Will it be requested by components like Azure or Firewall?
I'm not sure, I disabled our azure application gateway from the equation, so I know that isn't causing the problem,
You can write detailed http request header info in the log.
Can you assist me in how to do that?
Hi @maliming ,
This may be helpful, but not sure. I'm analyzing the logs during the time a confirmation link is sent locally and comparing to when things are running in the Azure app service.
I noticed that in local development (everything works fine), there is only one HTTP GET that references the confirmation token.
HTTP/2 GET
10:41.947 -04:00 [INF] Request starting HTTP/2 GET https://localhost:44373/Account/EmailConfirmation?userId=35fbd381-2ba7-f50e-198e-3a03a43dd59c&__tenant=&confirmationToken=CfDJ8GZOlvHBFm1MpqnR5b0ZIFns5BYvAqRh0WnxNpbHZStg0x3t%2Fuhhz9btfZHkv9NBCFJPBJK5nkuAxXQA6yyDUFA%2FtoRISlH1yqp8iy66DxnV7VHpb3qetIgtMtruAmPWt2AYg2XrWgHLdQDTqV3H%2FTgFYVFJCPDDQFEP21U%2F%2FrJSp%2BlXntX3bSueaD9YDqqkye%2F0KhnatWxLKuI%2FBoUmoig8%2BM%2FqPTtwbxFAvPl84VYoAf6PuTL372o4log4AJC2xQ%3D%3D - -
But, when running in Azure there is both a HTTP HEAD and a HTTP GET that references the confirmation token
HTTP/1.1 HEAD
2023-05-10 02:42:38.836 +00:00 [INF] Request starting HTTP/1.1 HEAD https://nvisionweb-debug.azurewebsites.net/Account/EmailConfirmation?userId=35fbd381-2ba7-f50e-198e-3a03a43dd59c&__tenant=&confirmationToken=CfDJ8JOHPzwk2eBIkti1b63OgOlfmYda18CNZO8o6Wm7g%2FkDuoBuYZ2eUDK4mts8dFzJK3kRQ6LMDgUSYpPoJSCiCrHjidzQD0yeNwroUmDpBqEtdj7zHHOjmxL2nlWHWTZmgfsSHWeSwF3wIh4%2BLRFVAmR92P6ck4KWZF6IMTevWbfMqMEPJK04jcg%2FXdwTbZNKBuUMlFUeZ4CB5JctFq9rNwMSQt2ar3Nzv5Cvoq%2BsNNrlz%2BNW2Pk7v9LwM2jdALALkw%3D%3D - -
HTTP/1.1 GET
2023-05-10 02:42:39.278 +00:00 [INF] Request starting HTTP/1.1 GET https://nvisionweb-debug.azurewebsites.net/Account/EmailConfirmation?userId=35fbd381-2ba7-f50e-198e-3a03a43dd59c&__tenant=&confirmationToken=CfDJ8JOHPzwk2eBIkti1b63OgOlfmYda18CNZO8o6Wm7g%2FkDuoBuYZ2eUDK4mts8dFzJK3kRQ6LMDgUSYpPoJSCiCrHjidzQD0yeNwroUmDpBqEtdj7zHHOjmxL2nlWHWTZmgfsSHWeSwF3wIh4%2BLRFVAmR92P6ck4KWZF6IMTevWbfMqMEPJK04jcg%2FXdwTbZNKBuUMlFUeZ4CB5JctFq9rNwMSQt2ar3Nzv5Cvoq%2BsNNrlz%2BNW2Pk7v9LwM2jdALALkw%3D%3D - -
Could this be what's causing the token to be invalidated?
Hi @maliming ,
Ok, so something is accessing the token URL more than once when deployed, but not in local development?
In an attempt to help you be able to replicate the problem, I created a new blazor server project at verison 7.0.1 using the abp cli. I figured this would eliminate any of our code/or overrides from being the issue.
The only change I made was to allow the application to startup in an azure app service when abp is using openiddict (this was not a problem, or required when we used identityserver). The solution for using openiddict in an azure app servicce is documented here. https://codejack.com/2022/12/deploying-abp-io-to-an-azure-appservice/
The only other change I made was to implement an email sender (sendgrid) so that we can receive the confirmation email.
context.Services.Replace(ServiceDescriptor.Singleton<IEmailSender, SendGridEmailSender>());
The newly created ABP starts up in azure app service and a confirmation email is successfully sent. When we click the confirmation link, however, we still receive the 'Invalid Token' error.
I hope this helps, Please advise as we need a solution or workaround asap.
Thanks
Hi @maliming ,
I confirmed that when running locally with ASPNETCORE_ENVIRONMENT set to either Development or Production mode, everything works correctly. The problem only occurs once the application is deployed.
Any ideas, why the user still ends up having their email flagged as confirmed even though they get the invalid token message?
Thanks @maliming ,
I emailed you a log from startup to the error occurring with the data protection logging turned on.
Hi @maliming ,
The full log with debug info was sent to your email.
Hi,
Sorry, I wasn't clear. There is no error in the logs and no exception occurs. The front-end UI simply shows the end user the message "Invalid Token"
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs / Lepton Theme
Hi, we are receiving the error "Volo.Abp.Identity:InvalidToken": "Invalid token.", whenever an email confirmation link is clicked.
The error doesn't occur in local development, it only occurs when the app is deployed (Azure App Service).
I've included logging from Azure below. The log indicates Volo.Abp.Account.Public.Web.Pages.Account.EmailConfirmationModel.OnGetAsync - ModelState is "Valid"
However, Model.InvalidToken appears to be true in EmailConfirmation.cshtml.cs
Also, in the database, the user gets flagged as having their email confirmed when clicking the confirmation link, even though they received the invalid token error.
Any ideas on what could be happening here? Any help is greatly appreciated...
Hi @maliming
Thank you. This looks good and is tremendously helpful. I will continue to test...
Thanks @maliming
That looks good as far as the correct tenant data is shown in each page, but I noticed that the tenant name next to the user name on the upper right of the screen still doesn't show (Lepton theme - tenant\user).
Any thoughts on that?
