Need help in deploying microservice template using docker-compose #7548 | Support

chandra.lk created 3 months ago

ABP Framework version: v8.2.0
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Steps to reproduce the issue: I have created a microservice application with the commercial template and I'm trying to deploy the same using docker-compose on one of our internal test servers. It has 3 microservices, 1 web-gateway, 1 AuthServer and 1 Angular application. I'm using the existing docker-compose.infrastructure.yml and the docker-compose.infrastructure.override.yml to setup the infra. I've built the applications into docker images using the provided build-images.ps1 file. In addition using the tye.yaml file as a reference, I have also created one more docker-compose.yml for deploying the backend services. I also have an internal SSL certificate to run HTTPS. I am able to bring up the services and am able to run the Angular application, but once I click on login in the Angular app, it takes me to the Authserver login page and after entering the correct credentials, it redirects me back to the Angular app, but it doesn't log me in. I had faced similar issue after upgrading to 8.2.0 which was resolved by adding some additional Microsoft nuget packages. I applied the same fix here as well but no luck.

I think the issue is with the way in which I have setup communication between the containers on the internal network. I have tried all different possibilities, but am still not able to resolve this issue.

From what I can observe, I see 3 WARNs in the logs.

In AuthServer log:

2024-07-24 16:31:03 [11:01:03 WRN] Could not find a session with ID: cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4
2024-07-24 16:31:03 [11:01:03 WRN] SessionId(cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4) not found for user: a2fa870a-428f-036b-123a-3a13e61d8eab, log out.

In AdministrationService log:

2024-07-24 16:31:05 [11:01:05 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
2024-07-24 16:31:05 [11:01:05 INF] Failed to validate the token.
2024-07-24 16:31:05 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

This is my docker-compose.yml file

name: caliber-test
services:
  authserver:
    container_name: authserver
    image: caliber/app-authserver:latest
    ports:
      - 44322:44322
    environment:
      - ASPNETCORE_URLS=http://+:44321;https://+:44322
      - App__SelfUrl=https://test01.aurelius.com:44322
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325,https://administration-service:44367,https://identity-service:44388,https://saas-service:44381
      - App__RedirectAllowedUrls=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - OpenIddict__Applications__Angular__RootUrl=https://test01.aurelius.com:4200/
      - OpenIddict__Applications__WebGateway__RootUrl=https://test01.aurelius.com:44325/
      - OpenIddict__Resources__AccountService__RootUrl=https://test01.aurelius.com:44322
      - OpenIddict__Resources__AdministrationService__RootUrl=https://test01.aurelius.com:44367
      - OpenIddict__Resources__IdentityService__RootUrl=https://test01.aurelius.com:44388
      - OpenIddict__Resources__SaasService__RootUrl=https://test01.aurelius.com:44381
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  administration-service:
    container_name: administration-service
    image: caliber/service-administration:latest
    environment:
      - ASPNETCORE_URLS=http://+:44366;https://+:44367
      - App__SelfUrl=https://test01.aurelius.com:44367
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - IdentityClients__Default__Authority=http://authserver:44321
      - IdentityClients__Default__ClientId=AdministrationService
      - IdentityClients__Default__ClientSecret=1q2w3e*
      - IdentityClients__Default__GrantType=client_credentials
      - IdentityClients__Default__RequireHttps=false
      - IdentityClients__Default__Scope=IdentityService
      - IdentityClients__Default__ValidateEndpoints=true
      - IdentityClients__Default__ValidateIssuerName=true
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - RemoteServices__AbpIdentity__BaseUrl=http://identity-service:44387/
      - RemoteServices__AbpIdentity__UseCurrentAccessToken=false
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  identity-service:
    container_name: identity-service
    image: caliber/service-identity:latest
    environment:
      - ASPNETCORE_URLS=http://+:44387;https://+:44388
      - App__SelfUrl=https://test01.aurelius.com:44388
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  saas-service:
    container_name: saas-service
    image: caliber/service-saas:latest
    environment:
      - ASPNETCORE_URLS=http://+:44380;https://+:44381
      - App__SelfUrl=https://test01.aurelius.com:44381
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  web-gateway:
    container_name: web-gateway
    image: caliber/gateway-web:latest
    ports:
      - 44325:44325
    environment:
      - ASPNETCORE_URLS=https://+:44325
      - App__SelfUrl=https://test01.aurelius.com:44325
      - App__CorsOrigins=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - AuthServer__MetadataAddress=http://authserver:44321
      - AuthServer__RequireHttpsMetadata=false
      - ElasticSearch__Url=http://elasticsearch:9200
      - Redis__Configuration=redis:6379
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
      - ../gateways/web/yarp.json:/app/yarp.json:ro
    networks:
      - caliber.test-network
networks:
  caliber.test-network:
    external: true

