Open Closed

Override the existing Users, Roles & Permissions Methodology #7882


User avatar
0
pvala created
  • ABP Framework version: v8.2.1
  • UI Type: Angular
  • Database System: EF Core (MySQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes, Angular with Microservice Architecture
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Hello Team,

We have a microservices based architecture solution for our project. We don't want to use the TenantId in the AbpUsers and AbpRoles tables as per our requirements. For that what we have done is, we have kept separate tables (UserTenantAssociation and RoleTenantAssociation), using these tables we will determine which user belongs to which Tenant. And for the Roles, we will have all the Roles in the AbpRoles table with all records having TenantId as NULL, which implies the Roles will be created only in the Host Tenant and not any other Tenant. The other Tenants will be using the same Roles as Host, and which Tenants have which specific Roles to use in their tenant, that will be determined using our custom RoleTenantAssociation table where RoleId (the Id of the role from the host tenant) and the TenantId of that Tenant will be stored).

Now, displaying the list of Roles and Users on the UI doesn't seem to be a problem as we have already done necessary changes in the Users and Roles repositories in the IdentityService to achiever this feat. But the problem arises when the User logs into the Tenants.

Let's say I have a User which belongs to a Tenant, and the User has a role assigned to it as "admin", now in the AbpUserRoles table, the UserId will be the Id of the User from AbpUsers table, TenantId will be TenantId of the Tenant in which the user is trying to log into and the RoleId will be the Id of the Role "admin" from AbpRoles table but it will have TenantId as NULL as the Role belongs to the Host and the same Role should be used by all the Tenants.

Now if we run the application and when the user logs into a Tenant, it doesn't have any Roles assigned to it in the CurrentUser class, and also the GrantedPolicies will also be empty since there are no roles assigned to the user in the currentUser section of application configuration api call.

I tried to check how the values are assigned to the CurrentUser, and I came to know that it gets the values from the Claims generated during the Authentication and are passed to JWT Token during the authentication.

https://github.com/abpframework/abp/blob/8e20aab617205936c299ed5c3c40e0c529a3f06b/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/AbpUserClaimsPrincipalFactory.cs#L14

this is the code I tried :

public class AbpUserClaimsPrincipalFactory : UserClaimsPrincipalFactory<IdentityUser, IdentityRole>, ITransientDependency { public AbpUserClaimsPrincipalFactory( UserManager<IdentityUser> userManager, RoleManager<IdentityRole> roleManager, IOptions<IdentityOptions> options) : base( userManager, roleManager, options) { }

[UnitOfWork]
public override async Task&lt;ClaimsPrincipal&gt; CreateAsync(IdentityUser user)
{
    var principal = await base.CreateAsync(user).ConfigureAwait(false);

    if (user.TenantId.HasValue)
    {
        principal.Identities
            .First()
            .AddClaim(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString()));
    }

    return principal;
}

}

(I tried this code in Administration Service Domain project)

but when using it, the login page will just stay there even after clicking the login button with correct credentials, it doesn't redirect to the angular app.

I want to know how exactly the CurrentUser is assigned these values and I want to override it because we have different logic of fetching the roles (from our custom table). I specifically want to know how the roles are assigned to the current user.

Right now, what I have done is, I have manually updated the value of the RoleId in the AbpUserRoles table, I have updated the RoleId with the one which belongs to the host. And because of that when the user logs into the application, there in, the api/abp/application-configuration?includeLocalizationResources=false api is called and in response of that API call, the grantedPolicies in the "auth" section is an empty array and in the "currentUser" section the roles is an empty array.

example : { "auth": { "grantedPolicies": [] }, "currentUser": { "roles": [], }, } So, given the scenario, how exactly can I set these granted policies and the currentUser values in the application when the user logs in?


94 Answer(s)
  • User Avatar
    0
    pvala created

    I have also pushed the MyAuthorizeController file that I have added to the repository, if they can check that.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Does the principal contain the tenant and roles? Have you debug to check the variable?

