Open Closed

With tenant selected the token no longer exists when deployed to IIS Server #4664

User avatar
0
trendline created
  • ABP Framework version: v7.0.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:

deployed to IIS server, when selected a tenant login, the auth server logging below logs:

2023-03-08 12:23:23.963 +08:00 [INF] Request finished HTTP/2 POST https://account2.yxx.top/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient\_id%3DSchool\_Web%26redirect\_uri%3Dhttps%253A%252F%252Fschool.yxx.top%252Fsignin-oidc%26response\_type%3Dcode%2520id\_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520School%26response\_mode%3Dform\_post%26nonce%3D638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz%26state%3DCfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q%26x-client-SKU%3DID\_NET6\_0%26x-client-ver%3D6.15.1.0 application/x-www-form-urlencoded 291 - 302 - - 282.5697ms
2023-03-08 12:23:23.971 +08:00 [INF] CAP message 'Volo.Abp.Users.User.Updated' published, internal id '7648707208777474049'
2023-03-08 12:23:24.001 +08:00 [INF] Request starting HTTP/2 GET https://account2.yxx.top/connect/authorize?client\_id=School\_Web&redirect\_uri=https%3A%2F%2Fschool.yxx.top%2Fsignin-oidc&response\_type=code%20id\_token&scope=openid%20profile%20roles%20email%20phone%20School&response\_mode=form\_post&nonce=638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz&state=CfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q&x-client-SKU=ID\_NET6\_0&x-client-ver=6.15.1.0 - -
2023-03-08 12:23:24.002 +08:00 [INF] The request URI matched a server endpoint: "Authorization".
2023-03-08 12:23:24.002 +08:00 [INF] The authorization request was successfully extracted: {
"client\_id": "School\_Web",
"redirect\_uri": "https://school.yxx.top/signin-oidc",
"response\_type": "code id\_token",
"scope": "openid profile roles email phone School",
"response\_mode": "form\_post",
"nonce": "638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz",
"state": "CfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q",
"x-client-SKU": "ID\_NET6\_0",
"x-client-ver": "6.15.1.0"
}.
2023-03-08 12:23:24.008 +08:00 [INF] Executing subscriber method 'CmsUserSynchronizer.HandleEventAsync' on group 'cap.queue.viewtance.srp.authserver.0.v1'
2023-03-08 12:23:24.039 +08:00 [INF] The authorization request was successfully validated.
2023-03-08 12:23:24.052 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.053 +08:00 [INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). 2023-03-08 12:23:24.053 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-03-08 12:23:24.091 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 2023-03-08 12:23:24.131 +08:00 [INF] The authorization response was successfully returned to 'https://school.yxx.top/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8B3bBiDHFkhLrQs4_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5_p0P_MKt6Ano6XGkKraandkBPY_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q", "iss": "https://account2.yxx.top/" }. 2023-03-08 12:23:24.132 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 79.1682ms 2023-03-08 12:23:24.132 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.134 +08:00 [INF] Request finished HTTP/2 GET https://account2.yxx.top/connect/authorize?client_id=School_Web&redirect_uri=https%3A%2F%2Fschool.yxx.top%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20School&response_mode=form_post&nonce=638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz&state=CfDJ8B3bBiDHFkhLrQs4_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5_p0P_MKt6Ano6XGkKraandkBPY_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q&x-client-SKU=ID_NET6_0&x-client-ver=6.15.1.0 - - - 200 2118 text/html;charset=UTF-8 132.9270ms 2023-03-08 12:23:24.259 +08:00 [INF] Request starting HTTP/1.1 POST https://account2.yxx.top/connect/token application/x-www-form-urlencoded 183 2023-03-08 12:23:24.260 +08:00 [INF] The request URI matched a server endpoint: "Token". 2023-03-08 12:23:24.270 +08:00 [INF] The token request was successfully extracted: { "client_id": "School_Web", "client_secret": "[redacted]", "code": "[redacted]", "grant_type": "authorization_code", "redirect_uri": "https://school.yxx.top/signin-oidc" }. 2023-03-08 12:23:24.292 +08:00 [INF] Executed subscriber method 'CmsUserSynchronizer.HandleEventAsync' on group 'cap.queue.viewtance.srp.authserver.0.v1' with instance '172_21_0_11' in 278.9283ms 2023-03-08 12:23:24.306 +08:00 [INF] The token request was successfully validated. 2023-03-08 12:23:24.309 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.309 +08:00 [INF] Route matched with {action = "Handle", controller = "Token", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.TokenController (Volo.Abp.OpenIddict.AspNetCore).
2023-03-08 12:23:24.309 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2023-03-08 12:23:24.323 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal.
2023-03-08 12:23:24.338 +08:00 [INF] The token 'a82fcef4-1f86-77c8-2539-3a09d1a27ebe' was successfully marked as redeemed.
2023-03-08 12:23:24.382 +08:00 [INF] The response was successfully returned as a JSON document: {
"access\_token": "[redacted]",
"token\_type": "Bearer",
"expires\_in": 3600,
"scope": "openid profile roles email phone School",
"id\_token": "[redacted]"
}.
2023-03-08 12:23:24.382 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 72.9924ms
2023-03-08 12:23:24.382 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.389 +08:00 [INF] Request finished HTTP/1.1 POST https://account2.yxx.top/connect/token application/x-www-form-urlencoded 183 - 200 2783 application/json;charset=UTF-8 129.8559ms
2023-03-08 12:23:24.390 +08:00 [INF] Request starting HTTP/1.1 GET https://account2.yxx.top/connect/userinfo - -
2023-03-08 12:23:24.390 +08:00 [INF] The request URI matched a server endpoint: "Userinfo".
2023-03-08 12:23:24.391 +08:00 [INF] The userinfo request was successfully extracted: {
"access\_token": "[redacted]"
}.
2023-03-08 12:23:24.395 +08:00 [INF] The userinfo request was successfully validated.
2023-03-08 12:23:24.398 +08:00 [INF] The authentication demand was rejected because the token had no valid audience.
2023-03-08 12:23:24.399 +08:00 [INF] OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
2023-03-08 12:23:24.399 +08:00 [INF] OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
2023-03-08 12:23:24.401 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)'
2023-03-08 12:23:24.401 +08:00 [INF] Route matched with {action = "Userinfo", controller = "UserInfo", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Userinfo() on controller Volo.Abp.OpenIddict.Controllers.UserInfoController (Volo.Abp.OpenIddict.AspNetCore). 2023-03-08 12:23:24.401 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-03-08 12:23:24.404 +08:00 [INF] Executing ChallengeResult with authentication schemes (["OpenIddict.Server.AspNetCore"]). 2023-03-08 12:23:24.412 +08:00 [INF] The response was successfully returned as a challenge response: { "error": "invalid_token", "error_description": "The specified access token is bound to an account that no longer exists.", "error_uri": "https://documentation.openiddict.com/errors/ID2025" }. 2023-03-08 12:23:24.412 +08:00 [INF] AuthenticationScheme: OpenIddict.Server.AspNetCore was challenged. 2023-03-08 12:23:24.412 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore) in 11.271ms 2023-03-08 12:23:24.412 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)' 2023-03-08 12:23:24.413 +08:00 [INF] Request finished HTTP/1.1 GET https://account2.yxx.top/connect/userinfo - - - 302 - - 23.6954ms 2023-03-08 12:23:24.414 +08:00 [INF] Request starting HTTP/1.1 GET https://account2.yxx.top/Error?httpStatusCode=401 - - 2023-03-08 12:23:24.417 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2023-03-08 12:23:24.418 +08:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
2023-03-08 12:23:24.424 +08:00 [INF] Executing ViewResult, running view \~/Views/Error/401.cshtml.
2023-03-08 12:23:24.438 +08:00 [INF] Executed ViewResult - view \~/Views/Error/401.cshtml executed in 14.5437ms.
2023-03-08 12:23:24.438 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 20.2675ms
2023-03-08 12:23:24.438 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
2023-03-08 12:23:24.439 +08:00 [INF] Request finished HTTP/1.1 GET https://account2.yxx.top/Error?httpStatusCode=401 - - - 401 - text/html;+charset=utf-8 24.7454ms
2023-03-08 12:23:35.459 +08:00 [INF] Request starting HTTP/2 GET https://account2.yxx.top/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient\_id%3DSchool\_Web%26redirect\_uri%3Dhttps%253A%252F%252Fschool.yxx.top%252Fsignin-oidc%26response\_type%3Dcode%2520id\_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520School%26response\_mode%3Dform\_post%26nonce%3D638138461909738860.MGM4ZDQ3Y2ItZWExYi00OGI4LTkxMjgtODg1MGEzYTNjNmYwOGQxYzZiNjEtYTAxYS00NDFiLTliNDAtMDE4OGQwMzE4NDUz%26state%3DCfDJ8B3bBiDHFkhLrQs4\_gVsubaVXWUDC8HmYXMqpCor7wWSN3Jjp-Ek3A6yFKbchuQwhJXjzi\_lT8R-ZsX6YhqmSWQFlKcfLuW8mSVSmYtpwBffjJo8iO-Abv6tQmZdijuUS4jhKvUmGiieeaCOkYNHE7MCdmx4Dr5\_p0P\_MKt6Ano6XGkKraandkBPY\_xfdR3aSSXMRB8vQsvKSfTyElsi1qsiAYaiDhuNHoeJ8ZpJCWcRazQ5hozb0897wbPVVRZecQS2X8PX9Ca-V76KkV7KFZKjcIRJ2kEm8SVcmHbzTBVL35nGFKGpkQCbShbh7dpn6Q%26x-client-SKU%3DID\_NET6\_0%26x-client-ver%3D6.15.1.0 - -
2023-03-08 12:23:35.466 +08:00 [INF] Executing endpoint '/Account/Login'