And this is how I have modified the yarp.json file in the web-gateway:

...
    "Clusters": {
      "AuthServer": {
        "Destinations": {
          "AuthServer": {
            "Address": "http://authserver:44321/"
          }
        }
      },
      "Administration": {
        "Destinations": {
          "Administration": {
            "Address": "http://administration-service:44366/"
          }
        }
      },
      "Identity": {
        "Destinations": {
          "Identity": {
            "Address": "http://identity-service:44387/"
          }
        }
      },
      "Saas": {
        "Destinations": {
          "Saas": {
            "Address": "http://saas-service:44380/"
          }
        }
      }
    }
...

As per my understanding, only the authserver and the web-gateway need to run on HTTPS exposed to the external network and the gateway talks to the 3 microservices over HTTP.

I've tried out all possibilities and am not able to resolve this.

Request you to please check this out and guide.

Regards, Chandrahas

P.S. I wanted to attach the complete logs, but there isn't an option here to do it. Let me know if there is another way to send the logs.

10 Answer(s)

0

liangshiwei created 3 months ago
Support Team Fullstack Developer

Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty

You can check https://abp.io/support/questions/7447/Authentication-valid-issuer-issue https://abp.io/support/questions/7180/Deploying-an-ABP-tiered-project-to-mutliple-docker-containers
0

chandra.lk created 3 months ago

Hi @liangshiwei,

I checked those before and had added the ForwardedHeaders in Gateway project. Do I need to add them to all the projects?
0

liangshiwei created 3 months ago
Support Team Fullstack Developer

gateway project is enough.

if still not working you can add a middleware to output the HTTP request info to logs to see the request host.
0

chandra.lk created 3 months ago

How and where should I add this middleware? Could you please provide some more info?

liangshiwei created 3 months ago

Support Team Fullstack Developer

for example:

app.Use((httpContext, next) =>
{
    var logger = httpContext.RequestServices.GetRequiredService<ILogger<YourModuleClass>>();
    foreach (var header in httpContext.Request.Headers)
    {
        logger.LogInformation($"----------Request header: {header.Key}: {header.Value}----------");
    }

    return next();
});

chandra.lk created 3 months ago

Hi @liangshiwei,

I applied the middleware and checked the headers. They look fine to me:

