Hi,
I have tried to get AuthServer working in K8S and keep getting the error.
Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).
This worked in v6 - no matter what I try it will not pick up the hostname in K8S for .well-known/openid-configuration. AuthServer / BlazorServer / PublicWeb are all affected. Runs ok locally. I have even tries a congfigmap in Helm for appsettings.json - it's like the url is hardcoded or something. Something has changed since v6.
[13:01:36 INF] Request starting HTTP/1.1 POST http://auth.dataadmiral.net/Account/Login application/x-www-form-urlencoded 300
[13:01:36 INF] CORS policy execution successful.
[13:01:36 INF] Executing endpoint '/Account/Login'
[13:01:36 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
[13:01:36 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[13:01:36 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync - ModelState is Valid
[13:01:37 INF] Start processing HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Sending HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Executed page /Account/Login in 937.9643ms
[13:01:37 INF] Executed endpoint '/Account/Login'
[13:01:37 ERR] An unhandled exception has occurred while executing the request.
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at Nelson.NetworkSecurityService.NetworkAddressPermissions.NetworkAddressPermissionClientProxy.GetCountOfNetworkAddressRestrictionsAsync() in /src/services/networkSecurity/src/Nelson.NetworkSecurityService.HttpApi.Client/ClientProxies/NetworkAddressPermissionClientProxy.Generated.cs:line 77
at Nelson.AuthServer.CustomSignInManager.isIpAllowedAsync(IdentityUser user) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 124
at Nelson.AuthServer.CustomSignInManager.CheckPasswordSignInAsync(IdentityUser user, String password, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 97
at Microsoft.AspNetCore.Identity.SignInManager`1.PasswordSignInAsync(TUser user, String password, Boolean isPersistent, Boolean lockoutOnFailure)
at Nelson.AuthServer.CustomSignInManager.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 63
at Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync(String action)
at Volo.Abp.Account.Web.Pages.Account.OpenIddictSupportedLoginModel.OnPostAsync(String action)
at Nelson.AuthServer.Pages.Account.MyLoginModel.OnPostAsync(String action) in /src/apps/auth-server/src/Nelson.AuthServer/Pages/Account/MyLoginModel.cs:line 46
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
[13:01:37 INF] CORS policy execution successful.
Environment
Hi,
In the documentation :-
https://docs.abp.io/en/commercial/latest/modules/account/impersonation
Tenant impersonation & User impersonation
User impersonation allows you to temporarily sign in as a different user in your tenant's users. This article introduces how to enable impersonation in ABP Framework. Impersonation is enabled by default in ABP v5.0 and above.**
But it does not show you how to enable it? How exactly do you enable it in v7 & where do I make the changes?
Thanks
Hi,
Is their some guidance on the configuration of the Microservices Templates when moved to a production environment i.e. with real domain names. What apps/services/gateways need external ingress and an external domains and which chart values need changing?
I can't find anything in the documentation regarding making and deploying a production version of the software.
Thanks
ABP Framework version: v5.1.3 UI type: MVC / Blazor DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): Blazor Server Microservices
Expected Behaviour
The Unit Tests would use SQLite In-Memory repository and pass first time out of the box.
Actual Behaviour
The Unit Tests fail and always try to use SQL Server
Steps to reproduce the issue
Summary
We have also tested this against all other unit tests and its the same behaviour as the example product service. Even for new microservice modules added later.
Images below show where there are references to the EF SQL Server Module in the Test base classes.
And this is where it crashes trying to setup a connection
We have spent a good couple of days going through examples and docs and trying to figure out why this does not work. Please could you help us fix this as it should really work out of the box.
Thanks
ABP Framework version: v5.1.3 UI type: MVC / Blazor Server DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): Blazor Server Microservices
Hi,
Where is the best place to inject an IP Address authorization check in the stack when using a Blazor Web Server App in Microservices? Please could you point us in the right direction?
