Ends in:
4 DAYS
1 HR
18 MIN
7 SEC
Ends in:
4 D
1 H
18 M
7 S
Open Closed

Authentication Issues with v8.3.1 #8109


User avatar
0
BenS-FreshRF created
  • ABP Framework version: v8.3.1
  • UI Type: Blazor WASM
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace: No exceptions but logs available
  • Steps to reproduce the issue: Upgrade to v8.3.1 and Login

There's a weird disconnect with the authentication that has appeared after upgrading to v8.3.1 - reverting to v8.3.0 has resolved it. But weirdly these issues only appears to be happening to my local development build, the Release build to our test server isn't experiencing the issue.

We have the standard Web API Host connecting through to the Blazor client. Authentication is handled by OpenIddict inside the host before redirecting to the client. Session records in the database look correct but attempting to do anything requiring authentication on the API side, including the My Account settings, hard fail and kick me back to the login page. Logging in again just loads up the Blazor client, despite having the Account/Settings present in the ReturnUrl. Manually entering the Account/Settings URL doesn't load either, even immediately after reauthenticating. Oddly authenticating via Azure Entra using our SSO setup does allow access to the Account/Settings via the return URL, but once returning to the Blazor application this stops working. It's looking like once the Blazor client is loaded it's revoking the auth token for the Host side.


9 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Could you share the log? thanks.

  • User Avatar
    0
    BenS-FreshRF created

    https://drive.google.com/file/d/1dO9wwAmb0dZzyu4wq0M2vLPO9Pax-l3L/view?usp=sharing

    There's my Local Host logs from startup, loading the Blazor page, redirecting to host login, logging in successfully, clicking 'My Account', and getting dumped back to the Login page.

    15:28:05 looks like the time my login actually started, you can see some successful auths and claims returned, but then is failing almost immediately after at 15:28:06 during authetication/login-callback, but then appears to succeed again.

    The errors in SBCSignalRHub starting at 15:28:07 indicate the user isn't authenticated with the backend so its blocking the SignalR connections from starting.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Sorry, I didn't find anything.

    Could you please share a test project with me? I will check it. thanks.

    shiwei.liang@volosoft.com

  • User Avatar
    0
    BenS-FreshRF created

    Upgraded to v8.3.2 - same issue is occurring. I'll see when I can find the time to replicate in a new project.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Okay, I'm waiting for you

  • User Avatar
    0
    BenS-FreshRF created

    Had a few thoughts of the cause but no change - unfortunately no time yet to mess with a new project.

    We're hooking into the OpenIddictServerEvents.ProcessSignInContext & OpenIddictServerEvents.HandleLogoutRequestContext events to handle our SSO but neither of those appear to be getting in the way of the login process.

    I also disabled the usage of the AddDevelopmentEncryptionAndSigningCertificate option running locally, got it to use the full signing and encryption certificates as our release version on our server using the same Authserver.pfx but no change again.

    I then did a full release deployment to my local IIS and got it all up and running with the same settings present on our server and the same issue persisted.

    We have some other machines to try this out on so we'll see if the issue persists to any machine other than mine.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can share the logs.txt file when you have reproduced the problem.

    liming.ma@volosoft.com

    Thanks.

  • User Avatar
    0
    BenS-FreshRF created

    I have found the issue.

    Bug was only present on my local development environment and on one of our clients. These environments were the only ones where the Prevent Concurrent Login setting in the Session Management was set to logout. So in v8.3.1+ having this setting enabled logged out users as soon as they logged in, at least for the token issued for the API, not for the Blazor Client.

    This follows on from the previous issue I raised a while ago - https://abp.io/support/questions/7786/Prevent-Concurrent-Login--Session-Revocation-not-working

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share the logs.txt

    I have to understand the issue based on logs

    Thanks.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 28, 2024, 07:27