2024-07-26 11:55:30 [06:25:30 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: traceparent: 00-db6439da47a5f9a3a68c416e9ca0df42-991e3a84d77fd408-00----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-correlation-id: e28192efa89942d3b91d4fb3fe66cc75----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:55:31 [06:25:31 INF] CORS policy execution successful.
2024-07-26 11:55:31 [06:25:31 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:31 [06:25:31 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:55:34 [06:25:34 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2024-07-26 11:55:35 [06:25:35 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 3115.8941ms
2024-07-26 11:55:35 [06:25:35 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:35 [06:25:35 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 4779.9261ms
2024-07-26 11:55:35 [06:25:35 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: traceparent: 00-b696772ca4486b51c742f9c99f0518cd-64f4727199b68749-00----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-correlation-id: dc7508954b15423ea1e5ec66a3e3fd55----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:55:35 [06:25:35 INF] CORS policy execution successful.
2024-07-26 11:55:35 [06:25:35 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:35 [06:25:35 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationLocalization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:55:36 [06:25:36 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto'.
2024-07-26 11:55:36 [06:25:36 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 865.8153ms
2024-07-26 11:55:36 [06:25:36 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:36 [06:25:36 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 904.8717ms
2024-07-26 11:56:19 [06:26:19 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjNDQTIzRUFCODk2NzM4OEJGMThGMEY0ODkwODhFODZBMDM1RUU4RUQiLCJ4NXQiOiJQS0ktcTRsbk9JdnhqdzlJa0lqb2FnTmU2TzAiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2lpdHZkaS0wMS5hdXJlbGl1cy5jb206NDIxMC8iLCJleHAiOjE3MjE5Nzg3NzgsImlhdCI6MTcyMTk3NTE3OCwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIiwianRpIjoiZGRkMDAxODktYmU5Zi00YzI5LTk1OGYtZDAyNTYxNWNjZDIwIiwic3ViIjoiMjc0ZTRlNTEtMGI3ZS1jNTZiLTg4ZWItM2ExM2ZhNGJmMDY5Iiwic2Vzc2lvbl9pZCI6ImM1YmU3Mzc1LTQzMDYtNGQyOC05NDMxLWMzN2RlNTAzZGE0NCIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiMzA1NzAyNTMtZWRlMC03ZmIxLWJiMDctM2ExM2ZhN2YzMmRhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJlbWFpbCI6ImFkbWluQGFicC5pbyIsImVtYWlsX3ZlcmlmaWVkIjoiRmFsc2UiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImNsaWVudF9pZCI6IkFuZ3VsYXIiLCJvaV90a25faWQiOiI1OTQ1YzdkNy00ZmRlLWZhNDItMjQ3NC0zYTEzZmZlNGRkZTYifQ.T3uwmWj_Li1X8WTxJDN9rmPXv3IhDJqn_vTWLLgd1f7usrPLspz4iw-hwWN6dsy5ySTBSCzwdKQLUS5TzmbBWDBy2UKDNwhkGxCdphHI4MuhFIetvtPBcZf7o6W6sgEjgoWkxCs1QJdbE6LCaE4zW2DhlmBg4ui_-4xYKkexhGNmMpztNIqSeSU-64gfECQyCHMBsxjWiIZrTqEkZEp4XfEpEDBXyvEz_VyhAxBpYvhOWNGfZuarYSX0Tm7eNZUKSUy4seD74RKozrlM53SroAT26Bo9oRjpDP_u9C6PL5PYVGpUt7R1wAaHuTcDDkWC23AlCSuIcxJ2A4IoCDYqIw----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: traceparent: 00-a702f850d9d803ccf7f8f442022f01c2-54e4309c0331a141-00----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-correlation-id: 43ab9156761a45f68515e05a1131336e----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:56:19 [06:26:19 INF] CORS policy execution successful.
2024-07-26 11:56:19 [06:26:19 INF] Failed to validate the token.
2024-07-26 11:56:19 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19    at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable`1 notBefore, Nullable`1 expires, IEnumerable`1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19    at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 [06:26:19 INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
2024-07-26 11:56:19 [06:26:19 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:56:19 [06:26:19 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:56:19 [06:26:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2024-07-26 11:56:19 [06:26:19 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 231.1951ms
2024-07-26 11:56:19 [06:26:19 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:56:19 [06:26:19 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 576.7826ms

I have a doubt however. In one of the referenced tickets you have mentioned:

validationParameters.ValidIssuer will be set as request.Scheme + Uri.SchemeDelimiter + host + request.PathBase

Is this set by some module in ABP Framework or will it be set by the .NET 8.0 or some other library?

I also see that the same request (Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false) is successful, but then called again, it is throwing an exception.

liangshiwei created 3 months ago

Support Team Fullstack Developer

Is this set by some module in ABP Framework or will it be set by the .NET 8.0 or some other library?

This is set by openiddict.

could you try this?

public override void PreConfigureServices(ServiceConfigurationContext context)
{
   PreConfigure< OpenIddictServerBuilder >(builder =>
    {
        .....
        builder.SetIssuer("https://iitvdi-01.aurelius.com:4220");
        ....
    });
}

chandra.lk created 3 months ago

4220 is the port of the AdministrationService, not the AuthServer. Shouldn't the AuthServer be the issuer of the token?

Also, if I do this for AdministrationService, I'll have to do the same for all other services as well.

Shouldn't we instead fix the place where ValidIssuers is getting populated?

Something like this in JwtBearerConfigurationHelper?

        context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddAbpJwtBearer(options =>
            {
                options.Authority = configuration["AuthServer:Authority"];
                options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata");
                options.Audience = audience;
                options.TokenValidationParameters.ValidIssuer = configuration["AuthServer:Authority"];
            });

0
liangshiwei created 3 months ago
Support Team Fullstack Developer
Sorry, should be your AuthServer URL

And make sure ValidIssuer and Issuer are the same.

ValidIssuer can be an array.

options.TokenValidationParameters = new TokenValidationParameters() { ValidIssuers = new []{"https://myauthserver.com","http://docker-service-name"} };
0

chandra.lk created 3 months ago

Hi liangshiwei,

Finally was able to get it working.

After adding the ValidIssuers, I got one more exception IDX10500: Signature validation failed. No security keys were provided to validate the signature.

But I found out that similar issue was posted on GitHub and user wangyue20075 provided a solution in his comment.

I still don't understand how this is working when it is being run locally but is failing when I deploy it using Docker Compose.

Thanks for your support!

Have an answer to this question? Log in and write your answer.