Open Closed

Failed to validate the token #6351


User avatar
0
cheelam1220 created
  • ABP Framework version: v4.4.3
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace: [07:06:12 INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10205: Issuer validation failed. Issuer: 'System.String'. Did not match: validationParameters.ValidIssuer: 'System.String' or validationParameters.ValidIssuers: 'System.String'. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() [07:06:12 INF] Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'System.String'. Did not match: validationParameters.ValidIssuer: 'System.String' or validationParameters.ValidIssuers: 'System.String'. [07:06:12 INF] Executing endpoint 'KMS.Controllers.Kiosks.KioskController.updateKioskStatus (KMS.HttpApi)' [07:06:12 INF] Route matched with {area = "app", controller = "Kiosk", action = "updateKioskStatus", page = ""}. Executing controller action with signature System.Threading.Tasks.Task updateKioskStatus(System.String) on controller KMS.Controllers.Kiosks.KioskController (KMS.HttpApi). [07:06:12 INF] Executing action method KMS.Controllers.Kiosks.KioskController.updateKioskStatus (KMS.HttpApi) - Validation state: Valid [07:06:12 INF] Authorization failed. These requirements were not met: PermissionRequirement: KMS.Kiosks [07:06:12 WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": {}, "validationErrors": null }

[07:06:12 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync() at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync() at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync() at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync(IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at lambda_method3373(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [07:06:12 WRN] Code:Volo.Authorization:010001

Error We saw from other part of the log.

[07:06:23 ERR] An exception was thrown attempting to execute the error handler. System.InvalidOperationException: Operations that change non-concurrent collections must have exclusive access. A concurrent update was performed on this collection and corrupted its state. The collection's state is no longer correct. at System.Collections.Generic.Dictionary2.FindValue(TKey key) at System.Collections.Generic.Dictionary2.TryGetValue(TKey key, TValue& value) at Volo.Abp.DependencyInjection.AbpLazyServiceProvider.LazyGetRequiredService(Type serviceType) at Volo.Abp.DependencyInjection.AbpLazyServiceProvider.LazyGetRequiredServiceT at Volo.Abp.Domain.Repositories.EntityFrameworkCore.EfCoreRepository2.GetDbContextAsync() at Volo.Abp.Domain.Repositories.EntityFrameworkCore.EfCoreRepository2.GetDbSetAsync() .................................. --- End of stack trace from previous location --- at Dynatrace.OneAgent.Introspection.Shared.OwinMiddlewareBase1.Invoke(Context context) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync()

  • Steps to reproduce the issue: unable to reproduce as it's occurred without any reason or changes in the environment.

Hi, the API suddenly encounter this error and keep repeating the same error until we restart the IIS(App).


12 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello,

    Please check the similar issue https://support.abp.io/QA/Questions/5441/IDX10205-Issuer-validation-failed

  • User Avatar
    0
    cheelam1220 created

    Hello,

    Please check the similar issue https://support.abp.io/QA/Questions/5441/IDX10205-Issuer-validation-failed

    Hi,

    I saw it's about prolonging the token time. But our issue is when it's trying to get token it encounters some error. It's been the same period for the token expiring time. Any idea what's the 2nd error message about? Or is there any option we can turn on to get even more details log?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Or is there any option we can turn on to get even more details log?

    You can set IdentityModelEventSource.ShowPII = true;

  • User Avatar
    0
    cheelam1220 created

    Hi,

    Or is there any option we can turn on to get even more details log?

    You can set IdentityModelEventSource.ShowPII = true;

    Hi,

    Other than this, anything thing else we can do? I can share the full log, can you take a look at it?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    This is enough, ok please share the log. thanks.

  • User Avatar
    0
    cheelam1220 created

    Hi,

    This is enough, ok please share the log. thanks.

    Hi,

    Is there an email i can attached the log file? It's too large to share it here.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    My email is shiwei.liang@volosoft.com

  • User Avatar
    0
    cheelam1220 created

    Hi,

    My email is shiwei.liang@volosoft.com

    Hi,

    I just sent the log.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I have checked.

    Did you try this and redeploy the application?

    IdentityModelEventSource.ShowPII = true;

    BTW It happens because the issuer is automatically set by the request. Set issuer to fix this problem In AuthServerModule.cs or HttpApiHostModule.cs as follows:

    Configure<IdentityServerOptions>(options => 
    { 
        options.IssuerUri = configuration["App:SelfUrl"];
    });
    
  • User Avatar
    0
    cheelam1220 created

    Hi,

    I have checked.

    Did you try this and redeploy the application?

    IdentityModelEventSource.ShowPII = true;

    BTW It happens because the issuer is automatically set by the request. Set issuer to fix this problem In AuthServerModule.cs or HttpApiHostModule.cs as follows:

    Configure<IdentityServerOptions>(options =>  
    {  
        options.IssuerUri = configuration["App:SelfUrl"]; 
    }); 
    

    Hi,

    I haven't deployed as the environment is strictly control and we cannot make any deployment until next year. Is there any impact to performance if i set the IdentityModelEventSource.ShowPII = true;` for a prolong period?

    Sorry, I don't fully understand what you mean by "the issuer is automatically set by the request", is there any article related you can share with me?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can check the document: https://identityserver4.readthedocs.io/en/latest/reference/options.html

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Is there any impact to performance if i set the IdentityModelEventSource.ShowPII = true;` for a prolong period?

    It will not affect performance. But it will write some sensitive information in the log. See: https://stackoverflow.com/questions/62820026/what-information-is-logged-by-identitymodel-when-showpii-is-set-to-true

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38