@alper, thanks for looking into this issue. After doing in depth assessment on it, I found that other dev mistakenly included jQuery in folder Area/Mpa/Common/Scripts which was conflicting with the jQuery we already have. Removing this file, resolved my issue.
Were you guys able to regenerate this issue?
@ismcagdas
- Does user have permission to that specific page ?
Yes, user has access to that page.
- Is that page belongs to a Tenant or Host side ?
Multi tenancy is turned off in our application and only single tenant is using the application. So it belongs to a Tenant.
I'm sure this can be regenerated. Can you please try? I'm usingASP.NET MVC + jQuery App Version is: 5.4.0.0
<cite>alper: </cite> sometimes a firewall or tunnel connection can prevent sending the authentication cookie. especially if you use HTTPS and your tunnel forwarding is not HTTPS it might cause these kinds of problems.
Is it not supposed to happen even when we visit the URL directly? I don't think it is a firewall issue. Can you please explain how the user gets redirected to login if he is not authenticated? I tried to add breakpoints in many action method- Account/Login, Home/Index, Mpa/Index, Account/ExternalLoginCallback, Startup.cs but none gets a hit.
This is what I came up with. But it always return null. Even though user is active in database.
OnValidateIdentity = ctx =>
{
var dbContext = new ProjectLearnDbContext();
var userIdentifier = ctx.Identity.GetUserIdentifierOrNull();
if (userIdentifier != null)
{
var user = dbContext.Users.FirstOrDefault(x => x.Id == userIdentifier.UserId && x.TenantId == userIdentifier.TenantId);
if (user == null || user.IsActive == false)
{
ctx.RejectIdentity();
}
}
return Task.CompletedTask;
}
I checked what query is running in SQL using SQL Profiler and turns out to be-
SELECT TOP (1)
[Id] AS [Id],
[ProfilePictureId] AS [ProfilePictureId],
[ShouldChangePasswordOnNextLogin] AS [ShouldChangePasswordOnNextLogin],
[AuthenticationSource] AS [AuthenticationSource],
[UserName] AS [UserName],
[TenantId] AS [TenantId],
[EmailAddress] AS [EmailAddress],
[Name] AS [Name],
[Surname] AS [Surname],
[Password] AS [Password],
[EmailConfirmationCode] AS [EmailConfirmationCode],
[PasswordResetCode] AS [PasswordResetCode],
[LockoutEndDateUtc] AS [LockoutEndDateUtc],
[AccessFailedCount] AS [AccessFailedCount],
[IsLockoutEnabled] AS [IsLockoutEnabled],
[PhoneNumber] AS [PhoneNumber],
[IsPhoneNumberConfirmed] AS [IsPhoneNumberConfirmed],
[SecurityStamp] AS [SecurityStamp],
[IsTwoFactorEnabled] AS [IsTwoFactorEnabled],
[IsEmailConfirmed] AS [IsEmailConfirmed],
[IsActive] AS [IsActive],
[LastLoginTime] AS [LastLoginTime],
[IsDeleted] AS [IsDeleted],
[DeleterUserId] AS [DeleterUserId],
[DeletionTime] AS [DeletionTime],
[LastModificationTime] AS [LastModificationTime],
[LastModifierUserId] AS [LastModifierUserId],
[CreationTime] AS [CreationTime],
[CreatorUserId] AS [CreatorUserId]
FROM [dbo].[AbpUsers]
WHERE ((([TenantId] IS NULL) AND (0 IS NULL)) OR (([TenantId] IS NOT NULL) AND (([TenantId] = 0) OR (([TenantId] IS NULL) AND (0 IS NULL)))) ) AND (([IsDeleted] = 0) ) AND ([Id] = 2) AND (([TenantId] = 1) OR (([TenantId] IS NULL) AND (1 IS NULL)))
There are so many extra conditions which are not required and they are causing null to be returned. Looks like it is happening due to Data Filters. I tried disabling them as well but I cannot access CurrentUnitOfWork in Startup class.
How can I get the user entity here?
This looks like a solution for ASPNet Core. I am using ASP.NET MVC.
However, in my case I can use OnValidateIdentity in Startup.cs file. But I am not sure how can I validate user here since database seems to be not accessible from here.
@ismcagdas , Sent you an email. Can you please take a look at it today? Since "Release" does not work properly, we need to publish using "debug" as soon as we can.
Thanks!
Is it possible to implement something using SignalR where if a user gets disabled, server notifies browser and deletes the cookie?
@ryancyq That URL is not working anymore.
Also, for Cookie authentication, we have it so that it keeps sliding if user is active. So it may never expire sometimes and user may have access as long as they wants. You see the drawback here?