Activities of "Web2workNL"
We use the default FeatureChecker implementation to check if features are enabled for tenants. Next to this we use the RequiresFeature Attribute on almost all our AppServices. We don't know how this Attribute is implemented behind the scenes.
We don't know where this behavior comes from so it is hard to answer your second question. We only know the end result as we pointed out in the original post. We did suspect using DisableFilter for MayHaveTenant/MustHaveTenant or when using SetTenantId on the CurrentUnitOfWork but were unable to reproduce it using these scenarios.
We also have the assumption that the data gets corrupted only when the cache has expired and data is re-added through either GetTenantFeatureCacheItemAsync or GetTenantFeatureCacheItem.
In summary, we know the end result but not what leads to this.
We are running into caching issues with our application. The problem seems equal to the problem mentioned by another customer https://support.aspnetzero.com/QA/Questions/8897.
AbpZeroTenantFeatures returnzs the wrong entries for a given tenant (Mismatched from what is in the database). Clearning the cache updates a tenants features to the proper list again. Then it will be fine for a period of time and then start returning incorrect features for a tenant until we clear the cache again.
We were running ABP 4.8.1 and have already upgraded to 4.12.0 but this did not solve the problem. Also, we experience this problem with in memory caching and Redis caching.
When we check the cache contents of AbpTenantFeatures for tenant 1 this normally contains the following:
{
"EditionId": 1,
"FeatureValues": {
"App.NarrowcastingFeature": "true",
"App.NarrowcastingMaxScreenCount": "10"
}
}
This corresponds to the TenantFeatureSettings stored in the database for this tenant:
At the moment the cache is “corrupted” for tenant 1 it contains te following:
{
"EditionId": 1,
"FeatureValues": {
"App.AbsenceReporter": "false",
"App.Calendar": "false",
"App.MessagingFeature": "false",
"App.NarrowcastingFeature": "true",
"App.NarrowcastingMaxFeedCount": "2",
"App.NarrowcastingMaxScreenCount": "3",
"App.PrivacyFeature": "false",
}
}
We checked AbpFeatureValueStore.GetTenantFeatureCacheItemAsyncto see if something goes wrong there. The code that gets the features from the database looks ok:
using (var uow = _unitOfWorkManager.Begin())
{
using (_unitOfWorkManager.Current.SetTenantId(tenantId))
{
var featureSettings = await _tenantFeatureRepository.GetAllListAsync();
foreach (var featureSetting in featureSettings)
{
newCacheItem.FeatureValues[featureSetting.Name] = featureSetting.Value;
}
await uow.CompleteAsync();
}
}
However, it seems that the tenant filter is not applied at the moment the problem occurs. We think this is the case because when all TenantFeatureSettings are returned from the database, the last value returned from the table for that setting will be set in the FeatureValues dictionary.
A small LinqPad script that does the same:
// Get tenant features for all tenants
var features = AbpFeatures.Where(f => f.Discriminator == "TenantFeatureSetting").OrderBy(f => f.Id).ToList();
// populate dictionary
var d = new Dictionary<string,string>();
foreach (var feature in features)
{
d[feature.Name] = feature.Value;
}
// show results
d.Dump();
Result:
The result is exactly the same as the items found in the "corrupted" cache.
Now the big question is: why would the tenant filter not be applied? Is there any circumstance that _unitOfWorkManager.Current.SetTenantId(tenantId) does not work? E.g. when we disable the tenant filter? Or when we set the tenant Id ourselves earlier?
Hello,
We are currently working on a project that uses IdentityServer and ASP.NET Zero. This is the first time I am using these techniques and I am not sure whether I understand these concepts correctly.
Our goal is to provide an authentication/authorization platform for clients in which users can use their authentication cookie of an external identity provider to check whether they have a valid license. These licenses are managed in our portal. The workflow would look like something like this:
- At the (external) client website, a user wants to open a part of the website that requires a valid license.
- The client website contacts our platform and navigates to the IdentityServer.
- The IdentityServer redirects to the external identity provider (uses SAML2).
- The external IDP authenticates the user and returns a cookie that contains the (external) user identifier.
- Using the user identifier in this cookie, the user gets authenticated in ABP (this user already exists, as they are imported using a background job and are assigned to licenses. This import also sets the AbpUserLogin with the correct provider and provider key).
- With the authenticated user, it is possible to retrieve the assigned licenses. These are added to the result as claims.
- The clients retrieves a response from the IdentityServer including the license claims.
I have started experimenting with the startup template of ASP.NET Zero but my lack of experience with these concepts makes it difficult to determine whether I am on the right track. I am able to use a MVC client to contact the IdentityServer of the ABP project and am successfully getting authenticated using the external Idp (using the SAML2 package of Sustainsys) but am unable to authenticate in Abp. Also, I am not sure how this authentication is related to the External Login Providers that Abp already provides (the social logins for Google, Facebook etc.). Should I somehow add a new provider? I have tried to build an ExternalAuthenticateModel and use the ExternalAuthenticate method in the TokenAuthController to authenticate but am not sure if this is the way to go.
I hope that there is someone here who has a little more experience with this and can tell me if I'm on the right track.
Kind regards, Nick