Firstly thanks for your online support Mr. Alper & Mr. Halil
As Mr. @alper said, our problem has been solved, and we have been continuing our tests for a while, and we did not see a problem.
The steps we take are as follows;
1- Add the Microsoft.AspNetCore.DataProtection.StackExchangeRedis package to Web project. 2- Redis is integrated into the web project to following steps.
private void ConfigurePersistKeysToStackExchangeRedis(ServiceConfigurationContext context, IConfiguration configuration)
{
ConnectionMultiplexer redis = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);
context.Services
.AddDataProtection()
.SetApplicationName("loyalty-web-ui")
.PersistKeysToStackExchangeRedis(redis, "Loyalty.Web.UI-Protection-Keys");
}
private void ConfigureRedis(ServiceConfigurationContext context, IConfiguration configuration)
{
ConnectionMultiplexer multiplexer = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);
context.Services.AddSingleton<IConnectionMultiplexer>(multiplexer);
}
ConnectionMultiplexer multiplexer = ConnectionMultiplexer.Connect(configuration["Redis:ConnectionString"]);
context.Services.AddSingleton\<IConnectionMultiplexer>(multiplexer);
3- Run the following command in the web project directory for install Volo.Abp.Caching.StackExchangeRedis
abp add-package Volo.Abp.Caching.StackExchangeRedis
4-
private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
{
var fileName = "authserver.pfx";
var passPhrase = "32165487-6547-6544-1236-123654789654";
var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
if (!System.IO.File.Exists(file))
{
throw new FileNotFoundException($"Signing Certificate couldn't found: {file}");
}
return new X509Certificate2(file, passPhrase);
}
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
});
}
* dotnet dev-certs https -v -ep ./authserver.pfx -p 32165487-6547-6544-1236-123654789654
We have no separate environment for AuthServer. We use build in openiddict to web application with api.
There are 4 environment such as; playground, testing, staging and production and whole environments run k8s on the same network each.
There are only one specific configuration load balancer is sticky session.
There is a web application with api which runs k8s and we implement this solution on it.
We tried seperated application(authserver, web, apihost) and there are many other problems with communication eachothers and we changed the architecture this.
Yes, we have. We use corporate sso endpoint https://sso.setur.com.tr but our problem is api side. We get token for example https://localhost/connect/token pod1, when loadbalancer forwards the token we get from here(pod1(kubernetes)) to a different pod(pod2(kubernetes)), we get 401(unauthorized) in api services
For example We get token pod1 (https://localhost/connect/token) we can use this token https://localhost/api/app/configs bearer pod1_token => we get success When loadbalancer forward another pods; for example; pod2 => https://localhost/api/app/configs bearer pod1_token => we get 401 unauthorized
I open this support question again because of closing the others which is => https://support.abp.io/QA/Questions/4990#answer-3a0aefd0-52c0-7e1b-f4d5-5269a1d63ef7
We tried this suggestion but it did not provide a solution to our problem. When we tried the suggestion, application wrote the following information to redis**. But when we run the application on multipod, we encountered a situation where we could not get a response different pods again. When we receive a token from a pod, the other pod does not accept this token and returns 401(unauthorized) as a response.
How can we solve this problem? I would appreciate if you could share a different suggestion or sample code.
<key id="fd8f3160-6b8f-47ab--3fb052d8f24a" version="1"> <creationDate>2023-05-15T07:53:02.8500225Z</creationDate> <activationDate>2023-05-15T07:53:02.6656766Z</activationDate> <expirationDate>2023-08-13T07:53:02.6656766Z</expirationDate> <descriptor deserializerType="Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=7.0.0.0, Culture=neutral, PublicKeyToken=adb979382960"> <descriptor> <encryption algorithm="AES_256_CBC" /> <validation algorithm="HMACSHA256" /> <masterKey p4:requiresEncryption="true" xmlns:p4="http://schemas.asp.net/2015/03/dataProtection"> <!-- Warning: the key below is in an unencrypted form. --> <value>VQMZlolN7EQpyoPqtxfw7vcr7Pza0Cbv1EXBSvFEsvN5QT*********SEAzlI+sEcGrlTx45Y5M/7iFP4phg==</value> </masterKey> </descriptor> </descriptor> </key>
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
Thanks for your support we will try it.
Hi everyone, we are using the commercial membership of abp framework. We have a web api application and the clienrs we serve connect to us by getting tokens from us. We have some problems at this point. Is it possible for us to connect clients with basic authentication? If possible, can you share an example of how to do it?
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
Hello everyone,
We created a project with ABP Commercial. It is a project with API layer in MVC architecture. When we launch this project with multiple pods on kubernetes, we get a consistency error. Namely; When it sends a request to another pod with the token it received from one pod, we get an authorization error. Requests are inconsistently responsed and not responsed. We used sticky session for the solution, but we could not provide a complete solution. As a different solution, we want to keep the token from the api layer in redis, but we could not find an example in the forum and we cannot access the token generated code. How should we go about the issue? If there exist, can you share an example?
Thanks for your interest, Best regards
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings: