Starts in:
2 DAYS
17 HRS
10 MIN
53 SEC
Starts in:
2 D
17 H
10 M
53 S
Open Closed

Single Auth Server With Tenant and Multiple Application #6553


User avatar
0
dipak.z created
  • ABP Framework version: v8.0.0
  • UI Type: MVC
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I want to create Auth Server Which is tenant base and another 3 application which is tenant based and is used Auth Server for Authorization and authentication I want both running on tenant like tenant base is come from Auth Server and applicaton database configure as tenant base and also i want separate admins for different application which can be see specific tenants of application.


33 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    What was the problem or error you got?

  • User Avatar
    0
    dipak.z created

    hi

    What was the problem or error you got?

    I Created Project from abp suite with separate tenant schema and Tiered as Auth Server i created another project with Application Template . now i want to use Auth Server for Authentication and Authorization in this and same for other two projects.because in this already openiddict and login register all. and all projects has own pages and apis and also tenant base and use database of tenant which are configure in auth server tenant.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I Created Project from abp suite with separate tenant schema and Tiered as Auth Server i created another project with Application Template .

    There is a Web host project in MVC tiered projects. which uses AddAbpOpenIdConnect in it.

    https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L142-L213

    You can check this project.

  • User Avatar
    0
    dipak.z created

    I Created Different Solution from ABP Suite (Application Template/EF CorePostgres/MVC) in this solution i have Models and its tenant based and i want to use auth server identity (with tenant) use in this solution

    Auth Server is in Different solution and its used Different database

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can add OpenIdConnect as authentication to your new app and then add a new client/application on the Authserver project.

    See https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs#L142-L213

  • User Avatar
    0
    dipak.z created

    In WebModule I added

    private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration) { context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); options.CheckTokenExpiration(); }) .AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"); options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

             options.ClientId = configuration["AuthServer:ClientId"];
             options.ClientSecret = configuration["AuthServer:ClientSecret"];
    
             options.UsePkce = true;
             options.SaveTokens = true;
             options.GetClaimsFromUserInfoEndpoint = true;
    
             options.Scope.Add("roles");
             options.Scope.Add("email");
             options.Scope.Add("phone");
             options.Scope.Add("ULB");
         });
     /*
     * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
     * Configuring the redirecting URLs for internal network and the web
     * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
     * The token acquired and validated from the the internal network AuthServer URL.
     */
     if (configuration.GetValue&lt;bool&gt;("AuthServer:IsContainerized"))
     {
         context.Services.Configure&lt;OpenIdConnectOptions&gt;("oidc", options =>
         {
             options.TokenValidationParameters.ValidIssuers = new[]
             {
                     configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
                     configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
                 };
    
             options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
                                     ".well-known/openid-configuration";
    
             var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
             options.Events.OnRedirectToIdentityProvider = async ctx =>
             {
                 // Intercept the redirection so the browser navigates to the right URL in your host
                 ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";
    
                 if (previousOnRedirectToIdentityProvider != null)
                 {
                     await previousOnRedirectToIdentityProvider(ctx);
                 }
             };
             var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
             options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
             {
                 // Intercept the redirection for signout so the browser navigates to the right URL in your host
                 ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";
    
                 if (previousOnRedirectToIdentityProviderForSignOut != null)
                 {
                     await previousOnRedirectToIdentityProviderForSignOut(ctx);
                 }
             };
         });
     }
    
     context.Services.Configure&lt;AbpClaimsPrincipalFactoryOptions&gt;(options =>
     {
         options.IsDynamicClaimsEnabled = true;
     });
    

    }

    then throw when i click on login button =>

    An unhandled exception occurred while processing the request. ComponentNotRegisteredException: The requested service 'Volo.Abp.Account.Public.Web.Pages.Account.LoginModel' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency.

    See https://autofac.rtfd.io/help/service-not-registered for more info. Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable<Parameter> parameters)

    Stack Query Cookies Headers Routing ComponentNotRegisteredException: The requested service 'Volo.Abp.Account.Public.Web.Pages.Account.LoginModel' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency. See https://autofac.rtfd.io/help/service-not-registered for more info.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the source code of your WebModule and WebModule.csproj; I think you should remove the account module from the csproj file.

  • User Avatar
    0
    dipak.z created

    hi

    Please share the source code of your WebModule and WebModule.csproj; I think you should remove the account module from the csproj file.

    Only From Web Project?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Yes, Let me take a look at these two files first.

