- Template: microservice
- Created ABP Studio Version: 0.8.2
- UI Framework: angular
- Theme: leptonx
- Theme Style: system
- Database Provider: ef
- Database Management System: sqlserver
- Mobile Framework: none
- Public Website: No
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace: There are no exceptions. The cookie is just not being saved, and because of that, we can't log in to the application. The solution works fine locally; it just doesn't work when deployed to the Kubernetes environment.
- Steps to reproduce the issue:
- Go to the Angular application, ex: https://angular.yourwebsite.com
- Click on the logging button
- You will be redirected to https://auth.yourwebsite.com
- Input a valid user and password and click on the Login button
- You should be authenticated and redirected to the https://angular.yourwebsite.com URL
- Then in here, ideally you should be authenticated and able to navigate to the authenticated pages, but it's not
- Checking the cookies on the locally run application, I can see that the .AspNetCore.Identity.Application cookie is being saved, but I can't see that on the published website at https://angular.yourwebsite.com, even though it's saving the cookie on https://auth.yourwebsite.com so if you click on the Log in button again it will detect that you are authenticated and redirect you back
15 Answer(s)
-
0
hi
Please share the logs.txt of https://auth.yourwebsite.com during the
Steps to reproduceliming.ma@volosoft.com
Thanks.
-
0
hi
I see the log:
[14:04:28 INF] AuthenticationScheme: Identity.Application signed in.Can you share an online website? I will test it online.
Thanks
-
0
Hi, yes, you can use the same URL from the logs: https://klir-sandbox-microservices-angular.klir.com/
-
0
hi
the angular can use the access_token to get application configuration
Can you share the logs for
https://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?The logs you have shared don't include it.
Thanks
-
0
Hello,
I've sent the logs to your e-mail. Thanks
-
0
hi
I didn't receive it. Can you share it by https://wetransfer.com/
-
0
[08:46:05 INF] Loaded ABP modules: [08:46:05 INF] - KlirMicroservices.WebGateway.KlirMicroservicesWebGatewayModule [08:46:05 INF] - Volo.Abp.Autofac.AbpAutofacModule [08:46:05 INF] - Volo.Abp.Castle.AbpCastleCoreModule [08:46:05 INF] - Volo.Abp.AspNetCore.Serilog.AbpAspNetCoreSerilogModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyModule [08:46:05 INF] - Volo.Abp.Data.AbpDataModule [08:46:05 INF] - Volo.Abp.ObjectExtending.AbpObjectExtendingModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationAbstractionsModule [08:46:05 INF] - Volo.Abp.Uow.AbpUnitOfWorkModule [08:46:05 INF] - Volo.Abp.EventBus.Abstractions.AbpEventBusAbstractionsModule [08:46:05 INF] - Volo.Abp.Security.AbpSecurityModule [08:46:05 INF] - Volo.Abp.Settings.AbpSettingsModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyAbstractionsModule [08:46:05 INF] - Volo.Abp.VirtualFileSystem.AbpVirtualFileSystemModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationModule [08:46:05 INF] - Volo.Abp.Threading.AbpThreadingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonModule [08:46:05 INF] - Volo.Abp.Json.SystemTextJson.AbpJsonSystemTextJsonModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonAbstractionsModule [08:46:05 INF] - Volo.Abp.Timing.AbpTimingModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingContractsModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpAbstractionsModule [08:46:05 INF] - Volo.Abp.Minify.AbpMinifyModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationModule [08:46:05 INF] - Volo.Abp.ExceptionHandling.AbpExceptionHandlingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreAbstractionsModule [08:46:05 INF] - Volo.Abp.Swashbuckle.AbpSwashbuckleModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcModule [08:46:05 INF] - Volo.Abp.ApiVersioning.AbpApiVersioningAbstractionsModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcContractsModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationContractsModule [08:46:05 INF] - Volo.Abp.UI.Navigation.AbpUiNavigationModule [08:46:05 INF] - Volo.Abp.UI.AbpUiModule [08:46:05 INF] - Volo.Abp.GlobalFeatures.AbpGlobalFeaturesModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainModule [08:46:05 INF] - Volo.Abp.EventBus.AbpEventBusModule [08:46:05 INF] - Volo.Abp.Guids.AbpGuidsModule [08:46:05 INF] - Volo.Abp.BackgroundWorkers.AbpBackgroundWorkersModule [08:46:05 INF] - Volo.Abp.DistributedLocking.AbpDistributedLockingAbstractionsModule [08:46:05 INF] - Volo.Abp.ObjectMapping.AbpObjectMappingModule [08:46:05 INF] - Volo.Abp.Specifications.AbpSpecificationsModule [08:46:05 INF] - Volo.Abp.Caching.AbpCachingModule [08:46:05 INF] - Volo.Abp.Serialization.AbpSerializationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainSharedModule [08:46:05 INF] - Volo.Abp.Features.AbpFeaturesModule [08:46:05 INF] - Volo.Abp.AspNetCore.MultiTenancy.AbpAspNetCoreMultiTenancyModule [08:46:05 INF] - Volo.Abp.Studio.Client.AspNetCore.AbpStudioClientAspNetCoreModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientContractsModule [08:46:05 INF] Loading proxy data from config. [08:46:05 WRN] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning [08:46:05 INF] User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest. [08:46:05 INF] Initialized all ABP modules. [08:46:05 INF] Creating key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} with creation date 2024-10-23 08:46:05Z, activation date 2024-10-23 08:46:05Z, and expiration date 2025-01-21 08:46:05Z. [08:46:05 WRN] No XML encryptor configured. Key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} may be persisted to storage in unencrypted form. [08:46:05 INF] Writing data to file '/root/.aspnet/DataProtection-Keys/key-a931d469-b9f2-44a4-8cf5-7f1b7f11f514.xml'. [08:46:05 WRN] Overriding HTTP_PORTS '8080' and HTTPS_PORTS ''. Binding to values defined by URLS instead 'http://+:80'. [08:46:05 INF] Now listening on: http://[::]:80 [08:46:05 INF] Application started. Press Ctrl+C to shut down. [08:46:05 INF] Hosting environment: Staging [08:46:05 INF] Content root path: /app [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 54.6774ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:48:53 INF] Received HTTP/1.1 response 200. [08:48:53 INF] Executed endpoint 'AbpApi' [08:48:53 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 299.8215ms [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.793ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:48:54 INF] Received HTTP/1.1 response 200. [08:48:54 INF] Executed endpoint 'AbpApi' [08:48:54 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 187.8107ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 1.2681ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 157.7581ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.8468ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 40.9671ms
-
0
Enable the Debug logs.
Thanks
public class Program { public async static Task<int> Main(string[] args) { Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning) .Enrich.FromLogContext() .WriteTo.Async(c => c.File("Logs/logs.txt")) .WriteTo.Async(c => c.Console()) .CreateLogger(); -
0
Ok, debug logs shared on: https://we.tl/t-w2UsMedJ7E
-
0
hi
There are only two projects in your logs..
Can you share all
logs.txtof your project?
App AuthServer WegGateway All Microservers.
[09:37:20 INF] Proxying to http://xxx-xxx-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming
If you can write the
identity modelin administration microservice, that will be best.https://gist.github.com/maliming/d275b332ad462e42b90f727196cdcf88#file-program-cs-L6-L10
Your access_token looks no problem
Thanks.
-
0
I'm preparing the logs here, but I think we found the issue:
2024-10-24 11:04:03.410 +00:00 [INF] Request origin https://klir-sandbox-microservices-angular.klir.com does not have permission to access the resource. 2024-10-24 11:04:03.442 +00:00 [INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable1 notBefore, Nullable1 expires, IEnumerable1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) 2024-10-24 11:04:03.442 +00:00 [INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.Do you know how to solve this? After checking this configuration, it seems the issuer is matching.
-
0
All logs sent to https://we.tl/t-S8wM5riUdV
-
0
hi
For
IDX10204error, you can try to setValidIssuersas
Your token issuer is
https://klir-sandbox-microservices-authserver.klir.com/https://abp.io/support/questions/7780/Unable-to-Login-even-after-getting-token-using-angular-app#answer-3a14b350-0cd5-a71c-80ba-1b65d3b2ee39
But:
If you can write the identity model logs in administration microservice, that will be best.
I think your administration microservice doesn't request
https://klir-sandbox-microservices-authserver.klir.com/.well-known/openid-configurationto getopenid-configuration, maybe it use localhost?https://gist.github.com/maliming/d275b332ad462e42b90f727196cdcf88#file-program-cs-L6-L10
-
0
I figured it out by checking other tickets with this validation issue. I've added this code to the services, adding the auth server on the list of valid issuers:
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddAbpJwtBearer(options => { //... // IDX10204: Unable to validate issuer on K8s if not set options.TokenValidationParameters = new TokenValidationParameters() { ValidIssuers = new[] { configuration["AuthServer:Authority"].EnsureEndsWith('/') }, // IDX10500: Signature validation failed. No security keys were provided to validate the signature on K8s SignatureValidator = delegate (string token, TokenValidationParameters parameters) { var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token); return jwt; } }; } -
0
Great!
