Open Closed

Login error when upgrading to v8.0.0 #6425


User avatar
0
duyan11110 created
  • ABP Framework version: v8.0.0
  • UI Type: MVC
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: I am upgrading ABP from v7.3.0 to v8.0.0 and getting this error when login. Pls help
[web_bd1ce1f9-2]: [18:00:24 INF] Request starting HTTP/1.1 GET http://mzh.mhibs.web:7004/Account/Login - null null
[web_bd1ce1f9-2]: [18:00:24 INF] Executing endpoint 'MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web)'
[web_bd1ce1f9-2]: [18:00:24 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller MZH.MHIBS.Web.Controllers.AccountController (MZH.MHIBS.Web).
[web_bd1ce1f9-2]: [18:00:24 INF] Executing action method MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web) - Validation state: Valid
[web_bd1ce1f9-2]: [18:00:24 INF] Executed action method MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web), returned result Microsoft.AspNetCore.Mvc.ChallengeResult in 0.037ms.
[web_bd1ce1f9-2]: [18:00:24 INF] Executing ChallengeResult with authentication schemes (["oidc"]).
[web_bd1ce1f9-2]: [18:00:24 INF] AuthenticationScheme: oidc was challenged.
[web_bd1ce1f9-2]: [18:00:24 INF] Executed action MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web) in 4.7096ms
[web_bd1ce1f9-2]: [18:00:24 INF] Executed endpoint 'MZH.MHIBS.Web.Controllers.AccountController.Login (MZH.MHIBS.Web)'
[web_bd1ce1f9-2]: [18:00:24 INF] Request finished HTTP/1.1 GET http://mzh.mhibs.web:7004/Account/Login - 302 0 null 5.572ms
[web_bd1ce1f9-2]: [18:00:25 INF] Request starting HTTP/1.1 POST http://mzh.mhibs.web:7004/signin-oidc - application/x-www-form-urlencoded 1586
[web_bd1ce1f9-2]: [18:00:25 WRN] '.AspNetCore.Correlation.zwwe_Ao2xW7750a7k0U1t8rW5pCQMvknu6aP7K0j1kw' cookie not found.
[web_bd1ce1f9-2]: [18:00:25 INF] Error from RemoteAuthentication: Correlation failed..
[web_bd1ce1f9-2]: [18:00:25 ERR] An unhandled exception has occurred while executing the request.
[web_bd1ce1f9-2]: Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.
[web_bd1ce1f9-2]: ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: Correlation failed.
[web_bd1ce1f9-2]: --- End of inner exception stack trace ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
[web_bd1ce1f9-2]: --- End of stack trace from previous location ---
[web_bd1ce1f9-2]: at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
[web_bd1ce1f9-2]: [18:00:25 INF] Request finished HTTP/1.1 POST http://mzh.mhibs.web:7004/signin-oidc - 500 null text/html; charset=utf-8 5.2675ms

7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to use https instead of http.

    Chrome will block some cookies during http.

  • User Avatar
    0
    duyan11110 created

    Hi,

    Changing to https is taking time, is there any way to use http. Everything's still OK before upgrading.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I think you are using the identity server 4 right?

    https://community.abp.io/posts/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n

  • User Avatar
    -1
    duyan11110 created

    No, I am using OpenIdDict, but I already applied that solution and it worked fine before upgrading

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You better use https for all websites.

    But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.

    also need to call DisableTransportSecurityRequirement of openiddict.

    https://support.abp.io/QA/Questions/3816/How-to-disable-https-in-openiddict#answer-0bea3600-1209-f831-3cbf-3a06f6fa86e0

  • User Avatar
    0
    duyan11110 created

    But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.

    I already applied this one for Web project, and I've just applied for AuthServer project, but still get the error:

    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        var hostingEnvironment = context.Services.GetHostingEnvironment();
        var configuration = context.Services.GetConfiguration();
    
        if (!Convert.ToBoolean(configuration["App:DisablePII"]))
        {
            Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
        }
        
        if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))//false in appsettings.json
        {
            Configure<OpenIddictServerAspNetCoreOptions>(options =>
            {
                options.DisableTransportSecurityRequirement = true;// Already had from old version
            }); 
        }
    
        context.Services.AddSameSiteCookiePolicy(); // just added this line
        ...
      }
    

    And as I said above, everything's still OK before upgrading

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is the browser's behavior, which has nothing to do with the abp version. The browser will block cookies that it thinks are unsafe.

    You can see the warning message in the browser console.

    I suggest you change the website to https. It won't take much time, but this is the best way to solve this problem.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38