Activities of "kylem"
- What is your product version? 10.4.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
Hi, I tried using Power Tools, followed documentation, installed the Tools and tried creating entity. All looks good, I am able to run the tool, I defined entity with few properties but when I run 'Generate' button, tool exits without any error, and all looks good but nothing actually happens.
I checked Tools log files and I always find just those 2 lines:
DEBUG 2021-11-28 18:57:14,689 [1 ] dioExtension.Dialogs.EntityGeneratorForm - Generate entity started.
DEBUG 2021-11-28 18:57:16,429 [1 ] dioExtension.Dialogs.EntityGeneratorForm - Entity successfully generated.
No errors.
I am using Visual Studio 2019.
So, what I am doing wrong?
Thanks, Predrag
- What is your product version? 10.4.0
- What is your product type (Angular or MVC)? Angular
- What is product framework type (.net framework or .net core)? .net core
- What is ABP Framework version? Abp.AspNetZeroCore: 3.0.0, Abp: 6.4.0
Hi, we tried to configure our application to authenticate users using Open ID Connect using Auth0 as provider but got following error:
ERROR 2021-11-24 13:12:11,193 [23 ] Mvc.ExceptionHandling.AbpExceptionFilter - IDX20803: Unable to obtain configuration from: 'System.String'.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'System.String'. HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'.
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Abp.AspNetZeroCore.Web.Authentication.External.OpenIdConnect.OpenIdConnectAuthProviderApi.ValidateToken(String token, String issuer, IConfigurationManager`1 configurationManager, CancellationToken ct)
at Abp.AspNetZeroCore.Web.Authentication.External.OpenIdConnect.OpenIdConnectAuthProviderApi.GetUserInfo(String token)
...
Authentication was working fine when we tried similar setup with Okta as provider.
After our analysis, it turned out that cause of the issue is same as in ticket 9789: https://support.aspnetzero.com/QA/Questions/9789/Azure-B2C-OpenId-new-user-login-failing
So we followed the suggestion in that ticket (re-implementing OpenIdConnectAuthProviderApi) and that at least partially resolved our issues.
The problem seems to be in current logic used in OpenIdConnectAuthProviderApi, GetUserInfo() method, when Issuer URL is created by appending string '/.well-known/openid-configuration' to pre-configured value of the 'Authority' parameter.
In our case that value already has slash (/) characater at the end and when string '/.well-known/openid-configuration' is appended, it creates URI with double slash character which returns 'page not found'
If we remove one slash character - all is good and correct openid configuration is returned in an call
So we applied small tweak to the logic like this:
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
issuer + (issuer.EndsWith("/") ? ".well-known/openid-configuration" : "/.well-known/openid-configuration"),
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever());
but as I mentioned, it resolved issue just partially for us - only for cases when configuration parameter "AllowSocialLoginSettingsPerTenant" is set to true.
In this scenario, I was able to implement my version of OpenIdConnectAuthProviderApi based on source code that was provided in ticket 9789, and instantiate this version inside TenantBasedOpenIdConnectExternalLoginInfoProvider class.
However, ideally, we would like to use same Open ID Configuration for all of our tenants, and thus avoid setting it for each tenant, but for that case I was not able to find a way how to override default OpenIdConnectAuthProviderApi implementation.
in any case,to me this looks like a functionality that can be improved in the OpenIdConnectAuthProviderApi (as we see this is not happening only with Auth0, but with other providers as mentioned in ticket 9789)
Thanks and regards, Predrag
I guess we can close this issue for now
Thanks. We were able to get users authenticated by using LdapConnection instead of PrincipalContext in TryAuthenticateAsync(). We still need to work on overriding other methods from LdapAuthenticationSource, like UpdateUserAsync(). in any case, it would be nice to have implementation provided by the framework. Regards, Predrag
Hi, I did try your suggestion and I did debug it but ended up with the same exception and pretty much same conclusion that openLDAP is not supported.
I tried initializing PrincipalContext with different parameters and using various ContextOptions, but that didn't help me resolving the issue.
One thing I noticed for PrincipalContext class is that it seems it is supported on Windows platform only:
Would you guys have any suggestion on alternative way of authenticating against openLDAP (e.g using some other .net classes instead of PrincipalContext)? Is there any plan on your side to look into this and provide some solution?
Thanks, Predrag
- What is your product version?: API: v10.4.0 | Client: v10.5.0 [20211006]
- What is your product type (Angular or MVC)?: Angular
- What is product framework type (.net framework or .net core)?: .net core
- What is ABP Framework version? 6.4.0
Hi, I tried configuring the app to authenticate agains openLDAP, for that I followed the guid: https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Active-Directory
When I tested it I was getting following error:
"ERROR 2021-10-26 18:35:01,333 [107 ] Mvc.ExceptionHandling.AbpExceptionFilter - Object reference not set to an instance of an object.",
"System.NullReferenceException: Object reference not set to an instance of an object.",
" at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)",
" at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()",
" at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)",
" at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.CreatePrincipalContext(TTenant tenant)",
" at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.TryAuthenticateAsync(String userNameOrEmailAddress, String plainPassword, TTenant tenant)",
" at Abp.Authorization.AbpLogInManager`3.TryLoginFromExternalAuthenticationSourcesAsync(String userNameOrEmailAddress, String plainPassword, TTenant tenant)",
" at Abp.Authorization.AbpLogInManager`3.LoginAsyncInternal(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)",
" at Abp.Authorization.AbpLogInManager`3.<>c__DisplayClass36_0.<<LoginAsync>b__0>d.MoveNext()",
"--- End of stack trace from previous location ---",
I searched up other similar issues, and did make sure that Username and email are populated in LDAP, as this was issue few users encountered. However, this seems to be a bit different, as exception is thrown from .LdapAuthenticationSource.CreatePrincipalContext()
One issue which I found and seems related is this: https://github.com/dotnet/runtime/issues/27160
and from it looks like that PrincipalContext cannot work with OpenLDAP (which we use internally). Is that correct? What option do we have?
Regards, Predrag