Open Closed

Need help in deploying microservice template using docker-compose #7548


User avatar
0
chandra.lk created
  • ABP Framework version: v8.2.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Steps to reproduce the issue: I have created a microservice application with the commercial template and I'm trying to deploy the same using docker-compose on one of our internal test servers. It has 3 microservices, 1 web-gateway, 1 AuthServer and 1 Angular application. I'm using the existing docker-compose.infrastructure.yml and the docker-compose.infrastructure.override.yml to setup the infra. I've built the applications into docker images using the provided build-images.ps1 file. In addition using the tye.yaml file as a reference, I have also created one more docker-compose.yml for deploying the backend services. I also have an internal SSL certificate to run HTTPS. I am able to bring up the services and am able to run the Angular application, but once I click on login in the Angular app, it takes me to the Authserver login page and after entering the correct credentials, it redirects me back to the Angular app, but it doesn't log me in. I had faced similar issue after upgrading to 8.2.0 which was resolved by adding some additional Microsoft nuget packages. I applied the same fix here as well but no luck.

I think the issue is with the way in which I have setup communication between the containers on the internal network. I have tried all different possibilities, but am still not able to resolve this issue.

From what I can observe, I see 3 WARNs in the logs.

In AuthServer log:

2024-07-24 16:31:03 [11:01:03 WRN] Could not find a session with ID: cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4
2024-07-24 16:31:03 [11:01:03 WRN] SessionId(cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4) not found for user: a2fa870a-428f-036b-123a-3a13e61d8eab, log out.

In AdministrationService log:

2024-07-24 16:31:05 [11:01:05 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
2024-07-24 16:31:05 [11:01:05 INF] Failed to validate the token.
2024-07-24 16:31:05 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

This is my docker-compose.yml file

name: caliber-test
services:
  authserver:
    container_name: authserver
    image: caliber/app-authserver:latest
    ports:
      - 44322:44322
    environment:
      - ASPNETCORE_URLS=http://+:44321;https://+:44322
      - App__SelfUrl=https://test01.aurelius.com:44322
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325,https://administration-service:44367,https://identity-service:44388,https://saas-service:44381
      - App__RedirectAllowedUrls=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - OpenIddict__Applications__Angular__RootUrl=https://test01.aurelius.com:4200/
      - OpenIddict__Applications__WebGateway__RootUrl=https://test01.aurelius.com:44325/
      - OpenIddict__Resources__AccountService__RootUrl=https://test01.aurelius.com:44322
      - OpenIddict__Resources__AdministrationService__RootUrl=https://test01.aurelius.com:44367
      - OpenIddict__Resources__IdentityService__RootUrl=https://test01.aurelius.com:44388
      - OpenIddict__Resources__SaasService__RootUrl=https://test01.aurelius.com:44381
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  administration-service:
    container_name: administration-service
    image: caliber/service-administration:latest
    environment:
      - ASPNETCORE_URLS=http://+:44366;https://+:44367
      - App__SelfUrl=https://test01.aurelius.com:44367
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - IdentityClients__Default__Authority=http://authserver:44321
      - IdentityClients__Default__ClientId=AdministrationService
      - IdentityClients__Default__ClientSecret=1q2w3e*
      - IdentityClients__Default__GrantType=client_credentials
      - IdentityClients__Default__RequireHttps=false
      - IdentityClients__Default__Scope=IdentityService
      - IdentityClients__Default__ValidateEndpoints=true
      - IdentityClients__Default__ValidateIssuerName=true
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - RemoteServices__AbpIdentity__BaseUrl=http://identity-service:44387/
      - RemoteServices__AbpIdentity__UseCurrentAccessToken=false
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  identity-service:
    container_name: identity-service
    image: caliber/service-identity:latest
    environment:
      - ASPNETCORE_URLS=http://+:44387;https://+:44388
      - App__SelfUrl=https://test01.aurelius.com:44388
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  saas-service:
    container_name: saas-service
    image: caliber/service-saas:latest
    environment:
      - ASPNETCORE_URLS=http://+:44380;https://+:44381
      - App__SelfUrl=https://test01.aurelius.com:44381
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  web-gateway:
    container_name: web-gateway
    image: caliber/gateway-web:latest
    ports:
      - 44325:44325
    environment:
      - ASPNETCORE_URLS=https://+:44325
      - App__SelfUrl=https://test01.aurelius.com:44325
      - App__CorsOrigins=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - AuthServer__MetadataAddress=http://authserver:44321
      - AuthServer__RequireHttpsMetadata=false
      - ElasticSearch__Url=http://elasticsearch:9200
      - Redis__Configuration=redis:6379
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
      - ../gateways/web/yarp.json:/app/yarp.json:ro
    networks:
      - caliber.test-network
networks:
  caliber.test-network:
    external: true

