What's your original code? (full class code)
In our application, we are creating the registration for tenants. When a user register in the application, we need to create a tenant and the admin user for that particular tenant. We are creating the tenant using ITenantAppService and user using IUserAppService. On creating tenant and user we are getting the volo.abp.authorixation exception.
Please share your code.
hi
Are you using the Identity Server?
You need to change the connection string in the appsettings.json of the startup project, please search the string globally in your projects.
hi
You can check this https://support.abp.io/QA/Questions/1761/ProfileAppServiceGetAsync--problem#answer-4b2e5dbb-9db6-371e-a6c2-39fe8d1865bc
hi
https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session https://support.abp.io/QA/Questions/950/How-to-allow-one-user-concurrent-login-per-user https://support.abp.io/QA/Questions/1916/How-to-Restrict-user-to-multiple-login-session
hi
Please share more info about Application Pool. eg settings
Microsoft.Data.SqlClient.SqlException (0x80131904): Cannot open database "CFPC" requested by the login. The login failed. Login failed for user 'IIS APPPOOL\AppHost_New'.
Did you removed the Trusted_Connection=True;
hi
The application is hosted in IIS and what seems strage is that even though the Application Pool is set to be always running,
You can try to run it without IIS.
solution:
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.RemoveAll(x => x.ImplementationType == typeof(ImpersonationExtensionGrantValidator));
context.Services.AddTransient<IExtensionGrantValidator, MyImpersonationExtensionGrantValidator>();
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using IdentityServer4.Validation;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Volo.Abp.Account.Localization;
using Volo.Abp.Account.Public.Web;
using Volo.Abp.Account.Web.ExtensionGrantValidators;
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Identity;
using Volo.Abp.MultiTenancy;
using Volo.Abp.Security.Claims;
using Volo.Abp.Users;
namespace MyCompanyName.MyProjectName;
public class MyImpersonationExtensionGrantValidator : ImpersonationExtensionGrantValidator
{
private readonly ITenantStore _tenantStore;
public MyImpersonationExtensionGrantValidator(
ITokenValidator tokenValidator,
IPermissionChecker permissionChecker,
ICurrentTenant currentTenant,
ICurrentUser currentUser,
IdentityUserManager userManager,
ICurrentPrincipalAccessor currentPrincipalAccessor,
IdentitySecurityLogManager identitySecurityLogManager,
ILogger<MyImpersonationExtensionGrantValidator> logger,
IStringLocalizer<AccountResource> localizer,
IOptions<AbpAccountOptions> abpAccountOptions,
Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<IdentityUser> claimsFactory, ITenantStore tenantStore)
: base(tokenValidator, permissionChecker, currentTenant, currentUser, userManager, currentPrincipalAccessor, identitySecurityLogManager, logger, localizer, abpAccountOptions, claimsFactory)
{
_tenantStore = tenantStore;
}
protected async override Task ImpersonateUserAsync(ExtensionGrantValidationContext context, Guid? tenantId, Guid userId)
{
if (userId == CurrentUser.Id)
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = Localizer["Volo.Account:YouCanNotImpersonateYourself"]
};
return;
}
if (AbpAccountOptions.ImpersonationUserPermission.IsNullOrWhiteSpace() ||
await PermissionChecker.IsGrantedAsync(AbpAccountOptions.ImpersonationUserPermission))
{
using (CurrentTenant.Change(tenantId))
{
var user = await UserManager.FindByIdAsync(userId.ToString());
if (user != null)
{
var sub = await UserManager.GetUserIdAsync(user);
var additionalClaims = new List<Claim>();
if (CurrentUser.Id?.ToString() != CurrentUser.FindClaim(AbpClaimTypes.ImpersonatorUserId)?.Value)
{
additionalClaims.Add(new Claim(AbpClaimTypes.ImpersonatorUserId, CurrentUser.Id.ToString()));
additionalClaims.Add(new Claim(AbpClaimTypes.ImpersonatorUserName, CurrentUser.UserName));
if (CurrentTenant.IsAvailable)
{
additionalClaims.Add(new Claim(AbpClaimTypes.ImpersonatorTenantId, CurrentTenant.Id.ToString()));
var tenantConfiguration = await _tenantStore.FindAsync(CurrentTenant.Id.Value);
if (tenantConfiguration != null && !tenantConfiguration.Name.IsNullOrWhiteSpace())
{
additionalClaims.Add(new Claim(AbpClaimTypes.ImpersonatorTenantName, tenantConfiguration.Name));
}
}
}
await AddCustomClaimsAsync(additionalClaims, user, context);
context.Result = new GrantValidationResult(
sub,
GrantType,
additionalClaims.ToArray()
);
//save security log to user.
var userPrincipal = await ClaimsFactory.CreateAsync(user);
userPrincipal.Identities.First().AddClaims(additionalClaims);
using (CurrentPrincipalAccessor.Change(userPrincipal))
{
await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
{
Identity = IdentitySecurityLogIdentityConsts.Identity,
Action = "ImpersonateUser"
});
}
}
else
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = Localizer["Volo.Account:ThereIsNoUserWithId"].ToString()
.Replace("{UserId}", userId.ToString())
};
}
}
}
else
{
context.Result = new GrantValidationResult
{
IsError = true,
Error = Localizer["Volo.Account:RequirePermissionToImpersonateUser"].ToString()
.Replace("{PermissionName}", AbpAccountOptions.ImpersonationUserPermission)
};
}
}
}
