Activities of "balessi75"
ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi, we are receiving the following exception in certain circumstances when a user logs in (see below for full log details)
The antiforgery cookie token and request token do not match.
So far, we only seem to have been able to replicate this in a Safari browser running on a Mac. We have not been able to replicate the issue on Chrome or Edge whether on a PC or Mac.
Steps to reproduce:
- Start with a clean slate by clearing the browser cache
- Login as a user
- Logout
- Login as the same user
- Logout
- On the third login as the same user, the user receives a HTTP 400
AN INTERNAL ERROR OCCURRED DURING YOUR REQUEST!message. - From that point the user cannot login again without an exception (even if using a new tab or restarting the web browser). Additionally any invalid credentials entered causes the exception instead of the user friendly 'Invalid username or password' message.
- The only way for the user to login again at this point is to clear the browser cache
The above steps are very repeatable, but it is a strange sequence of events. This is the only way we can reproduce, but a few clients have reported the issue as occurring randomly.
We are using HTTPS only have not found anything in our research that seems to apply to our situation.
Any suggestions on what might be going on here and if there are any known issues and/or workarounds?
Logging Details:
2023-05-26 02:23:20.497 +00:00 [INF] Executing endpoint '/Account/Login'
2023-05-26 02:23:20.497 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2023-05-26 02:23:20.497 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2023-05-26 02:23:20.498 +00:00 [INF] Antiforgery token validation failed. The antiforgery cookie token and request token do not match.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery cookie token and request token do not match.
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
2023-05-26 02:23:20.498 +00:00 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'.
2023-05-26 02:23:20.498 +00:00 [INF] Executing StatusCodeResult, setting HTTP status code 400
ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
We are currently deploying our ABP solution to an Azure App Service using an Azure DevOps build pipeline that fires off an automated build and release based on commits to an environment specific code branch (dev, qa, staging, etc).
To date, we've been manually running the ABP DbMigrator project from VS against our environment specific Azure SQL DB (dev, qa, staging, etc) whenever new migrations exists. The DbMigrator.exe is great in that it automatically applies schema changes to each tenant separated DB that is defined in the host database.
We would like the DbMigrator process to be automated and synched with the web application deployment using our existing CI/CD process and it's not clear how to set this up.
I'm guessing the DBMigrator.exe would have to be built and deployed somewhere that has access to the host DB running in Azure so that it could be run against it.
Does anyone have any guidance or suggestions on the best approach to accomplish this type of scenario?
Thanks in advance,
Brian
ABP Commercial 7.2.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi,
After upgrading from 7.0.1 to 7.2.1, we noticed that when adding a new user and clicking save, the user name, password, and email fields flash with validation errors in red even though there are no validation errors and the user saves without an error. This did not occur in 7.0.1.
Although everything saves without an error, we just feel the UI experience isn't very professional looking - see screen shot below during the save process. It appears that all fields visually clear out while saving and the screen is still visualized.
This was reproduced with a newly created Blazor Server app using the ABP CLI.
Any thoughts or workarounds for this? Thanks in advance.
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi, after our upgrade from 7.0.1 to 7.2.1, we are receiving the following message in the browser console.
Thank you for using the free version of the Blazorise component library! We're happy to offer it to you for personal use. If you'd like to remove this message, consider purchasing a commercial license from https://blazorise.com/commercial. We appreciate your support!
Does ABP not use the commercial version of Blazorise?
Thanks in advance
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi,
We usually fix/customize dependent module messages using localization overrides, however, the exception details below appear to be hard coded.
We are requesting that the message and message details below be overridable via localization and also that the details message replaces the word "no" with "not".
if (!tenant.IsActive)
{
throw new BusinessException(
code: "Volo.AbpIo.MultiTenancy:010002",
message: "Tenant not active!",
details: "The tenant is no active with the tenant id or name: " + resolveResult.TenantIdOrName
);
}
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme
Hi,
We are working with the ABP permission system and see how everything works at the database level witht he AbpPermissionGrants table.
We noticed, however, that there is an AbpPermissions table and an AbpPermissionGroups table that appear to always be empty.
Can you explain the use of the AbpPermissions and AbpPermissionGroups tables in the ABP Framework?
Thanks in advance.
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs / Lepton Theme
Hi, we are receiving the error "Volo.Abp.Identity:InvalidToken": "Invalid token.", whenever an email confirmation link is clicked.
The error doesn't occur in local development, it only occurs when the app is deployed (Azure App Service).
I've included logging from Azure below. The log indicates Volo.Abp.Account.Public.Web.Pages.Account.EmailConfirmationModel.OnGetAsync - ModelState is "Valid"
However, Model.InvalidToken appears to be true in EmailConfirmation.cshtml.cs
Also, in the database, the user gets flagged as having their email confirmed when clicking the confirmation link, even though they received the invalid token error.
Any ideas on what could be happening here? Any help is greatly appreciated...
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs / Lepton Theme
Hi,
We are attempting to use Azure's managed SignalR service in our Blazor Server application in order to make it more scalable.
Using MS documentation, we created a SignalR resource in Azure and used the issued SignalR connection string when configuring services...
context.Services.AddSignalR().AddAzureSignalR(<SignalR-Connection-string-here>);
The problem we are having is that the application no long works as expected once this line of code is introduced. What we are seeing is the logic for our tenant resolver (based on subdomain) no longer works. When logging in under tenant1.myapp.com, the UI seems to be logging into the host instead of tenant1. No exception is logged.
As soon as we remove the the call to AddSignalR().AddAzureSignalR everything works as expected.
Is there something specific with a templated Blazor Server solution in ABP that needs to be accounted for?
Any thoughts/suggestions? Thanks in advance,
Brian
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs
Hi,
We are inheriting from the FeatureDefinitionProvider to create custom feature groups and features and we don't see a way to set the ordering of feature groups.
How can this be done with ABP (Blazor Server / Lepton Theme)?
We essentially want our features listed before features from dependent ABP modules.
Thanks in advance!
ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs
Hi,
We are receiving the ABP error "An error has occurred! Error detail not sent by server" whenever something is saved on the user profile / my account area. Everything works fine in local development, but the error occurs when we deploy the app (Azure App Service).
No exception is logged when the error occurs, but we see a ERR_TOO_MANY_REDIRECTS in the browser console. I've included the log when saving 'Personal Info' on the 'My Account' screen below.
We see the following in the log
The required antiforgery header value "RequestVerificationToken" is not present.
Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
We are using the Lepton theme.
Please advise as to what might be causing this issue when the app is deployed.
2023-04-22 15:58:30.105 +00:00 [INF] Request starting HTTP/1.1 PUT http://dev.nvisiononline.net/api/account/my-profile application/json 340
2023-04-22 15:58:30.216 +00:00 [INF] Executing endpoint 'Volo.Abp.Account.ProfileController.UpdateAsync (Volo.Abp.Account.Pro.Public.HttpApi)'
2023-04-22 15:58:30.216 +00:00 [INF] Route matched with {area = "account", controller = "Profile", action = "Update", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Account.ProfileDto] UpdateAsync(Volo.Abp.Account.UpdateProfileDto) on controller Volo.Abp.Account.ProfileController (Volo.Abp.Account.Pro.Public.HttpApi).
2023-04-22 15:58:30.216 +00:00 [WRN] The required antiforgery header value "RequestVerificationToken" is not present.
2023-04-22 15:58:30.216 +00:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
2023-04-22 15:58:30.217 +00:00 [INF] Executing StatusCodeResult, setting HTTP status code 400
2023-04-22 15:58:30.217 +00:00 [INF] Executed action Volo.Abp.Account.ProfileController.UpdateAsync (Volo.Abp.Account.Pro.Public.HttpApi) in 0.536ms
2023-04-22 15:58:30.217 +00:00 [INF] Executed endpoint 'Volo.Abp.Account.ProfileController.UpdateAsync (Volo.Abp.Account.Pro.Public.HttpApi)'
2023-04-22 15:58:30.225 +00:00 [INF] Request finished HTTP/1.1 PUT http://dev.nvisiononline.net/api/account/my-profile application/json 340 - 302 - - 119.6890ms
2023-04-22 15:58:30.251 +00:00 [INF] Request starting HTTP/1.1 PUT http://dev.nvisiononline.net/Error?httpStatusCode=400 application/json 340
2023-04-22 15:58:30.255 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-04-22 15:58:30.256 +00:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
2023-04-22 15:58:30.256 +00:00 [WRN] The required antiforgery header value "RequestVerificationToken" is not present.
2023-04-22 15:58:30.256 +00:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
2023-04-22 15:58:30.256 +00:00 [INF] Executing StatusCodeResult, setting HTTP status code 400