Starts in:
2 DAYS
10 HRS
33 MIN
14 SEC
Starts in:
2 D
10 H
33 M
14 S

Activities of "alexander.nikonov"

Your screenshots are now consistent with mine. So scenarios 1) and 3) do not fit me. Because the "passive" tab does not redirect to login box. Scenario 2) is what I need. But in your screenshot you did not go further: you need to try to login in the "passive" tab too. In this case, you will get error 400 because of the "reused token" issue. This is what I am trying to avoid.

Sorry, but I easily reproduce the issues on the same test project. Please have a look below. I don't know how to explain it.

  1. Scenario with event.newValue !== null - the second tab does not redirect a user to Login page when I do logout from the first tab:
  2. Scenario with event.newValue === null - the second tab redirects a user to Login page when I do logout from the first tab, however the bug with a token is reproduced during logging in:

The test project link is already present in this thread. https://drive.google.com/open?id=1xYCu_NLl5O0YCn1h3ffv4FZd5UGkGK0B&usp=drive_fs

Hi. Sorry, I'm not sure I am following you here. The latest mentioned problem is reproduced on ABP generated test project. There's no our custom code there. So in this project i was trying to get the following behavior:

  1. when I do logout from the active tab, I'm being logged off on any passive tab of the same site: the solution with storage event was suggested by your colleague and it did work;
  2. when I do log in in a passive tab after being logged in in the active tab I want to avoid any errors. You suggested to change null condition from === to !== in the event handler, but in this case (1) stops working - I'm not redirected to Login page in a passive tab anymore;

Unfortunately, this is not a solution, because if I make this change, another part is broken: I am no more redirected to Login page in a passive tab after I log off in the active tab...

Hi,

thank you for the reply. So - first of all, I want to eliminate the following problem which is easily reproducable on a test project.

If I have the site opened in tab #1 and tab #2 and use the following code in app.component.ts:

this.window.addEventListener('storage', event => {
  if (event.key === 'access_token' && event.newValue === null) {
    this.window.location.reload();
  }
});

after logging out in any tab, I am logged out in another tab thanks to this code. So far so good...

Now, let's say I log in on tab #1 - I am inside. Then I go to tab #2 where I still have a login box. I try to log in and get the exception:

[17:04:41 INF] Executing endpoint '/Account/Login' [17:04:41 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login [17:04:41 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [17:04:41 INF] Antiforgery token validation failed. The provided antiforgery token was meant for a different claims-based user than the current user. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)

When I am doing a logout in our project from ANY page - at some point I promptly see a HOME page, but there is no more navigation menu at the left (the menu obviously has been hidden, because the user is not authenticated anymore) and at the same very moment the API requests which are connected to that ANY page are invoked. Afterwards I am redirected to LOGIN BOX as expected.

I have absolutely no idea why the redirect to LOGIN BOX does not happen immediately after pressing the logout button and this HOME page is shown. I have looked through the code as much as I can. I can only attach again the Auth Server Module code and its log - what is happening at the moment of logout. I compared the log with the test project log, but by and large everything is about the same.

Perhaps one of your colleagues can tell me something - maybe there is a wrong setup in the module. But there are so many settings that it's hard to make sense of it. I can create another ticket, but it will contain the same question.

I cannot do screensharing or send our project. Just reminding it.

I really don't know how to match a test solution and our solution where the issue happens. I've tried to find who initiates these extra API calls between connect/revocat and openid-configuration looking at the initiator chain: Just in case: port 44337 is the port of Ocelot Gateway solution - I emphasize that the last endpoint is correct. Is the request initiator chain looking wrong here? Because so far I am out of clues, what is wrong and why. Maybe I am missing some settings relevant for authentication or they are incorrect? There are just too many of them, plus custom code, so I try to move from inside analyzing those requests.

IMPORTANT: this is not related to our custom pages only. The identical situation take place at ABP pages, e.g. Language Management. So it is not related to the components or guards.

I understand that active tab is not supposed to trigger this code, I just make a note that this:

is happening during logout on active tab too - in any component (which i want prevent somehow with a general approach for all components).

Hi,

you can redirect instead of reload

Whereas it might work for a passive tab - it won't work for an active tab, where I click "Logout": because this code is not triggered for an active tab. However the API requests (mentioned in the screenshot) are invoked on both tabs.

Showing 11 to 20 of 289 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06