Hi to all, I'm facing the annoying problem of certificate not trusted because it is a self-signed cert, while running Android app!
I found a workaround on the web (following this article: https://docs.microsoft.com/it-it/xamarin/cross-platform/deploy-test/connect-to-local-web-services) simply override ServerCertificateCustomValidationCallback property of NativeMessageHandler instance passed to AuthenticationHttpHandler inside ModernHttpClientFactory
But this kind of solution doesn't work as aspected, because the ServerCertificateCustomValidationCallback never call!
Googling more, I've encounterented ModernHttpClient Git repository that is apparently not supported anymore, and it's replaced by Paid version, that has a specific management for handlilng Untrusted certs.
How I can resolve this issue, without editing a lot of ANZ Solution's CodeBase.
This is significantly urgent for us! Many thanks!
Hi aaron, thanks for your reply.
We cannot reproduce issue in a systematic way ... it is happening sometimes ! More, we cannot reproduce issue with a fresh project, because the only way to test is with a huge traffic on API so ... in production environment.
I think that, the best option we have, could be answer to this question: in which case ABP cannot recognise current user and their permission event if user is correctly authenticated with a well-formed JWT token?
Please note that our solution is deployed in a IIS WebFarm with ARR and Load balancing. To ensure session persistence, we enabled RedisCache.
Many thanks!
Hi aaron,
I'm updating this thread only to inform that after upgraded to ABP 3.5, issue still present!
Just for recap, we are encountering problem with ABP Authorizations against a custom AppService, used by a third party service.
Even if the logged-in user has right permissions, sometimes WebApi Layer goes into 401 or simply reply with 200 but raising an Abp.Authorization.AbpAuthorizationException.
Are there someone facing the same issue?
Hi @aaron, it is difficult to provide further info on that issue ... since it is related to an in-depth feature of ABP. BTW, following scenario could help you to understand the facts:
What we noticed is that when this issue happening, Audit Log shows correctly it as a 401 error, but without showing username.
We also tried to debugging some calls with JWT obtained at step 1, and it's correctly identified as authenticated by JwtTokenMiddleware, but when request is managed by AuthotizationFilter it goes in 401 due to - apparently - insufficient permission; but the user already have right permissions!
Lastly, we also tried to perform another login just after the bad one, and all works perfectly!
If we upgrade to ABP 3.5 ... we have to make some changes on ANZ 4.1?
Hi all, we currently use ANZ 4.1.0 to serve a WebAPI access to a 3d party. Sometimes, counterpart says that API calls go in HTTP 401. We checked JWT for validity with <a class="postlink" href="http://jwt.io">http://jwt.io</a> and all seems ok. What we noticed, is the authentication pass successfully but authorization (permissions) seems not correctly retrieved. Since counterpart can't implement a retry mechanism, we have to figure out how to solve this issue on our side. Thanks!
Hi guys... I just did a retry to @ismcagdas's suggestion... and all works like a charm!
Maybe when I did try for the first time something was wrong in my implementation.
Thank you @ismcagdas and @aaron too!
<cite>ismcagdas: </cite> @fabiovalerio have you also implemented ITransientDependency interface like below ?
public class MyEventHandler : IEventHandler<EntityCreatedEventData<Setting>>, IEventHandler<EntityUpdatedEventData<Setting>>, ITransientDependency { ..... ..... }
yep! without any success ... but, honestly, I did a lot of tries ... so I'll give it a try and report back.
Furthermore, I already have another EventHandler against a custom entity that works perfectly without ITransientDependency inheritance!
<cite>aaron: </cite> What have you tried?
I did create a class that implements IEventHandler<EntityCreatedEventData<Setting>>, IEventHandler<EntityUpdatedEventData<Setting>>
but interface's methods are never called!
Hi all,
I'm trying to handle entity events against"Setting" entity, without success.
I need to be notified when a specific setting is changed per user, so I thought that using EventBus would be a good way to do that.
Isn't it?
Any solutions?
Thanks!
As said at beginning of this thread, we need to allow access to our WebAPI to a third-party service. To do so, we like to use login mechanism offered by SingleSinIn where login form redirects to a specific URL passing through accessToken, memberId and tenantId. Moreover, accessToken has to be valid for 20 minutes and each request made on our webApi have to extend token validity for 20 minutes more, without releasing a new accessToken.
In this scenario, it was helpful to use SignInToken and check its validity!