    Thanks, liming.ma@volosoft.com

    WebModule.cs and WebModule.csproj

  • User Avatar
    0
    dipak.z created

    i created Application Template/MVC/EfCore(Postgres) from Abp Suite (No selected any other tired or seprate tenant scehma / public site all are unchecked) and in this in web project i changed ConfigureAuthentication method as per given. not changed anything in web module it is as it is which are created

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok

    Please try to remove the below code

    csproj: <ProjectReference Include="..\..\..\..\..\account\src\Volo.Abp.Account.Pro.Public.Web.OpenIddict\Volo.Abp.Account.Pro.Public.Web.OpenIddict.csproj" />

    cs: AbpAccountPublicWebOpenIddictModule

    Add a new class.

    public class AccountController : ChallengeAccountController
    {
    
    }
    
  • User Avatar
    0
    dipak.z created

    An unhandled exception occurred while processing the request. ComponentNotRegisteredException: The requested service 'Volo.Abp.AspNetCore.Authentication.OpenIdConnect.IOpenIdLocalUserCreationClient' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency.

    See https://autofac.rtfd.io/help/service-not-registered for more info.

    Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable<Parameter> parameters) AuthenticationFailureException: An error was encountered while handling the remote login.

    Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

    Stack Query Cookies Headers Routing 
    
    ComponentNotRegisteredException: The requested service 'Volo.Abp.AspNetCore.Authentication.OpenIdConnect.IOpenIdLocalUserCreationClient' has not been registered. To avoid this exception, either register a component to provide the service, check for service registration using IsRegistered(), or use the ResolveOptional() method to resolve an optional dependency. See https://autofac.rtfd.io/help/service-not-registered for more info.
    

    i removed typeof(AbpAccountPublicWebOpenIddictModule), from webmodule.cs

  • User Avatar
    0
    dipak.z created

    <Project Sdk="Microsoft.NET.Sdk.Web">

    <Import Project="....\common.props" />

    <PropertyGroup> <TargetFramework>net8.0</TargetFramework> <Nullable>enable</Nullable> <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel> <RootNamespace>ULB.Web</RootNamespace> <AssetTargetFallback>$(AssetTargetFallback);portable-net45+win8+wp8+wpa81;</AssetTargetFallback> <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects> <GenerateBindingRedirectsOutputType>true</GenerateBindingRedirectsOutputType> <GenerateRuntimeConfigurationFiles>true</GenerateRuntimeConfigurationFiles> <MvcRazorExcludeRefAssembliesFromPublish>false</MvcRazorExcludeRefAssembliesFromPublish> <PreserveCompilationReferences>true</PreserveCompilationReferences> </PropertyGroup>

    <ItemGroup Condition="Exists('./openiddict.pfx')"> <None Remove="openiddict.pfx" /> <EmbeddedResource Include="openiddict.pfx"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </EmbeddedResource> </ItemGroup>

    <ItemGroup> <Compile Remove="Logs*" /> <Content Remove="Logs*" /> <EmbeddedResource Remove="Logs*" /> <None Remove="Logs*" /> </ItemGroup>

    <ItemGroup> <Content Include="Pages**.js"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </Content> <Content Include="Pages**.css"> <CopyToOutputDirectory>Always</CopyToOutputDirectory> </Content> </ItemGroup>

    <ItemGroup> <PackageReference Include="AspNetCore.HealthChecks.UI" Version="7.0.2" /> <PackageReference Include="AspNetCore.HealthChecks.UI.Client" Version="7.1.0" /> <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.0" /> <PackageReference Include="AspNetCore.HealthChecks.UI.InMemory.Storage" Version="7.0.0" /> <PackageReference Include="Serilog.AspNetCore" Version="8.0.0" /> <PackageReference Include="Serilog.Sinks.Async" Version="1.5.0" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="8.0.0" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="8.0.0" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.Twitter" Version="8.0.0" /> <PackageReference Include="Volo.Abp.AspNetCore.Authentication.OpenIdConnect" Version="8.0.2" /> </ItemGroup>

    <ItemGroup> <ProjectReference Include="..\ULB.Application\ULB.Application.csproj" /> <ProjectReference Include="..\ULB.HttpApi\ULB.HttpApi.csproj" /> <ProjectReference Include="..\ULB.EntityFrameworkCore\ULB.EntityFrameworkCore.csproj" /> <PackageReference Include="Volo.Abp.Autofac" Version="8.0.2" /> <PackageReference Include="Volo.Abp.AspNetCore.Serilog" Version="8.0.2" /> <PackageReference Include="Volo.Abp.AspNetCore.Authentication.JwtBearer" Version="8.0.2" /> <PackageReference Include="Volo.Abp.Swashbuckle" Version="8.0.2" /> <PackageReference Include="Volo.Abp.FeatureManagement.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.Account.Pro.Admin.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.AuditLogging.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.Identity.Pro.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.OpenIddict.Pro.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.LanguageManagement.Web" Version="8.0.2" /> <PackageReference Include="Volo.Saas.Host.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.TextTemplateManagement.Web" Version="8.0.2" /> <PackageReference Include="Volo.Abp.Gdpr.Web" Version="8.0.2" /> </ItemGroup>

    <ItemGroup> <PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX" Version="3.0.-" /> </ItemGroup>

    </Project>

    this is the web project .csproj file

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Try to depend on the typeof(AbpAspNetCoreAuthenticationOpenIdConnectModule) in your web project.

