Login error when upgrading to v8.0.0 #6425 | Support

duyan11110 created one year ago

ABP Framework version: v8.0.0
UI Type: MVC
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace: I am upgrading ABP from v7.3.0 to v8.0.0 and getting this error when login. Pls help

[web_bd1ce1f9-2]: [18:00:24 INF] Request starting HTTP/1.1 GET http://mzh.mhibs.web:7004/Account/Login - null null
[web_bd1ce1f9-2]: [18:00:24 INF] Executing endpoint 'MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web)'
[web_bd1ce1f9-2]: [18:00:24 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller MZH.MHIBS.Web.Controllers.AccountController (MZH.MHIBS.Web).
[web_bd1ce1f9-2]: [18:00:24 INF] Executing action method MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web) - Validation state: Valid
[web_bd1ce1f9-2]: [18:00:24 INF] Executed action method MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web), returned result Microsoft.AspNetCore.Mvc.ChallengeResult in 0.037ms.
[web_bd1ce1f9-2]: [18:00:24 INF] Executing ChallengeResult with authentication schemes (["oidc"]).
[web_bd1ce1f9-2]: [18:00:24 INF] AuthenticationScheme: oidc was challenged.
[web_bd1ce1f9-2]: [18:00:24 INF] Executed action MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web) in 4.7096ms
[web_bd1ce1f9-2]: [18:00:24 INF] Executed endpoint 'MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web)'
[web_bd1ce1f9-2]: [18:00:24 INF] Request finished HTTP/1.1 GET http://mzh.mhibs.web:7004/Account/Login - 302 0 null 5.572ms
[web_bd1ce1f9-2]: [18:00:25 INF] Request starting HTTP/1.1 POST http://mzh.mhibs.web:7004/signin-oidc - application/x-www-form-urlencoded 1586
[web_bd1ce1f9-2]: [18:00:25 WRN] '.AspNetCore.Correlation.zwwe_Ao2xW7750a7k0U1t8rW5pCQMvknu6aP7K0j1kw' cookie not found.
[web_bd1ce1f9-2]: [18:00:25 INF] Error from RemoteAuthentication: Correlation failed..
[web_bd1ce1f9-2]: [18:00:25 ERR] An unhandled exception has occurred while executing the request.
[web_bd1ce1f9-2]: Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
[web_bd1ce1f9-2]: ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: Correlation failed.
[web_bd1ce1f9-2]: --- End of inner exception stack trace ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.&lt;&gt;c__DisplayClass2_0.&lt;&lt;CreateMiddleware&gt;b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.&lt;&gt;c__DisplayClass2_0.&lt;&lt;CreateMiddleware&gt;b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.&lt;&gt;c__DisplayClass2_0.&lt;&lt;CreateMiddleware&gt;b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
[web_bd1ce1f9-2]: [18:00:25 INF] Request finished HTTP/1.1 POST http://mzh.mhibs.web:7004/signin-oidc - 500 null text/html; charset=utf-8 5.2675ms

7 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

You can try to use https instead of http.

Chrome will block some cookies during http.
0

duyan11110 created one year ago

Hi,

Changing to https is taking time, is there any way to use http. Everything's still OK before upgrading.
0

maliming created one year ago
Support Team Fullstack Developer

hi

I think you are using the identity server 4 right?

https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
-1

duyan11110 created one year ago

No, I am using OpenIdDict, but I already applied that solution and it worked fine before upgrading
0

maliming created one year ago
Support Team Fullstack Developer

hi

You better use https for all websites.

But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.

also need to call DisableTransportSecurityRequirement of openiddict.

https://support.abp.io/QA/Questions/3816/How-to-disable-https-in-openiddict#answer-0bea3600-1209-f831-3cbf-3a06f6fa86e0

duyan11110 created one year ago

But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.

I already applied this one for Web project, and I've just applied for AuthServer project, but still get the error:

public override void ConfigureServices(ServiceConfigurationContext context)
{
    var hostingEnvironment = context.Services.GetHostingEnvironment();
    var configuration = context.Services.GetConfiguration();

    if (!Convert.ToBoolean(configuration["App:DisablePII"]))
    {
        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
    }
    
    if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))//false in appsettings.json
    {
        Configure<OpenIddictServerAspNetCoreOptions>(options =>
        {
            options.DisableTransportSecurityRequirement = true;// Already had from old version
        }); 
    }

    context.Services.AddSameSiteCookiePolicy(); // just added this line
    ...
  }

And as I said above, everything's still OK before upgrading

0

maliming created one year ago
Support Team Fullstack Developer

hi

This is the browser's behavior, which has nothing to do with the abp version. The browser will block cookies that it thinks are unsafe.

You can see the warning message in the browser console.

I suggest you change the website to https. It won't take much time, but this is the best way to solve this problem.

Have an answer to this question? Log in and write your answer.