Starts in:
3 DAYS
0 HR
4 MIN
20 SEC
Starts in:
3 D
0 H
4 M
20 S
Open Closed

Multiple Applications using single Identity Server #1801


User avatar
0
abpdeveloper@dbizsolution.com created

We are facing issue in establishing multiple applications setup with ABP Module Template.

1)How to Authenticate Multiple ABP.io Commercial Applications (Main App [with Auth], App1[Auth Redirec to Main App], App2 [Auth Redirec to Main App]..) with single Main Application and return to Original Application via Angular UI 2) While generating App 2 using Application Template , it is additionally generating the User,Permission tables as well in the App 2 which actually has to be maintained in the Main Application. How to avoid this getting generated,Pls refer screen shot. 3) Also How to verify the User Permissions in the App 2 which is authenticated from the Main Application.


48 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    1, You need to configure oauth in the app. see https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L131-L158 and https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json#L13-L18. PS you need create a identity client for the app

    2, You need to remove the modelBuilder configure, see https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.EntityFrameworkCore/EntityFrameworkCore/MyProjectNameDbContext.cs#L67-L74 And set module connection strings, see https://docs.abp.io/en/abp/4.4/Connection-Strings

    3, When you finish the second, it should have already been done.

    PS, You have to use distributed cache in all app, because we cache settings permissions, etc. we should make the cache synchronized in the application.

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    For Point 1 we have already done that,

    1. Identity Server of Main Appl is configured for the App 1 as Identity Server as specified in the config file.
    2. When we launch the angular for both Main and App 1 and in Main App on click of a Menu need to open the App 1 as Single Sign on but now it is opening the login page again in App 1 when redirected from Main App. How to overcome this.
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can directly configure the address of the single point server in Angular app,

    Maybe my understanding of your project structure is incorrect, if yes ,please let me know

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    That is how, it is configured but we are getting the login page in app 1 instead of skipping the authentication when redirected from Main App

    1. Main Application which has the Identity Server and Application Server
    1. I am running the HTTPAPI.Host which enables the Identity Server and Application Server.

    1. This is the configuration specified in the Main App Angular file

    2. I am able to launch and login into this without any problem

    3. This is the App 1 Structure

    Note – I am not using the Identity server specified in this instead using the identity server of Main App. Pls see the appsettings.json.

    1. Now I launch my App 1 Angular PS – The Main App Identity Server is specified in the oAuthConfig part in the App 1 config file.

    When I navigate now from Main App to App 1 in the Angular page, it is taking me to the login page instead of directly logged in as I have already logged into the Main App, it is asking me to login again in App 1 ( I expected it to be a Single Sign On)

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you create a minimum item to reproduce it?

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    PFA the source code which has Main App and FinRecon App

    I am trying to redirect to the FinRecon App from the Main App

    1. Click the abp.io text in the Home Page of the Main App which redirects to the FinRecon App ( It is opening the login page in FinRecon where in expected is to open the Home of FinRecon directly without login)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I will check it out.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I make some changes to the project you provied.

    When the main app is logged in, the FinRecon app will be redirected back to the index page after clicking login without entering credentials, this is the same with *.abp.io websites.

    I have send it to your email.

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    Thanks for the details but the problem is not solved still having the same problem,sent you the details over mail.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    hi,

    I think you need re create the database.

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Thanks for the support , I am able to get it redirected now but when redirected it is loading the login page in FinRecon . I want the Home Page of FinRecon to be loaded default when redirected from MainApp.

    Also I want the menu options which is shown in the screen shot to be removed from the FinRecon App ( Dashboard, Saas and Administrator Menus to be removed from the FinRecon App)

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I am able to get it redirected now but when redirected it is loading the login page in FinRecon . I want the Home Page of FinRecon to be loaded default when redirected from MainApp.

    Sorry, you can't.

    Also I want the menu options which is shown in the screen shot to be removed from the FinRecon App ( Dashboard, Saas and Administrator Menus to be removed from the FinRecon App)

    See https://docs.abp.io/en/abp/latest/UI/Angular/Modifying-the-Menu#how-to-add-a-navigation-element

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    I tried the same with 2 new projects BIMS and BIMSFinRecon but I am getting this error when redirecting from BIMS to BIMSFinRecon. I have done all the changes which you have specified earlier in the mail. Am I missing somthing to be done.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Seems the scope is invalid, could you check it exists in the table?

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Which table and what should I check for?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Maybe check it remotely will be better, can we meetting? shiwei.liang@volosoft.com

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    I was able to solve it, changed the entry in IdentityServerClientScopes tables.

