Open Closed

Error when upgrade to version 8.0.0 #6466


User avatar
0
lan.dang created
  • ABP Framework version: v8.0.0
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I got some error in Permission modal:

  1. I am unable to select other permission, just show only assigned role. How can I add more permission to user?
  2. When Login as Tenant, I could not update pemission to user, it shows error about my customiize permission
  3. When using JWT token, I have this configuration (it works in .net 7) but when upgrade to .net 8.0 I give error : [ERR] IDX10211: Unable to validate issuer. The 'issuer' parameter is null or whitespace

26 Answer(s)
  • User Avatar
    0
    lan.dang created

    I solved #2 by following this answer : https://support.abp.io/QA/Questions/6422/Blazor-Server-Error-when-trying-to-edit-role-permissions

  • User Avatar
    0
    lan.dang created

    I updated error log :

    2024-01-09 11:46:35.114 +07:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
    Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
       at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
       at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
       at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at DruidAI.Blazor.Controllers.APIController.GetNextRequest(String server, String maxsize) in D:\Lan.Dang\Kwork.DruidAI\src\DruidAI.Blazor\Controllers\APIController.cs:line 342
       at lambda_method4317(Closure, Object)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    2024-01-09 11:46:35.114 +07:00 [WRN] Code:Volo.Authorization:010001
    2024-01-09 11:46:36.685 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
    Number of keys in Configuration: '0'. 
    Exceptions caught:
     '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
    token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I am unable to select other permission, just show only assigned role. How can I add more permission to user?

    How can I reproduce this in a new template project?

    3

    Please set IdentityModelEventSource.ShowPII = true; in your application and re-share the logs. Thanks.

     IDX10503: Signature validation failed. Token does not have a kid. 
     Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. 
     For more details, see https://aka.ms/IdentityModel/PII.]'. 
     
     Number of keys in TokenValidationParameters: '1'. 
    Number of keys in Configuration: '0'. 
    Exceptions caught:
     '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
    token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.
    

    In fact, Your app can work without the jwtBearer authentication if you have the following code(AddValidation).

    
    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("ProductManagement");
            options.UseLocalServer();
            options.UseAspNetCore();
            
            options.Configure(validationOptions => 
            {
               // set validationOptions.TokenValidationParameters
            });
        });
    });
    
  • User Avatar
    0
    lan.dang created

    After enable ShowPII, it shows error :

    2024-01-09 12:12:29.238 +07:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
    Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
       at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
       at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
       at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
       at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
       at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
       at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
       at DruidAI.Blazor.Controllers.APIController.GetNextRequest(String server, String maxsize) in D:\Lan.Dang\Kwork.DruidAI\src\DruidAI.Blazor\Controllers\APIController.cs:line 342
       at lambda_method5144(Closure, Object)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeNextActionFilterAsync&gt;g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.&lt;InvokeInnerFilterAsync&gt;g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
       at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.&lt;InvokeNextExceptionFilterAsync&gt;g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
    2024-01-09 12:12:29.238 +07:00 [WRN] Code:Volo.Authorization:010001
    2024-01-09 12:12:33.472 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
    Number of keys in Configuration: '0'. 
    Exceptions caught:
     '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
    token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.
    2024-01-09 12:12:35.177 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. 
    Number of keys in Configuration: '0'. 
    Exceptions caught:
     '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
    token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details.
    

    The problem is that user can login but when check Authorize it could not pass: [Authorize(AIGeneratorPermissions.RunPluginRequest.RunPlugin)] public async Task

    I need to setup JWT because my system is using public API that need to include token

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    ShowPII not working, Please set it on all websites.

    add this line to all Program.cs files.

    IdentityModelEventSource.ShowPII = true;

  • User Avatar
    0
    lan.dang created

    It gives same error 2024-01-09 14:05:25.437 +07:00 [WRN] Code:Volo.Authorization:010001 2024-01-09 14:05:29.616 +07:00 [ERR] IDX10503: Signature validation failed. Token does not have a kid. Keys tried: '[PII of type 'System.Text.StringBuilder' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Number of keys in TokenValidationParameters: '1'. Number of keys in Configuration: '0'. Exceptions caught: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. token: '[PII of type 'Microsoft.IdentityModel.JsonWebTokens.JsonWebToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. See https://aka.ms/IDX10503 for details. 2024-01-09 14:05:34.959 +07:00 [WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": {}, "validationErrors": null } The token is not passed the Authorization Here is method to generator JWT token

