.

  • 0
    zony created
    Support Team

    Can you provide a usable TenancyName? I want to check on your website whether the request header is really missing. ABP Zero will also get the tenant Id from the header to work when the cookie does not work.

  • 0
    zony created
    Support Team

    At the same time, you can also write a test TestController, and write the following code in it to check whether the back-end service can get the Cookie or HTTP request header.

        public class Issue9529
        {
            public string CookieValue { get; set; }
    
            public string HeaderValue { get; set; }
        }
    
        [Route("/api/test")]
        public class TestController : AbpController
        {
            private readonly IHttpContextAccessor _httpContextAccessor;
            private const string TenantIdKey = "AbpTenantId"; // Change to yours.
    
            public TestController(IHttpContextAccessor httpContextAccessor)
            {
                _httpContextAccessor = httpContextAccessor;
            }
    
            [HttpGet]
            public Task<Issue9529> Get()
            {
                var response = new Issue9529
                {
                    CookieValue = _httpContextAccessor.HttpContext.Request.Cookies[TenantIdKey],
                    HeaderValue = _httpContextAccessor.HttpContext.Request.Headers[TenantIdKey]
                };
    
                return Task.FromResult(response);
            }
        }
    

    Send a request to the interface at the front end and observe the output of the interface.

  • 0
    shipserv created

    Hi Zony,

    Good morning! Hope you are well.

    Sure. Please try using TN-58715, Url is https://admin.shipservlabs.com

    Just to add to my previous response.

    • Yes, we configured the TenantIdResolveKey in the module as per Abp documentation. And yes, it's consistent with the front-end.
    • Yes, there is a reverse proxy.
      • It NGINX in the new Docker setup. This is the reason why we changed the TenantIdResolveKey as NGINX might have an issue with the Original format (with the dot).

    Best regards,

    JP Maniago

  • 0
    shipserv created

    Hi Zony,

    Noted on the TestController. We'll try it out and revert when we have the result.

    Best regards,

    JP Maniago

  • 0
    shipserv created

    Hi Zony,

    We tried running the same code locally and on the server where we have the docker setup. Cookie not picked up on the docker setup. Any idea why this is so?

    Best regards,

    JP Maniago

  • 0
    shipserv created

    Hi Zony,

    You stated earlier that you have successfully deployed AspNetZero in docker and works properly.

    "I have deployed to the Docker environment, but this has not happened."

    If you don't mind can you please share to us your Docker file you used so that we can compare with ours.

    Regards, Allan

  • 1
    zony created
    Support Team

    Of course, please wait, I will send you the Dockerfile and Docker Compose later.

  • 0
    shipserv created

    Hi Zony,

    Good morning!

    Just following up on the Dockerfile and Docker Compose, will you be able to share today?

  • 0
    zony created
    Support Team

    Hi shipserv, Sorry, because the network failure did not respond in time, the following are my related documents. Please ignore the image acceleration configuration of the Dockerfile. Frontend:

    FROM node as build-image
    RUN yarn config set registry 'https://registry.npm.taobao.org'
    WORKDIR /app
    COPY ./ ./
    
    RUN npm config rm proxy && npm config rm https-proxy & \
        yarn config delete proxy & \
        yarn config set sass-binary-site http://npm.taobao.org/mirrors/node-sass & \
        yarn config set registry https://registry.npm.taobao.org
    
    RUN yarn
    RUN yarn ng build --prod
    
    FROM nginx
    COPY --from=build-image /app/dist /usr/share/nginx/html
    COPY --from=build-image /app/default.conf /etc/nginx/conf.d
    

    default.conf:

    server {
        listen       80;
        server_name  localhost;
        client_max_body_size 1000m;
    
        location / {
            root   /usr/share/nginx/html;
            try_files $uri $uri/ /index.html last;
            index  index.html index.htm;
        }
    
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
    

    Backend:

    FROM mcr.microsoft.com/dotnet/core/sdk:3.1 as build-image
    
    WORKDIR /home/app
    COPY ./ ./
    RUN dotnet restore -s https://nuget.cdn.azure.cn/v3/index.json ./QADemo.All.sln
    RUN dotnet publish -c Release ./src/QADemo.Web.Host/QADemo.Web.Host.csproj -o /publish/
    
    FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
    WORKDIR /publish
    COPY --from=build-image /publish .
    
    ENTRYPOINT ["dotnet", "QADemo.Web.Host.dll"]
    

    Docker-Compose:

    version: '3.7'
    services:
      backend:
        image: issue9529-backend
        expose:
          - 5000
        container_name: issue9529-backend
        networks:
          - internal-network
      frontend:
        image: issue9529-frontend
        expose:
          - 80
        container_name: issue9529-frontend
        networks: 
          - internal-network
    
    networks:
      internal-network:
        external: true
    
  • 0
    shipserv created

    Hi Zony,

    No worries. Thank you for sharing.

    We'll try it out and revert immediately.

    Regards,

    JP Maniago

  • 1
    zony created
    Support Team

    I think I already know your problem, your situation is caused by cookies across domains.In my environment, I put them under the same domain name.I don't know why, your request does not seem to carry the request header, please try to upgrade to the latest version.If your front and back ends are deployed separately, I think you should use the request header to carry the tenant Id.

    server{
        listen 80;
        server_name issue9529.gd;
        underscores_in_headers on;
    
        location / {
            proxy_set_header Cookie $http_cookie;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    
            proxy_pass http://issue9529-frontend:80;
        }
    
        location /api {
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    
            proxy_pass http://issue9529-backend:5000;
        }
    
        location /AbpUserConfiguration {
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    
            proxy_pass http://issue9529-backend:5000;
        }
    
        location /swagger {
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-real-IP $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
    
            proxy_pass http://issue9529-backend:5000;
        }
    }
    
  • 0
    shipserv created

    Awesome! Thanks Zony.

    Will inform our infra team about this.

    Regards,

    JP Maniago

  • 0
    ismcagdas created
    Support Team

    Hi @shipserv

    Please reopen if your problem is not solved.

    Thanks,

  • 0
    shipserv created

    Hi Zony, ismcagdas

    Setting up both the front-end and back-end solved the impersonation issue.

    Sorry for the late notice.

    Thank you for your help.

    Regards,

    JP Maniago