ABP Framework version: v7.0.2
UI type: Blazor Server
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Exception message and stack trace: Blazor logs: 2023-02-27 17:50:24.528 +00:00 [INF] Received HTTP response headers after 118.4314ms - 200 2023-02-27 17:50:24.528 +00:00 [INF] End processing HTTP request after 118.6985ms - 200 2023-02-27 17:50:24.538 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing HttpApi.Host logs: 2023-02-27 17:50:24.169 +00:00 [INF] Request starting HTTP/1.1 GET https://localhost:44397/api/abp/application-configuration?IncludeLocalizationResources=False&api-version=1.0 - - 2023-02-27 17:50:24.178 +00:00 [INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired. ValidTo: '2/24/2023 11:31:19 PM', Current time: '2/27/2023 5:50:24 PM'. at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable
1 notBefore, Nullable1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable1 notBefore, Nullable1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown) --- End of stack trace from previous location --- at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() 2023-02-27 17:50:24.178 +00:00 [INF] Bearer was not authenticated. Failure message: IDX10223: Lifetime validation failed. The token is expired. ValidTo: '2/24/2023 11:31:19 PM', Current time: '2/27/2023 5:50:24 PM'.Steps to reproduce the issue: Generate a tiered solution with LeptonX theme with ABP Suite
Some time (let's say an hour) after signing in users can't access protected pages, and menu items are missing.
I updated Volo.Abp.AspNetCore.Components.Server.LeptonXTheme and Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX to 2.2.0-preview20230224, and the rest of Volo packages to 7.1.0-rc.2 and the issue is still there.
The only thing that temporarily makes permissions work again is clearing cookies and flushing Redis cache.
The issue is similar to these: https://github.com/abpframework/abp/issues/14068 https://support.abp.io/QA/Questions/4348/Permission-get-lost-during-application-running https://support.abp.io/QA/Questions/4561/Strange-ConnectionCaching-Behavior
6 Answer(s)
-
0
hi
I will find a way.
-
0
hi
The only thing that temporarily makes permissions work again is clearing cookies and flushing Redis cache.
After that, refreshing the page will work.
options.Events.OnValidatePrincipal
context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); options.Events.OnValidatePrincipal = async principalContext => { if (principalContext.Principal != null && principalContext.Principal.Identity != null && principalContext.Principal.Identity.IsAuthenticated) { var accessToken = principalContext.Properties.GetTokenValue("access_token"); if (accessToken.IsNullOrWhiteSpace()) { principalContext.RejectPrincipal(); await principalContext.HttpContext.SignOutAsync("Cookies"); return; } var httpClient = principalContext.HttpContext.RequestServices.GetRequiredService<IHttpClientFactory>().CreateClient(); var response = await httpClient.IntrospectTokenAsync(new TokenIntrospectionRequest { Address = configuration["AuthServer:Authority"] + "/connect/introspect", ClientId = configuration["AuthServer:ClientId"], ClientSecret = configuration["AuthServer:ClientSecret"], Token = accessToken }); if (!response.IsActive) { principalContext.RejectPrincipal(); await principalContext.HttpContext.SignOutAsync("Cookies"); } } }; }) .AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.ClientId = configuration["AuthServer:ClientId"]; options.ClientSecret = configuration["AuthServer:ClientSecret"]; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("roles"); options.Scope.Add("email"); options.Scope.Add("phone"); options.Scope.Add("BookStore"); }); -
0
Hi Thank you for quick response.
So far looks good, I'll give it a day or two to test it and if I don't run into any issues, I'll close the question.
-
0
Thanks
-
0
Works like a charm. Thank you!
-
0
hi
https://github.com/abpframework/abp/pull/15876