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try to add Authorize to your controller?DruidAI.Blazor.Controllers.APIController.GetNextReques

    [Authorize(AuthenticationSchemes = "Bearer")]
    public class YourController : Controller
    {
    
    
    }
    
  • User Avatar
    0
    lan.dang created

    It still return response.StatusCode = System.Net.HttpStatusCode.Unauthorized. I just wonder what are changes in .NET 8 to make it does not work?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I'm not sure. Can you share a simple project? or how can I reproduce this in a new template project?

    liming.ma@volosoft.com

  • User Avatar
    0
    lan.dang created

    Thank you, I sent you files that I made & modify in JWT token

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Thanks. Can you try to reproduce this in a small project?

    Then I can fix it asap.

  • User Avatar
    0
    lan.dang created

    I run with Postman, I found this error : Bearer error="invalid_token", error_description="The signing key associated to the specified token was not found.", error_uri="https://documentation.openiddict.com/errors/ID2090"

    Does that any help ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I need to reproduce this in my local.

    Can you find a way?

  • User Avatar
    0
    lan.dang created

    Could you help me to review DruidAIBlazorModule, did I make any wrong? Thank you

  • User Avatar
    0
    lan.dang created

    @maliming about issue #1 and #2, if you login with Host Admin, you go to Role or User >> Edit > Permission it raises error like this if you have defined custom Permission in PermissionDefinitionProvider

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can override the PermissionManagementModal by https://github.com/abpframework/abp/pull/18681/files

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Could you help me to review DruidAIBlazorModule, did I make any wrong?

    Please find a way to reproduce in a new project.

    I haven't understood your JWT design yet.

    Thanks.

  • User Avatar
    0
    lan.dang created

    I think the problem related to Dynamic Claim feature in new version.

    1. I add JWT Bearer in *BlazorModule file
    2. Then add this line app.UseJwtTokenMiddleware();

    If I add this configure : ConfigureAuthentication It gives error : "token_invalid"

    If I removed ConfigureAuthentication It generate token, but could not pass [Authorize(Permissions.Create)] , OK with [Authorize]

    So I think there is problem with Claim. Do you have any example that I can follow to implement API bearer token?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you have any example that I can follow to implement API bearer token?

    There are some examples on Google. It's simple

    https://medium.com/@vndpal/how-to-implement-jwt-token-authentication-in-net-core-6-ab7f48470f5c https://www.c-sharpcorner.com/article/jwt-json-web-token-authentication-in-asp-net-core/ https://www.youtube.com/watch?v=mgeuh8k3I4g

    You can test this in a new template project, share your project with me if you have any problems.

  • User Avatar
    0
    lan.dang created

    Yes I will try create simple project and share with you. BTW, could you explain me how ClaimType.Role work? As debugging, HttpContext.User is already Authenticated, there is also claim Role correctly but could not access to permission that role has been assigned

  • User Avatar
    0
    lan.dang created

    I sent you project link in mail, please confirm me if you have not get it Thank you

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You have set these claim types.

    AbpClaimTypes.UserName
    AbpClaimTypes.Name
    AbpClaimTypes.SurName
    AbpClaimTypes.UserId
    AbpClaimTypes.Role
    AbpClaimTypes.Email
    

    https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L41-L53

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is your JWT claims:

    context.Services.AddAuthentication()
        .AddJwtBearer(options =>
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidIssuer = configuration["Jwt:Issuer"],
                ValidateAudience = true,
                ValidAudience = configuration["Jwt:Audience"],
                ValidateLifetime = false,
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = securityKey
            };
            options.MapInboundClaims = false;
        });
    
    app.UseRouting();
    app.UseAuthentication();
    app.UseAbpOpenIddictValidation();
    
    //https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.Authentication.JwtBearer/Microsoft/AspNetCore/Builder/ApplicationBuilderAbpJwtTokenMiddlewareExtension.cs#L8
    app.Use(async (httpContext, next) =>
    {
        if (httpContext.User.Identity?.IsAuthenticated != true)
        {
            var result = await httpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
            if (result.Succeeded && result.Principal != null)
            {
                httpContext.User = result.Principal;
            }
        }
    
        await next();
    });
    
    if (MultiTenancyConsts.IsEnabled)
    {
        app.UseMultiTenancy();
    }
    
  • User Avatar
    0
    lan.dang created

    it still return 403 Fobbiden

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I sent a project to you.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19