We are slowly replacing the UI for a very large existing application with ABP, and are happy to have the Auditing capabilities. Some entities may be completely controlled (created, updated, and deleted) by the legacy application for quite a while as we work on building out different areas using ABP. We would like to enable Audit Logging for changes to certain tables that are NOT being modified through ABP (although they will be in the same database as the ABP tables). Do you have any suggestions on how to write the appropriate audit log entries for changes made outside of ABP? The legacy application will be doing direct SQL edits, so we are thinking of tracking those changes using triggers.
As an example: When publishing our solution in Docker containers we had to establish routable URLs for the reverse proxy. This meant that https://www.somedomain.com/swagger and https://www.somedomain.com/api were routed to the Http-API container, https://www.somedomain.com/MVC was routed to the Web container, https://www.somedomain.com/Account , https://www.somedomain.com/connect , and https://www.somedomain.com/.well-known are routed to the Identity container, and everything else goes to Web.Public. The login process was working, but any pages requiring authorization would fail. The "Audit Logs" page, for example, would get an error on the call to https://www.somedomain.com/api/audit-logging/audit-logs?startTime=2021-11-02&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 even though we could execute the same URL from the Swagger page without an error. Once I realized that I could not just copy/paste the "Request URL" from the Headers (when viewing the Developer Tools in the browser), I tried adding the additional /MVC/ in the path and it worked. Once I modified the abp.js file to set abp.appPath to include this as part of the base URL everything worked.
It appears that the problem was because the HTTP-API server cannot handle most of the API calls from the MVC client directly - when these calls were routed through the MVC client they all succeeded. It looks like the reason it worked from the Swagger interface is that the Swagger interface passed a JWT token which was not used on the MVC client. Once we determined that the API calls worked properly when the MVC subfolder/virtual directory was inserted, then it became obvious that the problem was due to "abp.appPath" not returning the correct base path.
Is there any documentation you can refer us to?
Containerized deployment is pretty common, and we really don't need the added complexity of going full microservices.
Is there someone who is familiar we can consult?
Is there an alternate way to configure the 4 containers behind a load balancer? The subfolders aren't mandatory if there is a different way to setup the routing rules (we need to know which requests go to Public, Web, API, and Identity).
I am now getting what I THINK are all of the correct cookies, but still no access.
When I go to the /swagger URL I am able to successfully retrieve data, so I know the problem is on the MVC side.
Is there any documentation that details what needs to be configured when deployed behind a load balancer?
I think the problem could be related to the cookies, but I haven't been able to figure out where to set the PATH so that all cookies are set to the root.
From the Http-API:
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Request starting HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json -
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Executing endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Route matched with {area = "auditLogging", controller = "AuditLogs", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.AuditLogging.AuditLogDto]] GetListAsync(Volo.Abp.AuditLogging.GetAuditLogListDto) on controller Volo.Abp.AuditLogging.AuditLogsController (Volo.Abp.AuditLogging.HttpApi).
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executing action method Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) - Validation state: Valid
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Authorization failed. These requirements were not met:
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
PermissionRequirement: AuditLogging.AuditLogs
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] ---------- RemoteServiceErrorInfo ----------
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
{
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"code": "Volo.Authorization:010001",
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"message": "Authorization failed! Given policy has not granted.",
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"details": null,
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"data": {},
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"validationErrors": null
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
}
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) in /src/ABP/framework/src/Volo.Abp.Authorization/Microsoft/AspNetCore/Authorization/AbpAuthorizationServiceExtensions.cs:line 142
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs:line 40
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 24
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 18
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.GlobalFeatures/Volo/Abp/GlobalFeatures/GlobalFeatureInterceptor.cs:line 26 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Features.FeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Features/Volo/Abp/Features/FeatureInterceptor.cs:line 28
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Validation/Volo/Abp/Validation/ValidationInterceptor.cs:line 20 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Uow/Volo/Abp/Uow/UnitOfWorkInterceptor.cs:line 47
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.AuditLogging.AuditLogsController.GetListAsync(GetAuditLogListDto input) in /src/ABP-Pro-Modules/audit-logging/src/Volo.Abp.AuditLogging.HttpApi/Volo/Abp/AuditLogging/AuditLogsController.cs:line 30
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at lambda_method2784(Closure , Object )
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] Code:Volo.Authorization:010001
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executed action Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) in 2063.4997ms
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executed endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Request finished HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json - - 401 - application/json;+charset=utf-8 2066.8335ms
From the MVC Web pod:
10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] Received HTTP response headers after 998.7507ms - 200 10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] End processing HTTP request after 998.8642ms - 200 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4323.8182ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4345.5647ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4160.1205ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4171.5145ms
We have a tiered application which is setup as 4 web endpoints: HttpApi, Identity, Web(MVC), and Web(Public). All works correctly in Visual Studio when running under IIS.
We have deployed this application to Azure Kubernetes (AKS), and are running behind a reverse proxy (Azure Application Gateway), which is doing SSL offload and routing.
In order to route appropriately, the MVC Web app was set to a BasePath of /MVC, and Identity was set to a BasePath of /IdentityServer (HttpApi calls are routed by configuring /api and /swagger)
Each project has ForwardedHeaders configured in their respective module under OnApplicationInitialization, and Cookie.Path is set to "/" in ConfigureServices of the module.
Login works, and Identity pages are accessible, but pages that require a background API call fail with "Authorization failed! Given policy has not granted.". I can go to the /swagger page and I am able to authenticate and successfully return results from these same API calls.
We would prefer not to go to a full microservice setup, what else needs to be configured for the tiered application to work when containerized? Could this be related to the cookie paths that are set to /IdentityServer and /MVC - how do I fix those?