  • User Avatar
    0
    dipak.z created

    Yes ,Thank You but its works if i use same database for both but if i change the database of the application and auth server then its not work...i want Different Database for Auth Server and Different for Application

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    but if i change the database of the application and auth server then its not work.

    Please share the details of your changes and logs. Thanks.

  • User Avatar
    0
    dipak.z created

    In Auth Server i Used IdentityAuth database and in Application I Used Different database .

    in Application i removed below code from WebModule and remove account package

    typeof(AbpAccountPublicWebOpenIddictModule), app.UseAbpOpenIddictValidation();

    added Volo.Abp.AspNetCore.Authentication.OpenIdConnect this package and typeof(AbpAspNetCoreAuthenticationOpenIdConnectModule) in web project of application

    due to different database in application project

    [10:00:58 WRN] User not found: 3a10485f-3e23-7e7e-31da-5bdee5aba0af Volo.Abp.Domain.Entities.EntityNotFoundException: There is no such an entity. Entity type: Volo.Abp.Identity.IdentityUser, id: 3a10485f-3e23-7e7e-31da-5bdee5aba0af at Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.<>c__DisplayClass23_0.<<GetAsync>b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id)

    Which project does the log come from?

    Please share the full request logs.

  • User Avatar
    0
    dipak.z created

    hi

    Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id)

    Which project does the log come from?

    Please share the full request logs.

    from Application's Web Project logfile

    2024-01-29 10:00:58.413 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44319/_vs/browserLink - 200 null text/javascript; charset=UTF-8 13.2284ms 2024-01-29 10:00:58.413 +05:30 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' 2024-01-29 10:00:58.414 +05:30 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc). 2024-01-29 10:00:58.416 +05:30 [DBG] Filling dynamic claims cache for user: 3a10485f-3e23-7e7e-31da-5bdee5aba0af 2024-01-29 10:00:58.416 +05:30 [WRN] User not found: 3a10485f-3e23-7e7e-31da-5bdee5aba0af Volo.Abp.Domain.Entities.EntityNotFoundException: There is no such an entity. Entity type: Volo.Abp.Identity.IdentityUser, id: 3a10485f-3e23-7e7e-31da-5bdee5aba0af at Volo.Abp.Identity.IdentityUserManager.GetByIdAsync(Guid id) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.<>c__DisplayClass23_0.<<GetAsync>b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributorCache.GetAsync(Guid userId, Nullable`1 tenantId) at Volo.Abp.Identity.IdentityDynamicClaimsPrincipalContributor.ContributeAsync(AbpClaimsPrincipalContributorContext context) 2024-01-29 10:00:58.417 +05:30 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' 2024-01-29 10:00:58.417 +05:30 [INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). 2024-01-29 10:00:58.448 +05:30 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid" 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/timeago/jquery.timeago.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\timeago\jquery.timeago.js' 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/abp/luxon/abp.luxon.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\abp\luxon\abp.luxon.js' 2024-01-29 10:00:58.450 +05:30 [INF] Sending file. Request path: '/libs/bootstrap-daterangepicker/daterangepicker.js'. Physical path: 'D:\Identity Server ABP\Web With Identity\ULBIDC\src\ULBIDC.Web\wwwroot\libs\bootstrap-daterangepicker\daterangepicker.js' 2024-01-29 10:00:58.450 +05:30 [INF] Request finished HTTP/2 GET https://localhost:44319/libs/abp/luxon/abp.luxon.js?_v=638415968503970000 - 499 1361 application/javascript 87.2179ms

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please try to set IsDynamicClaimsEnabled of AbpClaimsPrincipalFactoryOptions to false in Application's Web Project.

    It indirectly depends on the Identity module.

    You can also add AbpIdentity to your ConnectionStrings.

      "ConnectionStrings": {
        "Default": "",
        "AbpIdentity": ""
      },
    
  • User Avatar
    0
    dipak.z created

    private void ConfigureAuthentication(ServiceConfigurationContext context) { // context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; }); }

    its already enabled

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    set IsDynamicClaimsEnabled of AbpClaimsPrincipalFactoryOptions to false

  • User Avatar
    0
    dipak.z created

    i have to remove this app.UseDynamicClaims(); also?

    i set this to IsDynamicClaimsEnabled to false but same error occured i set ConnectionString AbpIdentity in appsetting.json any other settings?

  • User Avatar
    0
    dipak.z created

    namespace ULBIDC.EntityFrameworkCore;

    [ReplaceDbContext(typeof(IIdentityProDbContext))] [ReplaceDbContext(typeof(ISaasDbContext))] [ConnectionStringName("Default")] public class ULBIDCDbContext : AbpDbContext<ULBIDCDbContext>, IIdentityProDbContext, ISaasDbContext { ...... }

    in db context there is any option to give Identity Connection String?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    If IsDynamicClaimsEnabled is false then UseDynamicClaims will skip it.

    https://docs.abp.io/en/abp/latest/Connection-Strings#configure-the-connection-strings

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06