V8.2 Blazor Server project deployed on IIS. It gives "invalid_grant" error. #7494 | Support

omer_yel created 4 months ago

ABP Framework version: v8.2
UI Type: Blazor Server
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes

V8.1.1 project has been upgraded to v8.2. Upgraded project executed using local redis and db. And it worked. Project was published and was executed on remote IIS server with redis and db of remote server. It gave us "invalid_grant" error. New empty blazor server project created using abp suite. Then it executed on debug mode on visual studio using db and redis of remote server. It worked. We got blazor ui successfully. Same new project published and deployed on IIS of development pc using remote server db and redis. It worked again. Published new project deployed on remote server IIS using remote server db and remote redis. It gives us "invalid_grant" error. Auth server and api works properly. We can login on api swagger. Every try, redis and database were reset. And migrator is executed.

We set access urls as domain for remote server.

We can send you project via email to reproduce.

45 Answer(s)

0

maliming created 4 months ago
Support Team Fullstack Developer

hi

Please share the Logs.txt file on your remote IIS.

Thanks, liming.ma@volosoft.com
0

omer_yel created 4 months ago

hi

Please share the Logs.txt file on your remote IIS.

Thanks, liming.ma@volosoft.com

I have shared with you Logs and sample project that occurs mentioned error.
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

There is no invalid_grant error in your logs.

Please share the logs on IIS that have the invalid_grant info.

Thanks
0

omer_yel created 4 months ago

Sorry i sent wrong log files. I sent correct logs via email.

maliming created 4 months ago

Support Team Fullstack Developer

The error related to the session management.

Can you set IIS log level to debug to see more details?

public class Program
{
    public async static Task<int> Main(string[] args)
    {
        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Information()
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())
            .CreateLogger();

Error: invalid_grant => The token is no longer valid because the user's session expired.

https://docs.abp.io/en/commercial/latest/modules/identity/session-management https://docs.abp.io/en/commercial/latest/modules/account/session-management

0

omer_yel created 4 months ago

Hi I have sent debug level logs via email.

maliming created 4 months ago

Support Team Fullstack Developer

There is an exception on your IIS, so the problem exists in the Database. You can troubleshoot it.

2024-07-15 16:37:46.002 +03:00 [ERR] An unhandled exception has occurred while executing the request.
Microsoft.EntityFrameworkCore.DbUpdateException: An error occurred while saving the entity changes. See the inner exception for details.
 ---> Microsoft.Data.SqlClient.SqlException (0x80131904): A severe error occurred on the current command.  The results, if any, should be discarded.
Operation cancelled by user.

0

omer_yel created 4 months ago

hi We check query on sql server profiler. The query is being aborted at 0 or 1 ms. We sent verbose level logs via email.
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

I think the context.RequestAborted happened. that is request is aborted

Can you share your web.config? This is not a code problem instead of environment.

Thanks.
0

maliming created 4 months ago
Support Team Fullstack Developer

Btw, Does the database have any relevant logs?
0

omer_yel created 4 months ago

You can check email to get Db trace logs.
0
maliming created 4 months ago
Support Team Fullstack Developer
hi

1.

Can you try to disable the IsDynamicClaimsEnabled?

context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = false; });

2.

Can you use a new SQL server to test this?

You can use the SQL server in Docker to try again.

https://learn.microsoft.com/en-us/sql/linux/quickstart-install-connect-docker?view=sql-server-ver16&tabs=cli&pivots=cs1-bash

3.

Can you share a website URL to let me check it online?

Thanks
0

omer_yel created 4 months ago

Hi We have applied your first suggestion. It solved problem on one of our server. But we do not know why and how it works. It works somehow. Can you illuminate us on this topic. Why we change IsDynamicClaimsEnabled to false and why does it work? We also created new server and database and implemented same working released project. I it gave us Unauthorized error.

<br> We supplied error logs to you via email.
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

Why we change IsDynamicClaimsEnabled to false and why does it work?

The framework will create session entities if this IsDynamicClaimsEnabled is true. However on your server it fails.

Unauthorized error 2024-07-17 12:54:05.676 +03:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: Aizanoi.Countries

Please check the permission of the current user.
0

omer_yel created 4 months ago

On AbpPermissionGrant table there are permission for admin.

As you see at sample image of AbpPermissionGrant all permission are assigned to admin from role. admin role is also assigned to admin user. We are trying to login in using admin user. Also you can see Country permissions are given to admin role.
1

omer_yel created 4 months ago

In this situation we can not use session feature. Because of IsDynamicClaimsEnabled is false. Normally on this screen there is a circle light near the device name. But it ain`t now. No option like session user menu. How can we use session feature?

1
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

Can you try to 2 and 3?
0

maliming created 4 months ago
Support Team Fullstack Developer

Our goal is to troubleshoot the problem not disable IsDynamicClaimsEnabled
0

2ristpanel created 4 months ago

I have the same problem turning IsDynamicClaimsEnabled to false is solving the problem But I need a Fix also I'm using MongoDB Not SQL

2024-07-18 19:28:10.504 +03:30 [ERR] Error when dispatching 'OnDisconnectedAsync' on hub. System.Threading.Tasks.TaskCanceledException: A task was canceled. at Volo.Abp.Threading.SemaphoreSlimExtensions.LockAsync(SemaphoreSlim semaphoreSlim, CancellationToken cancellationToken) at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context) at Volo.Abp.Security.Claims.AbpClaimsPrincipalFactory.InternalCreateAsync(AbpClaimsPrincipalFactoryOptions options, ClaimsPrincipal existsClaimsPrincipal, Boolean isDynamic) at Volo.Abp.Security.Claims.AbpClaimsPrincipalFactory.CreateDynamicAsync(ClaimsPrincipal existsClaimsPrincipal) at Volo.Abp.AspNetCore.SignalR.Authentication.AbpAuthenticationHubFilter.HandleDynamicClaimsPrincipalAsync(ClaimsPrincipal claimsPrincipal, IServiceProvider serviceProvider, HubCallerContext hubCallerContext, Boolean skipCheckDynamicClaimsInterval) at Volo.Abp.AspNetCore.SignalR.Authentication.AbpAuthenticationHubFilter.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.DefaultHubDispatcher1.OnDisconnectedAsync(HubConnectionContext connection, Exception exception) at Microsoft.AspNetCore.SignalR.Internal.DefaultHubDispatcher1.OnDisconnectedAsync(HubConnectionContext connection, Exception exception) at Microsoft.AspNetCore.SignalR.HubConnectionHandler`1.HubOnDisconnectedAsync(HubConnectionContext connection, Exception exception)

2024-07-18 19:28:10.506 +03:30 [ERR] Failed disposing connection pnR_OJExNOOme-cZKvHczw. System.Threading.Tasks.TaskCanceledException: A task was canceled. at Volo.Abp.Threading.SemaphoreSlimExtensions.LockAsync(SemaphoreSlim semaphoreSlim, CancellationToken cancellationToken) at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context) at Volo.Abp.Security.Claims.AbpClaimsPrincipalFactory.InternalCreateAsync(AbpClaimsPrincipalFactoryOptions options, ClaimsPrincipal existsClaimsPrincipal, Boolean isDynamic) at Volo.Abp.Security.Claims.AbpClaimsPrincipalFactory.CreateDynamicAsync(ClaimsPrincipal existsClaimsPrincipal) at Volo.Abp.AspNetCore.SignalR.Authentication.AbpAuthenticationHubFilter.HandleDynamicClaimsPrincipalAsync(ClaimsPrincipal claimsPrincipal, IServiceProvider serviceProvider, HubCallerContext hubCallerContext, Boolean skipCheckDynamicClaimsInterval) at Volo.Abp.AspNetCore.SignalR.Authentication.AbpAuthenticationHubFilter.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.HubFilterFactory.OnDisconnectedAsync(HubLifetimeContext context, Exception exception, Func3 next) at Microsoft.AspNetCore.SignalR.Internal.DefaultHubDispatcher1.OnDisconnectedAsync(HubConnectionContext connection, Exception exception) at Microsoft.AspNetCore.SignalR.Internal.DefaultHubDispatcher1.OnDisconnectedAsync(HubConnectionContext connection, Exception exception) at Microsoft.AspNetCore.SignalR.HubConnectionHandler1.HubOnDisconnectedAsync(HubConnectionContext connection, Exception exception) at Microsoft.AspNetCore.SignalR.HubConnectionHandler1.RunHubAsync(HubConnectionContext connection) at Microsoft.AspNetCore.SignalR.HubConnectionHandler1.OnConnectedAsync(ConnectionContext connection) at Microsoft.AspNetCore.SignalR.HubConnectionHandler1.OnConnectedAsync(ConnectionContext connection) at Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionContext.ExecuteApplication(ConnectionDelegate connectionDelegate) at Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionContext.WaitOnTasks(Task applicationTask, Task transportTask, Boolean closeGracefully) at Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionContext.DisposeAsync(Boolean closeGracefully) at Microsoft.AspNetCore.Http.Connections.Internal.HttpConnectionManager.DisposeAndRemoveAsync(HttpConnectionContext connection, Boolean closeGracefully, HttpConnectionStopStatus status)

2024-07-18 19:28:10.600 +03:30 [ERR] Message contains error: 'invalid_grant', error_description: 'The token is no longer valid because the user's session expired.', error_uri: 'error_uri is null', status code '400'. 2024-07-18 19:28:10.604 +03:30 [ERR] Exception occurred while processing message. Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'The token is no longer valid because the user's session expired.', error_uri: 'error_uri is null'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() 2024-07-18 19:28:10.605 +03:30 [INF] Error from RemoteAuthentication: Message contains error: 'invalid_grant', error_description: 'The token is no longer valid because the user's session expired.', error_uri: 'error_uri is null'.. 2024-07-18 19:28:10.607 +03:30 [ERR] An unhandled exception has occurred while executing the request. Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'The token is no longer valid because the user's session expired.', error_uri: 'error_uri is null'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
0

2ristpanel created 4 months ago

It works on development but on staging environment (iis) returns 404 !???
0

maliming created 4 months ago
Support Team Fullstack Developer

hi 2ristpanel

Please create a new question. I will refund your ticket if there is a problem.

Thanks
0

omer_yel created 4 months ago

Hi We have tried our project on both kestrel and IIS mode on newly created server. IsDynamicClaimsEnabled is true. On Kestrel mode project works smoothly. We can get session info. But on IIS we are getting Unauthorized. Here is deployment server version and IIS version. https://tao1.xxx.net.tr -> Kestrel https://tao2.xxx.net.tr -> IIS

You can change subdomain to access swagger and auth. https://tao2-auth.xxx.net.tr -> IIS Auth Server https://tao2-api.xxx.net.tr -> IIS Api Host
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

Please enable WebSocket feature on your IIS. : )

https://learn.microsoft.com/en-us/iis/configuration/system.webserver/websocket
0

omer_yel created 4 months ago

WebSocket is already enabled. We are trying other application development option to find which one effects on this.
0

maliming created 4 months ago
Support Team Fullstack Developer

hi

It seems the web socket is enabled now on IIS.

Can you try again?

Showing 1 to 25 of 45 entries.

Previous
1 (current)
2
Next

Have an answer to this question? Log in and write your answer.