Open Closed

Tenant impersonation doesn't work with separate database for tenant #8564


User avatar
0
cvarela@ld created

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info: 🧐 Hint: If you are using the ABP Studio, you can see all the information about your solution from the configuration window, which opens when you right-click on the solution and click on the Solution Configuration button.

The option "login with this tenant" only works if the tenant database is the same as host but doesn't work if the tenant has it's own database.

  • ABP Framework version: v0.9.18
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: An unhandled exception has occurred while executing the request. Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'SessionExpired', error_uri: 'error_uri is null'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
  • Steps to reproduce the issue:
  1. Create tenant with separate connection string
  2. Select tenant actions > "login with this tenant"
  3. Input valid/existing user for login

7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'SessionExpired', error_uri: 'error_uri is null'.

    Can you share all logs.txt? web, api, and authserver projects.

    liming.ma@volosoft.com
    Thanks.

  • User Avatar
    0
    cvarela@ld created

    Hello,

    Sent logs through email.

    Thank you!

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks, I will check the logs.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please try override the IdentitySessionManager, We will fix this in next patch version.

    using System;
    using System.Threading.Tasks;
    using Microsoft.Extensions.Logging;
    using Volo.Abp.Caching;
    using Volo.Abp.DependencyInjection;
    using Volo.Abp.Identity.Settings;
    using Volo.Abp.Settings;
    using Volo.Abp.Uow;
    using Volo.Abp.Users;
    
    namespace Volo.Abp.Identity.Session;
    
    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(IdentitySessionManager))]
    public class MyIdentitySessionManager : IdentitySessionManager
    {
        public MyIdentitySessionManager(
            IIdentitySessionRepository identitySessionRepository,
            ICurrentUser currentUser,
            IDistributedCache<IdentitySessionCacheItem> cache,
            IUnitOfWorkManager unitOfWorkManager,
            ISettingProvider settingProvider,
            IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
            : base(identitySessionRepository, currentUser, cache, unitOfWorkManager, settingProvider, identityDynamicClaimsPrincipalContributorCache)
        {
        }
    
        public override Task<IdentitySession> CreateAsync(string sessionId, string device, string deviceInfo, Guid userId, Guid? tenantId, string clientId,
            string ipAddresses, bool setLastAccessed = false)
        {
            Check.NotNullOrWhiteSpace(sessionId, nameof(sessionId));
            Check.NotNullOrWhiteSpace(device, nameof(device));
    
            using (CurrentTenant.Change(tenantId))
            {
                var session = await IdentitySessionRepository.FindAsync(sessionId);
                if (session == null)
                {
                    Logger.LogDebug($"Creating identity session for session id: {sessionId}, device: {device}, user id: {userId}, tenant id: {tenantId}, client id: {clientId}");
                    DateTime? lastAccessed = setLastAccessed ? Clock.Now : null;
                    session = await IdentitySessionRepository.InsertAsync(new IdentitySession(
                        GuidGenerator.Create(),
                        sessionId,
                        device,
                        deviceInfo,
                        userId,
                        tenantId,
                        clientId,
                        ipAddresses,
                        Clock.Now,
                        lastAccessed
                    ));
                }
    
                var preventConcurrentLoginBehaviour = await IdentityProPreventConcurrentLoginBehaviourSettingHelper.Get(SettingProvider);
                switch (preventConcurrentLoginBehaviour)
                {
                    case IdentityProPreventConcurrentLoginBehaviour.LogoutFromSameTypeDevices:
                        await RevokeAllAsync(userId, device, session.Id);
                        break;
    
                    case IdentityProPreventConcurrentLoginBehaviour.LogoutFromAllDevices:
                        await RevokeAllAsync(userId, session.Id);
                        break;
                }
    
                return session;
            }
        }
    }
    
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Your question ticket has been refunded.

    Thanks,

  • User Avatar
    0
    cvarela@ld created

    That fixed the issue.

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Great 👍

Made with ❤️ on ABP v9.2.0-preview. Updated on January 07, 2025, 07:14