If you're creating a bug/problem report, please include followings:
With the migration from identity server to OpenIdDict, how do we perform the postman authentication flow. If we wish to allow external clients to connect to our API, what is the auth method we use. With identity server, it would be the client_id/client_secret.
what do we use now?
If you are using the MVC you don't need to set the ForwardDefaultSelector.
How to reproduce the problem using the default template?
I have created a non-tiered MVC solution using EFCore. Added a single entity to my solution. I added the swagger auth as specified in the ABP documentation.
added the default forward as per your suggestion:
and then called it from Postman which now works as expected(no body returned AND 401), but if i login to the MVC UI I receive that error when i try to browse to my entity page. If i remove the ForwardDefaultSelector code it works in MVC
[17:44:15 WRN] Code:Volo.Authorization:010001 [17:44:15 INF] AuthenticationScheme: Identity.Application was challenged. [17:44:15 INF] Executed action Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.HttpApi) in 3.0496ms [17:44:15 INF] Executed endpoint 'Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.HttpApi)' [17:44:15 DBG] Added 0 entity changes to the current audit log [17:44:15 DBG] Added 0 entity changes to the current audit log [17:44:15 INF] Request finished HTTP/1.1 GET https://localhost:44303/api/account/my-profile - - - 401 0 - 10.6009ms
Hi
I am getting the 401 response, but the body is still being returned with the login page:
Is there anything else in the code that needs to be done to remove the body from postman? Do i need to implement the ForwardDefaultSelector code as per your example?
That didnt work unfortunately.
Can you share the details?
It has the same outcome as the 200 response with the login page HTML when calling from postman.
I added this in postman as per the suggestion but it did not change the outcome:
"Try to add X-Requested-With: XMLHttpRequest header to your request."
hi ianbaddock
If you are using the MVC you don't need to set the
ForwardDefaultSelector
.Try to add
X-Requested-With: XMLHttpRequest
header to your request.
That didnt work unfortunately.
Any other ideas?
Thank you for your detailed explanation. I understood the problem and I talked to the team about the problem, I learned that there is a breaking change for
v5.0.0
.You can see the details of the issue here: https://github.com/abpframework/abp/issues/9926
Then I added the marked code in the picture below to test the situation, and it worked fine when I made a request via swagger.
However breaks MVC pages and abp's js proxy scripts, which use ajax.
We discuss inside to find the most optimal solution to this problem.
Good morning, yeah I tried that too initially which broke my MVC pages :(
Looking forward to seeing a working solution
I guess you want to send requests via
Postman
, not viaSwagger
. That's why you need to get the token first and then make a request with that token.
Hi
I think you missed my point. The API is secured and it should return a 401 if we try to access and endpoint without the token, it should not return a 200 with the login page html (from swagger OR from postman)
this is an older version of ABP which does return the 401 as expected.
Yes, Because this is not a database created by AbpDbContext.
You can give it a try. Just use a normal ef core dbcontext.
perfect, thanks mate
I have created an ABP solution which has a single entity in at the moment. I have enable authorization for the API as per the following document: https://docs.abp.io/en/abp/latest/API/Swagger-Integration
The issue however is that you would expect that if you try to hit a secure endpoint it would response with a 401. At the moment, it is responding with the login page as per the image below: