Open Closed

Token expiration not handled properly #4837


User avatar
0
isteer created

Hello Team,

OUR ABP CONFIGURATION:

ABP Framework version: v7.0.0 UI type: MVC DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): Tiered MVC

Issue: After staying idle on browser for long time, Session does not expire and take us to logout page. Token expiration not handled properly, it takes us to 404 error page. It should logout and go to login page once token get expired.

Check attach error screenshot.

Help us to configure token expiration and handling properly, so that user does not see error 404 page when token get expired after staying idle long in browser.


17 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    If the token expires, what happens if you access the identity/users page?

  • User Avatar
    0
    isteer created

    We get redirected to this error page.

  • User Avatar
    0
    isteer created

    If you available can we do zoom meeting. So that you can check if the code is properly configured to handle token expiration, we want user to auto redirect to login page once token get expired.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Can you share the full logs? (Authserver, HttpApi.Host, Web) shiwei.liang@volosoft.com

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can try this:

    public class AccountController : ChallengeAccountController
    {
        public override Task<IActionResult> AccessDenied(string returnUrl = "", string returnUrlHash = "")
        {
            return Task.FromResult<IActionResult>(Challenge(new AuthenticationProperties { RedirectUri = GetRedirectUrl(returnUrl, returnUrlHash) }, ChallengeAuthenticationSchemas));
        }
    }
    
  • User Avatar
    0
    isteer created

    Which place need to add, have three account controller in the system as of now.

    Also what returnURL and returnHash need to be passed here?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Please add the to the Web project.

    Also what returnURL and returnHash need to be passed here?

    After login it can redirect to the previous page, It is recommended that you pass parameters

  • User Avatar
    0
    isteer created

    Not able to get it correctly, In Phoneix.GTCManagement.Web Project we have empty account controller, If I add the above code it shows this error

    Also how this AccessDenied api will be called and from where and what to pass parameters?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Sorry, try this:

    public class AccountController : AbpAccountImpersonationChallengeAccountController
    {
        [HttpGet]
        public Task<IActionResult> AccessDenied(string returnUrl = "", string returnUrlHash = "")
        {
            return Task.FromResult<IActionResult>(Challenge(new AuthenticationProperties()));
        }
    }
    

    Also how this AccessDenied api will be called and from where and what to pass parameters?

    This is handled by OpenIdConnectHandler:

  • User Avatar
    0
    isteer created

    Hello,

    Can not find OpenIdConnectHandler in the project. Can you help me to locate it?

    Thanks

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    It's a class of ASPNETCore: https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs

  • User Avatar
    0
    isteer created

    Okay, But as I can not relocate this class in my project, where should I add that code that you shared above.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Also how this AccessDenied api will be called and from where and what to pass parameters?

    I just answer the question, you don't need to do it yourself.

  • User Avatar
    0
    isteer created

    Okay so we just need to add in accountcontroller no need to handle openconnecthandle thing.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    yes,

    Sorry, my bad, I copied the wrong code before, please try this:

    public class AccountController : AbpAccountImpersonationChallengeAccountController
    {
        [HttpGet]
        public Task<IActionResult> AccessDenied(string returnUrl = "", string returnUrlHash = "")
        {
            return Task.FromResult<IActionResult>(Challenge(new AuthenticationProperties { RedirectUri = GetRedirectUrl(returnUrl, returnUrlHash) }, ChallengeAuthenticationSchemas));
        }
    }
    
  • User Avatar
    0
    isteer created

    Okay, only this we need to add, rest it will take care of session/token expiration right?

    I am adding this in account controller and going to deploy this to test it

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    ok

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35