None of these solutions work. I have verified that the url based tenant resolution is working correctly and that the tenant host tables have correct per tenant values. Wildcard tenant domain resolution cannot work because the tenant domains share no common substring. The issue that I am having is 2 things.
Using ctx.Options.ClientId to set the tenant client id also changes all future logins to use the tenant specific client id. I am having to calculate this manually because the Blazor web server does not have database access. If I don't set client id and authority directly on the options, then the authentication process fails.
I have a custom controller which CANNOT be descended from ApplicationService or AbpController because it is a 3rd party controller with a required base class and it require authorization. Therefore, I cannot generate a proxy for it, but I am using YARP to forward the request with the auth token provided by the system to the tenant-specific url and it is not being accepted by the end service. Resulting in a 401 or 302 code. This is the same token used by the proxies, so I know it is valid. It sometimes gives an Invalid_issuer error, but I am registering a custom issue validator which works for the app services but is never called by the custom controller.
This does not work for us since each of the tenant URLs are entirely unique and do not share any base domain. Also, it does not set the per tenant client id as it should.
I built out a new template with the affected service classes and I was able to reproduce the issue of the controller methods not generating with a multipart/form data input option. However, I was able to fix it by adding this to the module startup config.
Configure<AbpAspNetCoreMvcOptions>(options => { options.ConventionalControllers.FormBodyBindingIgnoredTypes.Add(typeof(CreateFileInputWithStream)); });
I was able to fix the 400 error which was caused by the js fetch client not having the ABP specific header config set. However, I am still having the issues with the unsupported media types.
I turned on all the logs and these ones are related to this request.
'api/app/form-response/evaluate-duplicate-rules/{formId}' is valid for the request path '/api/app/form-response/evaluate-duplicate-rules/ab7a81e6-e56a-fa31-0f5f-3a1cf5ff5eae'
[09:35:55 DBG] Request matched endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'
[09:35:55 DBG] Static files was skipped as the request already matched an endpoint.
[09:35:55 INF] The access_token is active.
[09:35:55 DBG] AuthenticationScheme: Cookies was successfully authenticated.
[09:35:55 INF] Executing endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'
[09:35:55 INF] Route matched with {area = "app", action = "EvaluateDuplicateRules", controller = "FormResponse", page = ""}. Executing controller a
ction with signature System.Threading.Tasks.Task1[TOG.SaaSeForms.DeDuplication.DuplicateResponseResult] EvaluateDuplicateRulesAsync(TOG.SaaSeForms.FormResponseDto, System.Guid) on controller TOG.SaaSeForms.FormResponses.FormResponseClientProxy (TOG.HttpApi.Client).
[09:35:55 DBG] Execution plan of authorization filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter"]
[09:35:55 DBG] Execution plan of resource filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[09:35:55 DBG] Execution plan of action filters (in the following order): ["Microsoft.AspNetCore.Mvc.ModelBinding.UnsupportedContentTypeFilter (Ord
er: -3000)", "Volo.Abp.AspNetCore.Mvc.GlobalFeatures.GlobalFeatureActionFilter", "Volo.Abp.AspNetCore.Mvc.Auditing.AbpAuditActionFilter", "Volo.Abp
.AspNetCore.Mvc.Response.AbpNoContentActionFilter", "Volo.Abp.AspNetCore.Mvc.Features.AbpFeatureActionFilter", "Volo.Abp.AspNetCore.Mvc.Validation.AbpValidationActionFilter", "Volo.Abp.AspNetCore.Mvc.Uow.AbpUowActionFilter"]
[09:35:55 DBG] Execution plan of exception filters (in the following order): ["Volo.Abp.AspNetCore.Mvc.ExceptionHandling.AbpExceptionFilter"]
[09:35:55 DBG] Execution plan of result filters (in the following order): ["Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.SaveTempDataFilter"]
[09:35:55 WRN] The required antiforgery header value "RequestVerificationToken" is not present.
[09:35:55 INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.
[09:35:55 INF] Executing StatusCodeResult, setting HTTP status code 400
[09:35:55 INF] Executed action TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client) in 0.1729ms
[09:35:55 INF] Executed endpoint 'TOG.SaaSeForms.FormResponses.FormResponseClientProxy.EvaluateDuplicateRulesAsync (TOG.HttpApi.Client)'
[09:35:55 INF] Request finished HTTP/2 POST https://localhost:44346/api/app/form-response/evaluate-duplicate-rules/ab7a81e6-e56a-fa31-0f5f-3a1cf5ff5eae?api-version=1.0 - 400 0 null 4.8285ms
It says it's failing on a antiforgery token, but there are several requests run immediately before this that work. Inspecting the network requests, I see the antiforgery cookie and the x-xsrf-token header.
I've seen this happen on other POST requests
I am not able to call the API directly since the new WebApp model applies credentials in the Blazor server before forwarding to the API. Having to maintain custom http client calls is also not acceptable overhead.
I can see the requests being fired so the validation is not happening in the brower.
Adding that attribute to the generated proxies did fix the launch issue, but then the api endpoints became Not Found in WASM mode. Is there a workaround for this, or does this need to wait for the patch?
Uploaded new repro
I followed these steps on my real project instead of the stripped down one and it didn't work. The proxies generated, and I switched to the static proxies in the http client project and then my blazor project wouldn't even launch. It was giving me initialization errors: 'TOG.WorkOrders.WorkOrderAttachmentTypeClientProxy.GetAttachmentTypeByIdAsync (TOG.HttpApi.Client)' has ApiExplorer enabled, but is using conventional routing. Only actions which use attribute routing support ApiExplorer.. See the inner exception for details.
Not sure if it's relevant, but that endpoint is inherited from a base attachment app service, so perhaps the routing model is different.
Is there a way to make this work with dynamic proxy generation? Is Blazor WebApp not compatible with the tiered model?
I have sent via wetransfer