IP restrictions are at a Tenant Level so the user would have to Authenticate and then have their IP checked against a whitelist in their Tenant. Or we resolve the Tenant first and check the IP Address whitelist and if passed allow the user authentication to proceed.
I have also looked at https://docs.microsoft.com/en-us/aspnet/core/security/ip-safelist?view=aspnetcore-6.0 and https://www.blogofpi.com/restrict-ip-address-in-asp-net-web-api/
We just can't quite find out where to inject it in the APB solution.
Thanks
Toby.
Hi,
We are using the Microservices Template on APB 5.1.3. and have encountered an issue when deploying to a Linux container.
On container startup, we get the following issue:-
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.IdentityServer.AbpIdentityServerDomainModule, Volo.Abp.IdentityServer.Domain, Version=5.1.3.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
---> System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect.
---> System.Security.Cryptography.CryptographicException: The certificate data cannot be read with the provided password, the password may be incorrect.
at Internal.Cryptography.Pal.UnixPkcs12Reader.VerifyAndDecrypt(ReadOnlySpan`1 password, ReadOnlyMemory`1 authSafeContents)
at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified)
--- End of inner exception stack trace ---
at Internal.Cryptography.Pal.UnixPkcs12Reader.Decrypt(SafePasswordHandle password, Boolean ephemeralSpecified)
at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, Boolean ephemeralSpecified, ICertificatePal& readPal, List`1& readCerts)
at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(ReadOnlySpan`1 rawData, SafePasswordHandle password, Boolean single, Boolean ephemeralSpecified, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at DataAdmiral.AuthServer.DataAdmiralAuthServerModule.GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration) in /src/apps/auth-server/src/DataAdmiral.AuthServer/DataAdmiralAuthServerModule.cs:line 93
at DataAdmiral.AuthServer.DataAdmiralAuthServerModule.<>c__DisplayClass0_0.<PreConfigureServices>b__1(IIdentityServerBuilder builder) in /src/apps/auth-server/src/DataAdmiral.AuthServer/DataAdmiralAuthServerModule.cs:line 76
at Volo.Abp.Options.PreConfigureActionList`1.Configure(TOptions options)
at Microsoft.Extensions.DependencyInjection.ServiceCollectionPreConfigureExtensions.ExecutePreConfiguredActions[TOptions](IServiceCollection services, TOptions options)
at Volo.Abp.IdentityServer.AbpIdentityServerDomainModule.AddIdentityServer(IServiceCollection services)
at Volo.Abp.IdentityServer.AbpIdentityServerDomainModule.ConfigureServices(ServiceConfigurationContext context)
at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
--- End of inner exception stack trace ---
at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
at DataAdmiral.AuthServer.Program.Main(String[] args) in /src/apps/auth-server/src/DataAdmiral.AuthServer/Program.cs:line 27
It cannot read the PFX file that has been generated by .NET.
Please could you look into this
Thanks
Hi,
When opening the Identity Service Solution in ABP Suite and adding a new Entity to the Service we get a "Cannot Find Permissions.cs" error when doing a build and generate.
This does not happen on the Services that we have added.
Using v5.0.1 Microservices Solution Template.
Regards
Toby.
ABP Framework version: v5.0.1 UI type: MVC / Blazor DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): Blazor Server Microservices
Hi,
I have followed all the instructions to add a new Microservice like the ProductService in https://docs.abp.io/en/commercial/latest/startup-templates/microservice/add-microservice including adding all the DB Migrations for my new Entities.
However when I browse to the new pages I get a 404 error, the ProductService works fine. I'm at a loss to figure out what I'm missing, there are no errors in any of the logs.
Please could you help?
Regards
Toby
Hi,
We are just starting a new project and it's based on the microservice template. I would like some guidance about how to organize git source control. i.e.
My thoughts would be to split everything up and use NuGet Packaging to provide dependencies to the other projects. I would really like your opinion on this.
For Example.
Repo 1
Repo 2
Repo 3
Repo 4
Repo 5
Repo 6
Repo 7
Repo 8
Regards
Toby.