Activities of "nhontran"

Hi @maliming, my login page is using angular, anw, you can test with the steps below:

Run the IdentityServer with Google authentication configured:

Login successful:

then logout and check the AbpSecurityLogs table, it only captures the logout activity:

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:

Hi, I have configured application to login with external authentication provider, the login is successful but security log does not capture the record, I also tried with Google authentication provider, has the same issue. Could you help us take a look. Thank you.

Hi @maliming, is it for performance purpose only? what if we are using tiered project and do not install the redis? I have replaced the data protection storage provider with EF core.

Hi @maliming, why redis is mandatory for tiered project? this is not mentioned in the documentation:

https://docs.abp.io/en/abp/latest/Redis-Cache

if it is because of key storage provider, we can replace it by entity framework core, right?

https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-5.0&tabs=visual-studio

please help check and confirm.

Hi @gterdem, sorry, I have set SignInScheme to another value when doing the verification.

Your suggestion has resolved the issue, thank you very much.

Hi @gterdem, sorry for my late response, I have tried the fix suggested by you but it does not work, it still could not get the external login info

[00:08:12 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetExternalLoginCallbackAsync - ModelState is Valid
[00:08:12 INF] Identity.External was not authenticated. Failure message: Unprotect ticket failed
[00:08:12 WRN] External login info is not available
[00:08:12 INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectToPageResult.
[00:08:12 INF] Executing RedirectToPageResult, redirecting to ./Login.

Could you please help us take a look.

Hi @maliming, unfortunately, there is no sample for .net core. they just provide us the spec:

https://stg-id.singpass.gov.sg/docs/authorization/api#_introduction

I just want to clarified, is there a way to configure the external authentication provider without redirection to their log-in page. In my case, the end-user will scan the QR code and do the log-in in their mobile phone.

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

Hi, I have a requirement to log in with an external authentication provider named "Singpass", the spec & flow are described at the link below:

https://stg-id.singpass.gov.sg/docs/authorization/api#_introduction

Instead of redirect to authentication provider login page, it's using an embedded JS to generate the QR code in our page and require user to use mobile app to scan it for authentication, it requires to provide the state & nonce parameters as the input for embedded JS:

4.2. Input Parameters https://stg-id.singpass.gov.sg/docs/embedded-auth/js#_login_ui_dimensions

I have created an endpoint to manually generate the state & nonce parameters as below:

            private readonly IOptionsMonitor<OpenIdConnectOptions> _openIdOptions;
            ...
            private string GenerateNonce()
            {
                return Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()));
            }
            
            public string GetState()
           {
                var state = GenerateNonce();
                AuthenticationProperties authProperties = new AuthenticationProperties
                (
                  new Dictionary<string, string>
                  {
                    { OpenIdConnectDefaults.UserstatePropertiesKey, state },
                  }
                );

                //This StateDataFormat does not use the correct DataProtectionProvider
                return _openIdOptions.Get("singpass").CurrentValue.StateDataFormat.Protect(authProperties);
            }

However, when the user scanned the QR code and completed the authentication, it redirected back to signin-oidc with the authentication code, I got this error

2021-03-01 11:31:29.918 +08:00 [WRN] .AspNetCore.Correlation. state property not found. 2021-03-01 11:31:29.918 +08:00 [INF] Error from RemoteAuthentication: Correlation failed..

I checked the OpenIdConnectionHandler, the CorrelationId is generated in HandleChallengeAsync() during redirection which does not happen in my case. I don't know how to do the proper configuration without redirection to external authentication login page, is there any advise? Any help would be much appreciated.

Below is my openid configuration:

                .AddOpenIdConnect(authenticationScheme: "singpass", "Singpass Authentication", configureOptions =>
                {
                    configureOptions.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                    configureOptions.SignOutScheme = IdentityServerConstants.SignoutScheme;

                    configureOptions.Authority = configuration["Singpass:Authority"];
                    configureOptions.ClientId = configuration["Singpass:ClientId"];
                    configureOptions.ResponseType = OpenIdConnectResponseType.Code;
                    configureOptions.RequireHttpsMetadata = true;
                    configureOptions.ProtocolValidator = new OpenIdConnectProtocolValidator()
                    {
                        RequireState = false,
                        RequireStateValidation = false,
                    };
                    configureOptions.Events.OnAuthorizationCodeReceived = context =>
                    {
                        context.TokenEndpointRequest.ClientAssertionType = OidcConstants.ClientAssertionTypes.JwtBearer;
                        context.TokenEndpointRequest.ClientAssertion = NDIAuthenticationHandler.CreateClientAssertionJwt(
                            configuration["Singpass:ClientId"],
                            configuration["Singpass:TokenEndpoint"],
                            configuration["Key:ThumbPrint"]);
                        return Task.CompletedTask;
                    };
                })

Hi @Mehmet, Thanks for your response. This is exactly what I have done at the frontend side, I just want to implement it at the backend now.

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:

Hi, I want to force the users to re-login if they are inactive in 30 minutes, I have tried to set the expiry time for Cookies as below but it does not work:

context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                    options.Audience = "TestingApplication";
                })
                .AddCookie("Cookies", options =>
                {
                    options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
                    options.SlidingExpiration = true;
                });

Anyone know how to achieve it? any help would be much appreciated.