And this is how I have modified the yarp.json file in the web-gateway:

...
    "Clusters": {
      "AuthServer": {
        "Destinations": {
          "AuthServer": {
            "Address": "http://authserver:44321/"
          }
        }
      },
      "Administration": {
        "Destinations": {
          "Administration": {
            "Address": "http://administration-service:44366/"
          }
        }
      },
      "Identity": {
        "Destinations": {
          "Identity": {
            "Address": "http://identity-service:44387/"
          }
        }
      },
      "Saas": {
        "Destinations": {
          "Saas": {
            "Address": "http://saas-service:44380/"
          }
        }
      }
    }
...

As per my understanding, only the authserver and the web-gateway need to run on HTTPS exposed to the external network and the gateway talks to the 3 microservices over HTTP.

I've tried out all possibilities and am not able to resolve this.

Request you to please check this out and guide.

Regards, Chandrahas

P.S. I wanted to attach the complete logs, but there isn't an option here to do it. Let me know if there is another way to send the logs.


10 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty

    You can check https://abp.io/support/questions/7447/Authentication-valid-issuer-issue https://abp.io/support/questions/7180/Deploying-an-ABP-tiered-project-to-mutliple-docker-containers

  • User Avatar
    0
    chandra.lk created

    Hi @liangshiwei,

    I checked those before and had added the ForwardedHeaders in Gateway project. Do I need to add them to all the projects?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    gateway project is enough.

    if still not working you can add a middleware to output the HTTP request info to logs to see the request host.

  • User Avatar
    0
    chandra.lk created

    How and where should I add this middleware? Could you please provide some more info?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    for example:

    app.Use((httpContext, next) =>
    {
        var logger = httpContext.RequestServices.GetRequiredService<ILogger<YourModuleClass>>();
        foreach (var header in httpContext.Request.Headers)
        {
            logger.LogInformation($"----------Request header: {header.Key}: {header.Value}----------");
        }
    
        return next();
    });
    
  • User Avatar
    0
    chandra.lk created

    Hi @liangshiwei,

    I applied the middleware and checked the headers. They look fine to me:

    2024-07-26 11:55:30 [06:25:30 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept: application/json, text/plain, */*----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Language: en----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: traceparent: 00-db6439da47a5f9a3a68c416e9ca0df42-991e3a84d77fd408-00----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-site: same-site----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-mode: cors----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-dest: empty----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: priority: u=1, i----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-correlation-id: e28192efa89942d3b91d4fb3fe66cc75----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
    2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-proto: https----------
    2024-07-26 11:55:31 [06:25:31 INF] CORS policy execution successful.
    2024-07-26 11:55:31 [06:25:31 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:55:31 [06:25:31 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
    2024-07-26 11:55:34 [06:25:34 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
    2024-07-26 11:55:35 [06:25:35 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 3115.8941ms
    2024-07-26 11:55:35 [06:25:35 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:55:35 [06:25:35 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 4779.9261ms
    2024-07-26 11:55:35 [06:25:35 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept: application/json, text/plain, */*----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Language: en----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: traceparent: 00-b696772ca4486b51c742f9c99f0518cd-64f4727199b68749-00----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-site: same-site----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-mode: cors----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-dest: empty----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: priority: u=1, i----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-correlation-id: dc7508954b15423ea1e5ec66a3e3fd55----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
    2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-proto: https----------
    2024-07-26 11:55:35 [06:25:35 INF] CORS policy execution successful.
    2024-07-26 11:55:35 [06:25:35 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:55:35 [06:25:35 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationLocalization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController (Volo.Abp.AspNetCore.Mvc).
    2024-07-26 11:55:36 [06:25:36 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto'.
    2024-07-26 11:55:36 [06:25:36 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 865.8153ms
    2024-07-26 11:55:36 [06:25:36 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:55:36 [06:25:36 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 904.8717ms
    2024-07-26 11:56:19 [06:26:19 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept: application/json, text/plain, */*----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Language: en----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjNDQTIzRUFCODk2NzM4OEJGMThGMEY0ODkwODhFODZBMDM1RUU4RUQiLCJ4NXQiOiJQS0ktcTRsbk9JdnhqdzlJa0lqb2FnTmU2TzAiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2lpdHZkaS0wMS5hdXJlbGl1cy5jb206NDIxMC8iLCJleHAiOjE3MjE5Nzg3NzgsImlhdCI6MTcyMTk3NTE3OCwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIiwianRpIjoiZGRkMDAxODktYmU5Zi00YzI5LTk1OGYtZDAyNTYxNWNjZDIwIiwic3ViIjoiMjc0ZTRlNTEtMGI3ZS1jNTZiLTg4ZWItM2ExM2ZhNGJmMDY5Iiwic2Vzc2lvbl9pZCI6ImM1YmU3Mzc1LTQzMDYtNGQyOC05NDMxLWMzN2RlNTAzZGE0NCIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiMzA1NzAyNTMtZWRlMC03ZmIxLWJiMDctM2ExM2ZhN2YzMmRhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJlbWFpbCI6ImFkbWluQGFicC5pbyIsImVtYWlsX3ZlcmlmaWVkIjoiRmFsc2UiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImNsaWVudF9pZCI6IkFuZ3VsYXIiLCJvaV90a25faWQiOiI1OTQ1YzdkNy00ZmRlLWZhNDItMjQ3NC0zYTEzZmZlNGRkZTYifQ.T3uwmWj_Li1X8WTxJDN9rmPXv3IhDJqn_vTWLLgd1f7usrPLspz4iw-hwWN6dsy5ySTBSCzwdKQLUS5TzmbBWDBy2UKDNwhkGxCdphHI4MuhFIetvtPBcZf7o6W6sgEjgoWkxCs1QJdbE6LCaE4zW2DhlmBg4ui_-4xYKkexhGNmMpztNIqSeSU-64gfECQyCHMBsxjWiIZrTqEkZEp4XfEpEDBXyvEz_VyhAxBpYvhOWNGfZuarYSX0Tm7eNZUKSUy4seD74RKozrlM53SroAT26Bo9oRjpDP_u9C6PL5PYVGpUt7R1wAaHuTcDDkWC23AlCSuIcxJ2A4IoCDYqIw----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: traceparent: 00-a702f850d9d803ccf7f8f442022f01c2-54e4309c0331a141-00----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-site: same-site----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-mode: cors----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-dest: empty----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: priority: u=1, i----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-correlation-id: 43ab9156761a45f68515e05a1131336e----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
    2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-proto: https----------
    2024-07-26 11:56:19 [06:26:19 INF] CORS policy execution successful.
    2024-07-26 11:56:19 [06:26:19 INF] Failed to validate the token.
    2024-07-26 11:56:19 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
    2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable`1 notBefore, Nullable`1 expires, IEnumerable`1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
    2024-07-26 11:56:19 [06:26:19 INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
    2024-07-26 11:56:19 [06:26:19 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:56:19 [06:26:19 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
    2024-07-26 11:56:19 [06:26:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
    2024-07-26 11:56:19 [06:26:19 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 231.1951ms
    2024-07-26 11:56:19 [06:26:19 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2024-07-26 11:56:19 [06:26:19 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 576.7826ms
    

    I have a doubt however. In one of the referenced tickets you have mentioned:

    validationParameters.ValidIssuer will be set as request.Scheme + Uri.SchemeDelimiter + host + request.PathBase

    Is this set by some module in ABP Framework or will it be set by the .NET 8.0 or some other library?

    I also see that the same request (Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false) is successful, but then called again, it is throwing an exception.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Is this set by some module in ABP Framework or will it be set by the .NET 8.0 or some other library?

    This is set by openiddict.

    could you try this?

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
       PreConfigure< OpenIddictServerBuilder >(builder =>
        {
            .....
            builder.SetIssuer("https://iitvdi-01.aurelius.com:4220");
            ....
        });
    }
    
    
  • User Avatar
    0
    chandra.lk created

    4220 is the port of the AdministrationService, not the AuthServer. Shouldn't the AuthServer be the issuer of the token?

    Also, if I do this for AdministrationService, I'll have to do the same for all other services as well.

    Shouldn't we instead fix the place where ValidIssuers is getting populated?

    Something like this in JwtBearerConfigurationHelper?

            context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddAbpJwtBearer(options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata");
                    options.Audience = audience;
                    options.TokenValidationParameters.ValidIssuer = configuration["AuthServer:Authority"];
                });
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Sorry, should be your AuthServer URL

    And make sure ValidIssuer and Issuer are the same.

    ValidIssuer can be an array.

    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidIssuers = new []{"https://myauthserver.com","http://docker-service-name"}
    };
    
  • User Avatar
    0
    chandra.lk created

    Hi liangshiwei,

    Finally was able to get it working.

    After adding the ValidIssuers, I got one more exception IDX10500: Signature validation failed. No security keys were provided to validate the signature.

    But I found out that similar issue was posted on GitHub and user wangyue20075 provided a solution in his comment.

    I still don't understand how this is working when it is being run locally but is failing when I deploy it using Docker Compose.

    Thanks for your support!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 19, 2024, 12:56