Activities of "kylem"
Hi,
We are at the point where we need OpenID Connect server enabled, and start integrating other apps within our ecosystem.
I see in some other posts I read that IdentityServer 4 will be removed and eventually replaced with OpenIddict, but that there is no definite timeline.
Would you be able to point us in some direction how to do it and integrate it with AspNetZero (links, blogs, any other information)?
Many thanks. We love your product.
Peja
Thanks for the confirmation. I will close the issue. Peja
Update:
I got it working by applying changes similar to what we did earlier for 'removing tenant from the login screen'.
I added following code to TokenAuthController.SendTwoFactorAuthCode() Can you please review and let me know if this is correct change and if something should be removed or added?
[HttpPost]
public async Task SendTwoFactorAuthCode([FromBody] SendTwoFactorAuthCodeModel model)
{
using (UnitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant))
{
var user = await _userManager.GetUserByIdAsync(model.UserId);
var tenantId = await _userManager.TryGetTenantIdOfUser(user.UserName);
//var cacheKey = new UserIdentifier(AbpSession.TenantId, model.UserId).ToString();
var cacheKey = new UserIdentifier(tenantId, model.UserId).ToString();
...
What is your product version? 11.0.0
What is your product type (Angular or MVC)? Angular
What is product framework type (.net framework or .net core)? .net core
Hi,
Recently we tried enabling 2FA Authentication.
It worked well for Host login - I was able to use email as a second factor in authentication
When I tried using GoogleAuthenticator in tenant login, after successfully passing first phase, I was presented with:
and after clicking the Submit I got: Security code could not be sent! error:
This might have something to do with the fact that we are using login without tenant (we made some modifications with your help in the past to achieve it).
Thanks, Peja
That was it :)
It looks like that Cloudflare will strip any header containing dot (.) character. So I searched it up a bit and realized that I can configure my app to use some other header name for TenandId.
I ended up adding this line into {MyApp}CoreModule.cs:
//Clouflare doesn't like default TenantIdResolveKey Abp.TenantId
Configuration.MultiTenancy.TenantIdResolveKey = "MyApp-TenantId";
Also, I changed this line in abp.js:
abp.multiTenancy.tenantIdCookieName = 'MyApp-TenantId';
Also, needed to adjust some test cases on server side that are utilizing TenandIdResolveKey
I tested it and it looks good when deployed with cloudflare.
Can you please confirm if those changes are enough?
Thanks again for the quick turnaround on this issue.
Peja
I just sent you an email with required information. We can provide additinal information. Thanks for your help, Peja
All tenants are using same domain
- What is your product version? 11.1.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
Until now we had our ASPNet.Core + Angular app running on AWS behind AWS Load Balancer and it worked fine. Recently we made change when our DNS is hosted by Clouflare and we are proxying calls to AWS Load Balancer.
We can deploy and run applicatin, however when we try impersonate login, we are getting error 500 internal server error.
This is the call that is failing in the browser
and on the Host side we are seeing this in logs:
"INFO 2022-11-03 20:53:42,610 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 OPTIONS http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 - - - 204 - - 0.3677ms",
"INFO 2022-11-03 20:53:42,690 [orker] Microsoft.AspNetCore.Hosting.Diagnostics - Request starting HTTP/1.1 POST http://api.cloud.denvrdata.com/api/TokenAuth/ImpersonatedAuthenticate?impersonationToken=0ab05a6d-52b9-4495-b98f-30cd17f0147d&d=1667508822061 application/json 0",
"INFO 2022-11-03 20:53:42,690 [orker] pNetCore.Cors.Infrastructure.CorsService - CORS policy execution successful.",
"INFO 2022-11-03 20:53:42,691 [orker] ft.AspNetCore.Routing.EndpointMiddleware - Executing endpoint 'DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate (DenvrDashboard.Web.Core)'",
"INFO 2022-11-03 20:53:42,693 [orker] c.Infrastructure.ControllerActionInvoker - Route matched with {action = \"ImpersonatedAuthenticate\", controller = \"TokenAuth\", area = \"\"}. Executing controller action with signature System.Threading.Tasks.Task`1[DenvrDashboard.Web.Models.TokenAuth.ImpersonatedAuthenticateResultModel] ImpersonatedAuthenticate(System.String) on controller DenvrDashboard.Web.Controllers.TokenAuthController (DenvrDashboard.Web.Core).",
"INFO 2022-11-03 20:53:42,701 [orker] osoft.EntityFrameworkCore.Infrastructure - Entity Framework Core 6.0.1 initialized 'DenvrDashboardDbContext' using provider 'Npgsql.EntityFrameworkCore.PostgreSQL:6.0.2+854d2438884c0bf3a4ba8ccde2c47f7ba1ea3a4c' with options: None",
"ERROR 2022-11-03 20:53:42,705 [orker] Mvc.ExceptionHandling.AbpExceptionFilter - Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
"System.Exception: Current tenant is different than given tenant. AbpSession.TenantId: , given tenantId: 3",
" at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.CheckCurrentTenant(Nullable`1 tenantId) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 113",
" at DenvrDashboard.Authorization.Impersonation.ImpersonationManager.GetImpersonatedUserAndIdentity(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Core\\Authorization\\Impersonation\\ImpersonationManager.cs:line 42",
" at DenvrDashboard.Web.Controllers.TokenAuthController.ImpersonatedAuthenticate(String impersonationToken) in C:\\Users\\PejaRadojkovic\\workspace\\denvrdata\\DenvrDashboard\\aspnet-core\\src\\DenvrDashboard.Web.Core\\Controllers\\TokenAuthController.cs:line 388",
" at lambda_method2457(Closure , Object )",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
" at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)",
I tried solutions to similar question suggested here: https://github.com/aspnetzero/aspnet-zero-core/pull/4198 but that didn't work (btw. we are already on the patched version of code).
Please let us know if you have any suggestion what we can do to resolve the issue.
Thanks, Peja
Thanks, that worked. Peja
Thanks, what is the easiest way of doing that? I've sent mail to [email protected] Thanks, Peja