Open Closed

Cannot login through api #1179


User avatar
0
RonaldR created
  • ABP Framework version: v4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:
  • I am able to login to the website using a username and password and tenantId. when i go to the api and try to login using /api/account/login
  • { "userNameOrEmailAddress": "Ronald", "password": "1q2w3E*", "rememberMe": true, "tenanId": "39f90dee-0f5e-0845-7356-36a8a3b8496d" }

application/json

when i run this from visual studio i get back a 400 with no data and when i run it from iis i get back a 400 and the response is the body of the html page to display a message: Internal Server Error

when the tenant that belongs to that id is selected and the user name and pasword are entered in the login screen it works fine. we have an extenral application that is trying to login using out applications user login, needs data from a couple of our APIs, so what am i doing wrong?

2021-04-12 12:48:47.821 -05:00 [INF] Executing endpoint 'Volo.Abp.Account.Public.Web.Areas.Account.Controllers.AccountController.CheckPassword (Volo.Abp.Account.Pro.Public.Web)'
2021-04-12 12:48:47.831 -05:00 [INF] Route matched with {area = "account", controller = "Login", action = "CheckPassword", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Account.Public.Web.Areas.Account.Controllers.Models.AbpLoginResult] CheckPassword(Volo.Abp.Account.Public.Web.Areas.Account.Controllers.Models.UserLoginInfo) on controller Volo.Abp.Account.Public.Web.Areas.Account.Controllers.AccountController (Volo.Abp.Account.Pro.Public.Web).
2021-04-12 12:48:47.843 -05:00 [ERR] The required antiforgery header value "RequestVerificationToken" is not present.
2021-04-12 12:48:47.844 -05:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
2021-04-12 12:48:47.857 -05:00 [INF] Executing HttpStatusCodeResult, setting HTTP status code 400
2021-04-12 12:48:47.857 -05:00 [INF] Executed action Volo.Abp.Account.Public.Web.Areas.Account.Controllers.AccountController.CheckPassword (Volo.Abp.Account.Pro.Public.Web) in 20.2611ms
2021-04-12 12:48:47.857 -05:00 [INF] Executed endpoint 'Volo.Abp.Account.Public.Web.Areas.Account.Controllers.AccountController.CheckPassword (Volo.Abp.Account.Pro.Public.Web)'
2021-04-12 12:48:47.914 -05:00 [INF] Request finished HTTP/1.1 POST http://localhost/api/account/checkPassword application/json 123 - 302 - - 161.6186ms
2021-04-12 12:48:47.927 -05:00 [INF] Request starting HTTP/1.1 GET http://localhost/Error?httpStatusCode=400 - -
2021-04-12 12:48:47.970 -05:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2021-04-12 12:48:47.978 -05:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
2021-04-12 12:48:48.808 -05:00 [INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml.
2021-04-12 12:48:48.894 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.SettingManagement
2021-04-12 12:48:48.897 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: LeptonThemeManagement.Settings
2021-04-12 12:48:48.899 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpAccount.SettingManagement
2021-04-12 12:48:48.899 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.Roles
2021-04-12 12:48:48.900 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.Users
2021-04-12 12:48:48.900 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.OrganizationUnits
2021-04-12 12:48:48.900 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.ClaimTypes
2021-04-12 12:48:48.900 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.SecurityLogs
2021-04-12 12:48:48.900 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: AuditLogging.AuditLogs
2021-04-12 12:48:48.902 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Saas.Tenants
2021-04-12 12:48:48.908 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: IdentityServer.Client
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: IdentityServer.ApiResource
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: IdentityServer.IdentityResource
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: IdentityServer.ApiScope
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: LanguageManagement.Languages
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: LanguageManagement.LanguageTexts
2021-04-12 12:48:48.909 -05:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: TextTemplateManagement.TextTemplates
2021-04-12 12:48:48.918 -05:00 [INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
2021-04-12 12:48:48.930 -05:00 [INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 126.0182ms.
2021-04-12 12:48:48.931 -05:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 951.9352ms
2021-04-12 12:48:48.931 -05:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2021-04-12 12:48:48.933 -05:00 [INF] Request finished HTTP/1.1 GET http://localhost/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 1005.4083ms

7 Answer(s)
  • User Avatar
    0
    RonaldR created

    i did notice this error: 2021-04-12 12:48:47.843 -05:00 [ERR] The required antiforgery header value "RequestVerificationToken" is not present.

    based on this article i made the code change suggested: https://support.abp.io/QA/Questions/802/Issues-deploying-application-to-test-server context.Services.AddAuthentication() .AddJwtBearer(options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ; options.Audience = "WorkflowDemo"; options.BackchannelHttpHandler = new HttpClientHandler() { ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator }; }); this did not solve the issue either.

  • User Avatar
    0
    RonaldR created

    Lastly, once i login, do i get backa token topass in to other calls? it is just a matter of adding a authentication: bearer <token> to the header?

  • User Avatar
    0
    alper created
    Support Team Director

    hi Ronald,

    yes you just need to pass the token as seen below

    I took this screenshot from https://commercial.abp.io/demo

    also there's a ConsoleTestApp in your Test folder. You can check that to learn how to consume APIs from C#

  • User Avatar
    0
    RonaldR created

    what i am looking for is an example of how to login from javascript. so for example, i put the site up on iis, the people can login through the website, it all works. we havce a third party application that needs to login and access out data, they are trying to provide the tenant id, user name, and password and get back the bearer token. where can i find an example of how to do that, because as you read in my first message in this chain, that process does not see to work how i am doing it. i cannot even get it to work through the swagger

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi RonaldR

    You should use abp.ajax in javascript, it automatically adds anti forgery token to the HTTP header to satisfy CSRF protection validation on the server side.

    https://docs.abp.io/en/abp/latest/UI/AspNetCore/JavaScript-API/Ajax

  • User Avatar
    0
    RonaldR created

    is the an abp library for react?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Not yet.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54