Open Closed

Issue when login as a tenant #1020


User avatar
0
MarekH created

ABP Framework version: v4.2.0 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes Exception message and stack trace: Steps to reproduce the issue:

Hello, we are trying to resolve issue related to switching between host and customer DBs..

Our solution is deployed with host DB and separated Identity Server (IS) (running as separate microservice and using host DB). We would like to use Multi-tenant solution with separate DB for each tenant. We are trying to use centralized IS to handle all requests. We already created our custom override of CreateAsync method in TenantAppService to create some custom actions during tenant creation (tenant DB creation, running some seed methods, etc.). UpdateDefaultConnectionStringAsync is called too in our method to update SaasTenantConnectionStrings table in host DB.

So when we create new tenant from host app, there is a new tenant DB, SaasTenantConnectionStrings table in host DB contains correct connection string too. We have also a wildcard rule in IdentityServerClientRedirectUris table in IS.

When we access https://tenant1.ourappurl/ and click Login, we are redirected to the correct IS page with login. My question is: Can we identify the tenant using the domain resolver to direct to the tenant db once the authorization is completed on the centralised IS server?

Thanks a lot!


34 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    When we access https://tenant1.ourappurl/ and click Login, we are redirected to the correct IS page with login. My question is: Can we identify the tenant using the domain resolver to direct to the tenant db once the authorization is completed on the centralised IS server?

    Yes, you have the tenantId in the request header,so you can get and make a request to ITenantRepository for the name, connection strings etc.

  • User Avatar
    0
    MarekH created

    We have tried to login as tenant, login is successfully done however we got an error of Invalid_scope.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    This is error is not related with tenant but identityserver configuration.

    Check your identityserver logs for [ERR] containing invalid_scope. You are probably requesting a none-existing scope in your application.

  • User Avatar
    0
    MarekH created

    We have tried login as a tenant using below steps :

    • Download demo code from abp io site.
    • Create new tanant which is successfully created with database table
    • Create new tenant and try to login ,its working fine.

    We are unable to login tenant with tenant database in commercial version. However we followed the same steps which we are doing in the Non-Commercial Version.

    Our purpose is login as tenant with separate Database with Central Identity Server.

    Can you please provide a sample code for the same

  • User Avatar
    0
    alper created
    Support Team Director

    are you using subdomains for tenant selection in your test?

  • User Avatar
    0
    MarekH created

    We are removed the switch tenant from UI ,we are use subdomains in comaracial code

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    @MarekH

    Can you give more information about the issue?

    At which point do you get invalid_scope error?

  • User Avatar
    0
    MarekH created

    Actually we are trying to switch tenant on the basis of change in the URL , Instead of switching it from the popup modal which we have in the login. We have tried below things :-

    1. Created Custom tenant Resolver class also added {0}.maindomain.com specified this URL. As we found this solution to switch tenant autometically on the basis of URL.

    In current scenario we are getting that URL after login for example if we use

    tenant1.mydomain.com then after login we are redirecting to same tenant1.mydomain.com But tenant is not getting changed , We are still logged in as admin.

    Can you please help us.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    We have tried to login as tenant, login is successfully done however we got an error of Invalid_scope.

    This shows login happened for tenant6 admin user. Do you mean this doesn't work anymore either?

  • User Avatar
    0
    MarekH created

    We have tried to login as tenant, login is successfully done however we got an error of Invalid_scope.

    This shows login happened for tenant6 admin user. Do you mean this doesn't work anymore either?

    We have resolved this error but we are not able to login as tenant using url

  • User Avatar
    0
    MarekH created

    Actually we are trying to switch tenant on the basis of change in the URL , Instead of switching it from the popup modal which we have in the login. We have tried below things :-

    1. Created Custom tenant Resolver class also added {0}.maindomain.com specified this URL. As we found this solution to switch tenant autometically on the basis of URL.

    In current scenario we are getting that URL after login for example if we use

    tenant1.mydomain.com then after login we are redirecting to same tenant1.mydomain.com But tenant is not getting changed , We are still logged in as admin.

    Can you please help us.

    We are facing this issue while we are trying to login using url.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    To clarify:

    1. In tenant1.mydomain.com hit login
    2. Redirected to authserver.mydomain.com (identityserver), enter credentials for admin user and hit login
    3. Successfuly signed in and I am now redirected back to tenant1.mydomain.com.
    4. But logged in user is not tenant admin but the host admin?

    But tenant is not getting changed , We are still logged in as admin.

    I assume Host admin, not tenant admin.

    It might be related with cookies and application cache. Does it the same behaviour when you cleared the cookies and browser cache or in incognito mode?

  • User Avatar
    0
    MarekH created

    To clarify:

    1. In tenant1.mydomain.com hit login
    2. Redirected to authserver.mydomain.com (identityserver), enter credentials for admin user and hit login
    3. Successfuly signed in and I am now redirected back to tenant1.mydomain.com.
    4. But logged in user is not tenant admin but the host admin?

    But tenant is not getting changed , We are still logged in as admin.

    I assume Host admin, not tenant admin.

    It might be related with cookies and application cache. Does it the same behaviour when you cleared the cookies and browser cache or in incognito mode?

    Yes , It is same behaviour when we clear cookie.

    We are getting logged in as HostAdmin instead of tenant Admin

    We have used below method to enable tenant switching on the basis of URL:-

    Configure<AbpTenantResolveOptions>(options => { options.AddDomainTenantResolver("{0}.mydomain.com"); });

    Do we need anything else for switching tenant on the basis of URL?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Since you have created CustomTenantResolver, you need to add it as tenant resolver also.

    In your Web Module:

    Configure<AbpTenantResolveOptions>(options =>
    {
        options.TenantResolvers.Add(new MyCustomTenantResolveContributor());
    });
    

    You can also check custom tenant resolvers docs for more information.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi @MarekH

    Deos tenant1.mydomain.com and authserver.mydomain.com both use mydomain.com as domain?

  • User Avatar
    0
    MarekH created

    hi @MarekH

    Deos tenant1.mydomain.com and authserver.mydomain.com both use mydomain.com as domain?

    Yes both are in same domain

    Configure<AbpTenantResolveOptions>(options => { options.AddDomainTenantResolver("{0}.mydomain.com"); });

    We have added above method , to switch tenant autometically on the basis of URL change

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi @MarekH

    I am going to check your application remotely. Please tell me your available time. liming.ma@volosoft.com

  • User Avatar
    0
    MarekH created

    hi @MarekH

    I am going to check your application remotely. Please tell me your available time. liming.ma@volosoft.com

    Hi @Maliming

    We will available after an hour (02:00 PM IST) is this fine for you ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok. it's fine for me.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Have you checked this document?

    https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#domain-subdomain-tenant-resolver

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I will create demos that use domain names to resolve tenants. MVC and ANGULAR.

  • User Avatar
    0
    MarekH created

    I will create demos that use domain names to resolve tenants. MVC and ANGULAR.

    Ok Thank you.

  • User Avatar
    0
    alper created
    Support Team Director

    Thank you @maliming. it'll be useful for others as well.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    There is a problem in angular. It fixed in 4.3. https://github.com/abpframework/abp/issues/8231

    I will provide angular examples after 4.3, currently there are mvc and mvc tiered examples. https://github.com/maliming/DomainTenantResolver

  • User Avatar
    0
    AndrewT created

    @maliming - Is it possible to include the way to do unique user logins for multi-tenant in the demo you are building for this issue using sub domains?;

    https://support.abp.io/QA/Questions/917/Tenant-Login-Without-Selecting-Tenant-and-without-a-Hostname-specific-for-the-URL

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54