Seems although there was no error popping up I needed to implement this patch for chrome https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
After that login was possible on blazor side but angular had a refresh loop, the console shows error regarding mixed content being blocked, so adding this to the head in index.html of angular app resolved.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
using blazor server for the main admin application, also an angular application
I did indeed use the middleware.
app.Use(async (ctx, next) =>
{
var configuration = ctx.RequestServices.GetRequiredService<IConfiguration>();
ctx.SetIdentityServerOrigin(configuration["App:SelfUrl"]);
await next();
});
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseHttpsRedirection();
For more context:
I've tried running the solution in docker with the auth server behind an nginx load balancer.
server {
listen 443 ssl;
server_name blazor.mydomain.com;
ssl_certificate /etc/nginx/certs/app-cert.pem;
ssl_certificate_key /etc/nginx/certs/app-cert-key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://blazorapp;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration for WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_cache off;
# WebSockets were implemented after http/1.0
proxy_http_version 1.1;
# Configuration for ServerSentEvents
proxy_buffering off;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
}
location /signalr-hubs {
proxy_pass http://blazorapp;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /wsapp/ {
proxy_pass http://blazorapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_buffering off;
}
}
Added this per Microsoft documentation https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0#forwarded-headers-middleware-order to the blazormodule
private void ConfigureForwardedHeaders(ServiceConfigurationContext context)
{
context.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
....
app.Use(async (ctx, next) =>
{
var configuration = ctx.RequestServices.GetRequiredService<IConfiguration>();
ctx.SetIdentityServerOrigin(configuration["App:SelfUrl"]);
await next();
});
....
}
Trying to log in from the blazor app, it seems the login process succeeds but when it returns to the main page, it is not logged in.
Trying to log in on the angular side the login page just refreshes after clicking log in
The only thing i see in the log is below but im not sure this is relevant
hello support, would you take a look at a project? Do you have a guide that shows the settings between prod and dev operational for us new devs?
Hi gterdem,
I had already tried the strictdiscoverydocumentvalidation one but not the skipissuercheck. When I use skipissuercheck it does not throw the error but it just doesnt go to the identity server login page. anything else i need to check ?
The issue turned out to be use of async via AsyncHelper.RunSync in a singleton constructor: my bad.
Thanks!
Hi Liang,
Yes the recurring worker jobs are okay, in my sample i triggered queued for processing various non-recurring worker jobs that take TransactionProcessingArgs. You can see in the screenshots above, maybe trigger a bunch of these. You should get failures since you dont have keys to use the domain service and these will end up in retry states. Stop the application and try again? Any time I have jobs in the hangfire.jobs table it wouldnt start back up
Shared via mail, thanks
maliming, I also see other problems with the template. I've compared against standard app template.
In standard app template:
In nolayer
Thanks. In the snippet below, the template also seems to be missing the automapper module registration
private void ConfigureAutoMapper(IServiceCollection services)
{
services.AddAutoMapperObjectMapper<MyModule>(); // This line seems to be missing too
Configure<AbpAutoMapperOptions>(options =>
{
/* Uncomment `validate: true` if you want to enable the Configuration Validation feature.
* See AutoMapper's documentation to learn what it is:
* https://docs.automapper.org/en/stable/Configuration-validation.html
*/
options.AddMaps<MyModule>(/* validate: true */);
});
}
Can you confirm?