I couldn't find anything AbpClaimTypes.Role in the code.
I can't share the full source code as it's an enterprise application. I can provide the remote access. Thanks
I have shared the file on google chat. Please check Thanks!
Let me know how can we start a private chat?
You're right. In IdentityService, AbpClaimTypes.Role = "role" CurrentUser.Roles is empty
But in AdministrationService, AbpClaimTypes.Role = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" CurrentUser.Roles has data
Is there some reference missing which needs to be added in identity service? Kindly help.
bearer token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IkNBMUNENEZCMjc5RTNGQTkxRjNFM0FBM0VGREM0REEyMEYxNUY1QzhSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6InloelUteWVlUDZrZlBqcWo3OXhOb2c4VjljZyJ9.eyJuYmYiOjE3MzE1Njg0NzIsImV4cCI6MTc2MzEwNDQ3MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLXNlcnZlcjo0NDMyMiIsImF1ZCI6WyJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiR2VuZXJhbFNlcnZpY2UiLCJJZGVudGl0eVNlcnZpY2UiLCJJbWFnZVNlcnZpY2UiLCJJbmRpY2F0b3JTZXJ2aWNlIiwiTmV3c1NlcnZpY2UiLCJOb3RpZmljYXRpb25TZXJ2aWNlIiwiUGF5bWVudFNlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIl0sImNsaWVudF9pZCI6IlVydmluRmluYW5jZV9CbGF6b3JTZXJ2ZXIiLCJzdWIiOiIzYTEyZmU0MC01ZTA4LTk0ODUtOTYzMS1lMzM0MzA1NDBkOWUiLCJhdXRoX3RpbWUiOjE3MzE1Njg0NzIsImlkcCI6ImxvY2FsIiwiZW1haWwiOiJlbWFpbEBmYWtlLmRvbWFpbiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Qb3JyYSIsIm5hbWUiOiJhZG1pblBvcnJhIiwiZ2l2ZW5fbmFtZSI6ImFkbWluUG9ycmEiLCJmYW1pbHlfbmFtZSI6IiIsInNlY3VyaXR5LXN0YW1wIjoiTVhUT083SUhVUFA0Nkk0NFVFUEFYUklPT0ZEM1I0REkiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MzE1Njg0NzIsInNjb3BlIjpbImFkZHJlc3MiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiZW1haWwiLCJHZW5lcmFsU2VydmljZSIsIklkZW50aXR5U2VydmljZSIsIkltYWdlU2VydmljZSIsIkluZGljYXRvclNlcnZpY2UiLCJOZXdzU2VydmljZSIsIk5vdGlmaWNhdGlvblNlcnZpY2UiLCJvcGVuaWQiLCJQYXltZW50U2VydmljZSIsInBob25lIiwiUHJvZHVjdFNlcnZpY2UiLCJwcm9maWxlIiwicm9sZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.kgSXpQqgJ-fUCsKsSdbZtrmvE\_R\_utayMPYEEKmeA7qseqOkiuFl2tAWaS9MfLhyhox8
a) full logs of Identity service:
{"Timestamp":"2024-11-14T08:24:28.9368522+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44388""""/api/identity-service/user-account/GetPAuth""" - null null","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44388","PathBase":"","Path":"/api/identity-service/user-account/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3484416+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)"'","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"EndpointName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3806442+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"IdentityService\\", action = \\"GetPAuth\\", controller = \\"UserAccount\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.IdentityService.User.UserAccountController\" (\"UrvinFinance.IdentityService.HttpApi\").","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"RouteData":"{area = \"IdentityService\", action = \"GetPAuth\", controller = \"UserAccount\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.IdentityService.User.UserAccountController","AssemblyName":"UrvinFinance.IdentityService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"bb170843-9eb1-4d97-83e5-b5e8f74b610f","ActionName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
b) full logs of Administration service
{"Timestamp":"2024-11-14T08:26:55.6814108+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44367""""/api/permission-service/permission/GetPAuth""" - null null","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44367","PathBase":"","Path":"/api/permission-service/permission/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8101460+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)"'","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"EndpointName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8344923+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"AdministrationService\\", controller = \\"Permission\\", action = \\"GetPAuth\\", page = \\"\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.AdministrationService.Permissions.PermissionController\" (\"UrvinFinance.AdministrationService.HttpApi\").","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"RouteData":"{area = \"AdministrationService\", controller = \"Permission\", action = \"GetPAuth\", page = \"\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.AdministrationService.Permissions.PermissionController","AssemblyName":"UrvinFinance.AdministrationService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"87349f99-8ce5-4ee5-823a-5cdca8724e11","ActionName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "[https://auth-server:44322"](https://auth-server:44322")
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "aud",
"Value": "AuthServer"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"),
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "[http://schemas.microsoft.com/identity/claims/identityprovider"](http://schemas.microsoft.com/identity/claims/identityprovider"),
"Value": "local"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
"Value": "[email@fake.domain](mailto:email@fake.domain)"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"),
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"),
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "[http://schemas.microsoft.com/ws/2008/06/identity/claims/role"](http://schemas.microsoft.com/ws/2008/06/identity/claims/role"),
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "address"
},
{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "[http://schemas.microsoft.com/claims/authnmethodsreferences"](http://schemas.microsoft.com/claims/authnmethodsreferences"),
"Value": "pwd"
},
{
"Type": "name",
"Value": "adminPorra"
}
]
[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "https://auth-server:44322"
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "http://schemas.microsoft.com/identity/claims/identityprovider",
"Value": "local"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"Value": "email@fake.domain"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"Value": "adminPorra"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "http://schemas.microsoft.com/claims/authnmethodsreferences",
"Value": "pwd"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"Value": "adminPorra"
}
]
Hi, I would like to open this ticket again.
I would like to give more context to this.
I created same endpoint GetPAuthWithPermissions in administration service and identity service. It is running fine in administration service after clearing cache from Redis.
But the same is not working in Identity service
Below are the logs
---------------------------------------------------Administration service logs -------------------------------------------------------------------------------------------
[13:06:39 INF] Request starting HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - null null [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: U,3a12fe40-5e08-9485-9631-e33430540d9e [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: R,admin [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 INF] Executing endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 INF] Route matched with {area = "AdministrationService", controller = "Permission", action = "GetPAuthWithPermission", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Boolean] GetPAuthWithPermission() on controller UrvinFinance.AdministrationService.Permissions.PermissionController (UrvinFinance.AdministrationService.HttpApi). [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 INF] Executing ObjectResult, writing value of type 'System.Boolean'. [13:06:42 INF] Executed action UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi) in 36.9788ms [13:06:42 INF] Executed endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 INF] Request finished HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - 200 null application/json; charset=utf-8 2833.4599ms
---------------------------------------------------Identity service logs ------------------------------------------------------------------------------------------- [13:09:03 INF] Request starting HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - null null [13:09:03 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:09:03 DBG] Setting the cache items. Count: 166 [13:09:03 DBG] Finished setting the cache items. Count: 166 [13:09:03 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.Roles [13:09:03 INF] AuthenticationScheme: Bearer was forbidden. [13:09:03 INF] Request finished HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - 403 0 null 25.4081ms
/identity/organization-units
, /identity/roles
, etcI am encountering an application-wide issue where I'm unable to authorize any action method or view based on user permissions. However, role-based authorization is functioning as expected. Upon inspecting the token, it includes the user's role, but ABP is not retrieving permissions associated with that role.
I've also verified the database, and all necessary permissions are correctly seeded to this role. However, ABP still isn't retrieving or recognizing these permissions for authorization, even though role-based checks are working.
I suspect this issue may have arisen due to a recent project upgrade.