Error when upgrade to version 8.0.0 #6466 | Support

lan.dang created 10 months ago

ABP Framework version: v8.0.0
UI Type: Blazor Server
Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
Tiered (for MVC) or Auth Server Separated (for Angular): no
Exception message and full stack trace:
Steps to reproduce the issue:

I got some error in Permission modal:

I am unable to select other permission, just show only assigned role. How can I add more permission to user?
When Login as Tenant, I could not update pemission to user, it shows error about my customiize permission
When using JWT token, I have this configuration (it works in .net 7) but when upgrade to .net 8.0 I give error : [ERR] IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace

26 Answer(s)

0

lan.dang created 10 months ago

I solved #2 by following this answer : https://support.abp.io/QA/Questions/6422/Blazor-Server-Error-when-trying-to-edit-role-permissions

lan.dang created 10 months ago

I updated error log :

2024-01-09 11:46:35.114 +07:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
   at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
   at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
   at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at DruidAI.Blazor.Controllers.APIController.GetNextRequest(String server, String maxsize) in D:\Lan.Dang\Kwork.DruidAI\src\DruidAI.Blazor\Controllers\APIController.cs:line 342
   at lambda_method4317(Closure, Object)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
2024-01-09 11:46:35.114 +07:00 [WRN] Code:Volo.Authorization:010001
2024-01-09 11:46:36.685 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
Number of keys in Configuration: '0'. 
Exceptions caught:
 '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.

maliming created 10 months ago

Support Team Fullstack Developer

I am unable to select other permission, just show only assigned role. How can I add more permission to user?

How can I reproduce this in a new template project?

3

Please set IdentityModelEventSource.ShowPII = true; in your application and re-share the logs. Thanks.

 IDX10503: Signature validation failed. Token does not have a kid. 
 Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. 
 For more details, see https://aka.ms/IdentityModel/PII.]'. 
 
 Number of keys in TokenValidationParameters: '1'. 
Number of keys in Configuration: '0'. 
Exceptions caught:
 '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.

In fact, Your app can work without the jwtBearer authentication if you have the following code(AddValidation).


PreConfigure<OpenIddictBuilder>(builder =>
{
    builder.AddValidation(options =>
    {
        options.AddAudiences("ProductManagement");
        options.UseLocalServer();
        options.UseAspNetCore();
        
        options.Configure(validationOptions => 
        {
           // set validationOptions.TokenValidationParameters
        });
    });
});

lan.dang created 10 months ago

After enable ShowPII, it shows error :

2024-01-09 12:12:29.238 +07:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
   at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
   at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
   at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at DruidAI.Blazor.Controllers.APIController.GetNextRequest(String server, String maxsize) in D:\Lan.Dang\Kwork.DruidAI\src\DruidAI.Blazor\Controllers\APIController.cs:line 342
   at lambda_method5144(Closure, Object)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
2024-01-09 12:12:29.238 +07:00 [WRN] Code:Volo.Authorization:010001
2024-01-09 12:12:33.472 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
Number of keys in Configuration: '0'. 
Exceptions caught:
 '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.
2024-01-09 12:12:35.177 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
Number of keys in Configuration: '0'. 
Exceptions caught:
 '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.

The problem is that user can login but when check Authorize it could not pass: [Authorize(AIGeneratorPermissions.RunPluginRequest.RunPlugin)] public async Task

I need to setup JWT because my system is using public API that need to include token

0

maliming created 10 months ago
Support Team Fullstack Developer

hi

ShowPII not working, Please set it on all websites.

add this line to all Program.cs files.

IdentityModelEventSource.ShowPII = true;
0

lan.dang created 10 months ago

It gives same error 2024-01-09 14:05:25.437 +07:00 [WRN] Code:Volo.Authorization:010001 2024-01-09 14:05:29.616 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. Number of keys in Configuration: '0'. Exceptions caught: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details. 2024-01-09 14:05:34.959 +07:00 [WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": {}, "validationErrors": null } The token is not passed the Authorization Here is method to generator JWT token
0
maliming created 10 months ago
Support Team Fullstack Developer
hi

Can you try to add Authorize to your controller?DruidAI.Blazor.Controllers.APIController.GetNextReques

[Authorize(AuthenticationSchemes = "Bearer")] public class YourController : Controller { }
0

lan.dang created 10 months ago

It still return response.StatusCode = System.Net.HttpStatusCode.Unauthorized. I just wonder what are changes in .NET 8 to make it does not work?
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

I'm not sure. Can you share a simple project? or how can I reproduce this in a new template project?

liming.ma@volosoft.com
0

lan.dang created 10 months ago

Thank you, I sent you files that I made & modify in JWT token
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

Thanks. Can you try to reproduce this in a small project?

Then I can fix it asap.
0

lan.dang created 10 months ago

I run with Postman, I found this error : Bearer error="invalid_token", error_description="The signing key associated to the specified token was not found.", error_uri="https://documentation.openiddict.com/errors/ID2090"

Does that any help ?
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

I need to reproduce this in my local.

Can you find a way?
0

lan.dang created 10 months ago

Could you help me to review DruidAIBlazorModule, did I make any wrong? Thank you
0

lan.dang created 10 months ago

@maliming about issue #1 and #2, if you login with Host Admin, you go to Role or User >> Edit > Permission it raises error like this if you have defined custom Permission in PermissionDefinitionProvider
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

You can override the PermissionManagementModal by https://github.com/abpframework/abp/pull/18681/files
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

Could you help me to review DruidAIBlazorModule, did I make any wrong?

Please find a way to reproduce in a new project.

I haven't understood your JWT design yet.

Thanks.
0
lan.dang created 10 months ago
I think the problem related to Dynamic Claim feature in new version.

I add JWT Bearer in *BlazorModule file

Then add this line app.UseJwtTokenMiddleware();

If I add this configure : ConfigureAuthentication It gives error : "token_invalid"

If I removed ConfigureAuthentication It generate token, but could not pass [Authorize(Permissions.Create)] , OK with [Authorize]

So I think there is problem with Claim. Do you have any example that I can follow to implement API bearer token?
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

Do you have any example that I can follow to implement API bearer token?

There are some examples on Google. It's simple

https://medium.com/@vndpal/how-to-implement-jwt-token-authentication-in-net-core-6-ab7f48470f5c https://www.c-sharpcorner.com/article/jwt-json-web-token-authentication-in-asp-net-core/ https://www.youtube.com/watch?v=mgeuh8k3I4g

You can test this in a new template project, share your project with me if you have any problems.
0

lan.dang created 10 months ago

Yes I will try create simple project and share with you. BTW, could you explain me how ClaimType.Role work? As debugging, HttpContext.User is already Authenticated, there is also claim Role correctly but could not access to permission that role has been assigned
0

lan.dang created 10 months ago

I sent you project link in mail, please confirm me if you have not get it Thank you
0
maliming created 10 months ago
Support Team Fullstack Developer
hi

You have set these claim types.

AbpClaimTypes.UserName AbpClaimTypes.Name AbpClaimTypes.SurName AbpClaimTypes.UserId AbpClaimTypes.Role AbpClaimTypes.Email

https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L41-L53

maliming created 10 months ago

Support Team Fullstack Developer

This is your JWT claims:

context.Services.AddAuthentication()
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = configuration["Jwt:Issuer"],
            ValidateAudience = true,
            ValidAudience = configuration["Jwt:Audience"],
            ValidateLifetime = false,
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = securityKey
        };
        options.MapInboundClaims = false;
    });

app.UseRouting();
app.UseAuthentication();
app.UseAbpOpenIddictValidation();

//https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.Authentication.JwtBearer/Microsoft/AspNetCore/Builder/ApplicationBuilderAbpJwtTokenMiddlewareExtension.cs#L8
app.Use(async (httpContext, next) =>
{
    if (httpContext.User.Identity?.IsAuthenticated != true)
    {
        var result = await httpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
        if (result.Succeeded && result.Principal != null)
        {
            httpContext.User = result.Principal;
        }
    }

    await next();
});

if (MultiTenancyConsts.IsEnabled)
{
    app.UseMultiTenancy();
}

0

lan.dang created 10 months ago

it still return 403 Fobbiden
0

maliming created 10 months ago
Support Team Fullstack Developer

hi

I sent a project to you.

Showing 1 to 25 of 26 entries.

Previous
1 (current)
2
Next

Have an answer to this question? Log in and write your answer.