    It was generated as BIMS for both the CLients BIMS_FinRecon and BIMS_BDairy, I have changed the entries in the table IdentityServerClientScopes. Why it is generated as BIMS for the client also.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Why it is generated as BIMS for the client also.

    Maybe the client required BIMS scope

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    I have 2 Services BIMS and BIMS_BDairy,

    GetStaffDetails in BIMS GetEmployeeDetails in BIMS_BDairy I want to call the GetStaffDetails in BIMS from the GetEmployeeDetails in BIMS_BDairy , when I tried using HTTPClient it is giving me 401 UnAuthorized Error. Pls help out how to make this call.

    Both are using the same Identity Server,

    Thanks Prabhu R

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    See https://github.com/abpframework/abp/blob/dev/templates/module/aspnet-core/test/MyCompanyName.MyProjectName.HttpApi.Client.ConsoleTestApp/ClientDemoService.cs#L54

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    This the implementation I have done based on your input reference site, But I am getting this error when tried invoking through swagger.

    { "error": { "code": null, "message": "An internal error occurred during your request!", "details": null, "data": { "ActivatorChain": "Castle.Proxies.StaffDetailsAppServiceProxy" }, "validationErrors": null } }

    Note - I am invoking one service from another service (Both are ABP AppService) and not from Console or any other application. I am making anything wrong here.

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using Volo.Abp.Application.Services;
    using BIMS_BDairy.Custom;
    using Microsoft.Extensions.Configuration;
    using System.Net.Http;
    using System.Net.Http.Headers;
    using Volo.Abp.DependencyInjection;
    using Volo.Abp.IdentityModel;
    using IdentityModel.Client;
    
    namespace BIMS_BDairy
    {
        public class StaffDetailsAppService : ApplicationService, IStaffDetailsAppService, ITransientDependency
        {
            private readonly IIdentityModelAuthenticationService _authenticationService;
            private readonly IConfiguration _configuration;
            public StaffDetailsAppService(IIdentityModelAuthenticationService authenticationService,
                IConfiguration configuration)
            {
                _authenticationService = authenticationService;
                _configuration = configuration;
            }
    
            public async Task<StoreDetails> GetStaffDetails(long EmployeeID)
            {
                /*HttpClient client = new HttpClient();
                var path = "https://localhost:44343/api/app/staff-masters?EmployeeIDMin=" + EmployeeID + "&EmployeeIDMax="+EmployeeID;
                client.BaseAddress = new Uri("https://localhost:44343/");
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(
                    new MediaTypeWithQualityHeaderValue("application/json"));
                HttpResponseMessage response = await client.GetAsync(path);*/
    
                var accessToken = await _authenticationService.GetAccessTokenAsync(
                    new IdentityClientConfiguration(
                        _configuration["IdentityClients:Default:Authority"],
                        _configuration["IdentityClients:Default:Scope"],
                        _configuration["IdentityClients:Default:ClientId"],
                        _configuration["IdentityClients:Default:ClientSecret"],
                        _configuration["IdentityClients:Default:GrantType"],
                        _configuration["IdentityClients:Default:UserName"],
                        _configuration["IdentityClients:Default:UserPassword"]
                    )
                );
    
                using (var httpClient = new HttpClient())
                {
                    httpClient.SetBearerToken(accessToken);
    
                    var url = _configuration["RemoteServices:MyProjectName:BaseUrl"] +
                              "api/MyProjectName/sample/authorized";
    
                    var responseMessage = await httpClient.GetAsync(url);
                    if (responseMessage.IsSuccessStatusCode)
                    {
                        var responseString = await responseMessage.Content.ReadAsStringAsync();
                        Console.WriteLine("Result: " + responseString);
                    }
                    else
                    {
                        throw new Exception("Remote server returns error code: " + responseMessage.StatusCode);
                    }
                }
    
                return null;
            }
            
        }
    }
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    "ActivatorChain": "Castle.Proxies.StaffDetailsAppServiceProxy"

    Your DI is configured incorrectly, you should check why DI can't create instance StaffDetailsAppServiceProxy

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Can you share the application logs?

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Hi

    I am creating a new tenant from the Main App and trying to login using the tenant user credentials it is not logging in and says invalid username or email address.When I verified the table AbpUsers it is not having the user entry for the created tenant but SaaStenant has tenant details.

    Why the user is not created automatically for the new tenant created. Also how to access rights to the new users.

  • User Avatar
    0
    abpdeveloper@dbizsolution.com created

    Can you share the application logs?

    Sure

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06