<br>
* **Steps to reproduce the issue**:" deployed to IIS server, login with a tenant

In development Environment, the tenant id was taken, all processes working well. with below logs:
2023-03-08 01:04:12.931 +08:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ExtractTokenRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ExtractBasicAuthenticationCredentials\`1[[OpenIddict.Server.OpenIddictServerEvents+ExtractTokenRequestContext, OpenIddict.Server, Version=4.0.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
2023-03-08 01:04:12.931 +08:00 [INF] The token request was successfully extracted: {
 "client\_id": "School\_Web",
 "client\_secret": "[redacted]",
 "code": "[redacted]",
 "grant\_type": "authorization\_code",
 "redirect\_uri": "https://localhost:44302/signin-oidc",
 "\_\_tenant": "9c328224-e94b-eae6-7586-39fbfa952785"
}.
2023-03-08 01:04:12.931 +08:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ExtractTokenRequest.
Go to accepted answer
4 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The specified access token is bound to an account that no longer exists

    Please try to clear the Redis cache.

  • User Avatar
    0
    trendline created

    The specified access token is bound to an account that no longer exists

    Please try to clear the Redis cache.

    Tried, still occurred

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The authentication demand was rejected because the token had no valid audience.

  • User Avatar
    0
    trendline created

    Thanks, maliming, problems resolved by your suggestions

Assignee
User avatar maliming
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 18, 2025, 10:42