Open Closed

Authorization failure when getting users from identity service #4940


User avatar
0
Mohammed.sheik created
  • ABP Framework version: v5.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi there,

I hope you are well.

For a particular scenario in our project we are required to get a list of all users across all tenants. The approach we have taken is that we have got a list of all tenants and thereafter changed the current tenant, then get a list of all users from Identity service for that tenant and append in a list. We have followed the instruction in the documentation here: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/synchronous-interservice-communication#synchronous-communication-between-microservices and have successfully been able to communicate with the identity service to get all users for each tenant. My problem is that it works fine when running locally using project tye however after I deploy to my Kubernetes environment I get an unauthorized error on the identity service side:

11:11:10 WRN] Code:Volo.Authorization:010001 [11:11:10 INF] AuthenticationScheme: Bearer was challenged. [11:11:10 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 9.4578ms [11:11:10 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)' [11:11:10 INF] Request finished HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users?SkipCount=0&MaxResultCount=1000&api-version=1.0 - - - 401 0 - 35.9058ms [11:11:33 INF] Request starting HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users - - [11:11:33 INF] CORS policy execution failed. [11:11:33 INF] Request origin null does not have permission to access the resource. [11:11:33 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)' [11:11:33 INF] Route matched with {controller = "User", area = "identity", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi). [11:11:33 INF] Request starting HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users?SkipCount=0&MaxResultCount=1000&api-version=1.0 - - [11:11:33 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)' [11:11:33 INF] Route matched with {controller = "User", area = "identity", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi). [11:11:33 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.Users [11:11:33 WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": {}, "validationErrors": null }

[11:11:33 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Auditing.AuditingInterceptor.ProceedByLoggingAsync(IAbpMethodInvocation invocation, IAuditingHelper auditingHelper, IAuditLogScope auditLogScope) at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at lambda_method2280(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [11:11:33 WRN] Code:Volo.Authorization:010001 [11:11:33 INF] AuthenticationScheme: Bearer was challenged. [11:11:33 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 13.8284ms [11:11:33 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)' [11:11:34 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=6.0.1.0, Culture=neutral, PublicKeyToken=null]]'. [11:11:34 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 67.5621ms [11:11:34 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'

In my Identity database, dbo.OpenIddictApplications table the application is seeded correctly:

In the Administration database, dbo.AbpPermissionGrants table the 'AbpIdentity.Users' permission is seeded correctly as well.

Please can you assist in resolving this issue.


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you share a project that reproduces the problem to me, shiwei.liang@volosoft.com. I will check it.

  • User Avatar
    0
    Mohammed.sheik created

    Hi,

    Can you share a project that reproduces the problem to me, shiwei.liang@volosoft.com. I will check it.

    Hi Shiwei,

    Can we rather do a Teams or Zoom call?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    It's better if can you share a minimal reproducible project or full steps. this is helpful to solve the problem

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09