  • User Avatar
    0
    pvala created

    It's trying to check the TenantId claim from this method from the AbpClaimsIdentityExtensions file (namespace System.Security.Principal)

    public static Guid? FindTenantId(this ClaimsPrincipal principal)
    {
    	Check.NotNull(principal, "principal");
    	Claim claim = principal.Claims?.FirstOrDefault((Claim c) => c.Type == AbpClaimTypes.TenantId);
    	if (claim == null || claim.Value.IsNullOrWhiteSpace())
    	{
    		return null;
    	}
    	if (Guid.TryParse(claim.Value, out var result))
    	{
    		return result;
    	}
    	return null;
    }
    

    I tried to debug here and here the

    principal.Claims?.FirstOrDefault((Claim c) => c.Type == AbpClaimTypes.TenantId);

    this line is returning null as a claim, i.e., TenantId is not present as a claim in the principal and about the roles part, this is the list of claims I am getting in the principal variable and I am not seeing roles as a claim in the list, so I think roles claim is also not present in the principal.

    "iss: https://test2dev.localhost:44322/" "exp: 1727326332" "iat: 1727326032" "oi_cl_dstn: {""oi_scp"":[""access_token""],""oi_au_id"":[""access_token""],""preferred_username"":[""access_token"",""id_token""],""email"":[""access_token"",""id_token""],""sub"":[""access_token""],""oi_rsrc"":[""access_token""]}" "sub: 3a0daa97-5fba-2079-563c-3e26309bdc81" "preferred_username: admin" "email: safwan@gmail.com" "AspNet.Identity.SecurityStamp: 6DCVHJYKEIHLAYOAR3SQBAPWS23CADJ5" "oi_scp: offline_access" "oi_scp: openid" "oi_scp: profile" "oi_scp: email" "oi_scp: phone" "oi_scp: AccountService" "oi_scp: IdentityService" "oi_scp: AdministrationService" "oi_scp: SaasService" "oi_scp: ProductService" "oi_scp: ClinicService" "oi_scp: AppointmentService" "oi_scp: FormsService" "oi_rsrc: AccountService" "oi_rsrc: IdentityService" "oi_rsrc: AdministrationService" "oi_rsrc: SaasService" "oi_rsrc: ProductService" "oi_rsrc: ClinicService" "oi_rsrc: AppointmentService" "oi_rsrc: FormsService" "oi_prst: Angular" "oi_reduri: http://test2dev.localhost:4200" "oi_cd_chlg: jHXfUpUcsI-oJ5MA5vuDsguSstUszWkzRNGZzxhZTbM" "oi_cd_chlg_meth: S256" "oi_nce: QVF6bU1EczNQd1p2VlpBRmt5cFl5SkFmeWVFSkJGUmhmN2M0dWNaZTNMTFZq" "oi_crt_dt: Thu, 26 Sep 2024 04:47:12 GMT" "oi_exp_dt: Thu, 26 Sep 2024 04:52:12 GMT" "oi_au_id: 3a14ecaf-dae0-d535-4201-7197e6e3092e" "oi_tkn_id: 3a153ed4-6d5e-82a6-ce8e-639fe91a5623" "oi_tkn_typ: authorization_code"

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The claims are written by AbpUserClaimsFactory when you sign in account/login page, please confirm this.

    You can sign in, refresh the auth server project, and set a breakpoint to check current claims on the MVC page.

    The auth server project current user claims come from cookies.

  • User Avatar
    0
    pvala created

    I folowed the steps, and after logging in, the angular app kept reloading the same logged out page, while in another tab I opened the Auth Server project URL, put a breakpoint at the OnGetAsync method in the Login.cshmtl.cs page.

    And there we have the ICurrentPrincipalAccessor injected in the class, there I checked the claims in the principal, but the list was empty. There are no claims in the principal there. And I also check the values of CurrentUser, and it was also having null and default values, that means the current user is not having the correct values.

  • User Avatar
    0
    pvala created

    While in the other tab where angular app is continuously reloading, I check in the network tab,

    https://test2dev.localhost:44322/connect/token

    this api is failing with 400 error code bad request.

    {error: "invalid_grant", error_description: "The token is no longer valid.",…}

  • User Avatar
    0
    pvala created

    Hi, I am finally able to get into the angular application with the user, but because the claims of the user doesn't have the Tenant Id as a claim, it fetches all the permissions and assigns to the user, we want only those permissions which are related to Tenant (i.e., Permissions from the AbpPermissions table with MultiTenancySide as 1 or 3).

    For that, because the claim doesn't contain the TenantId, I had to manually add the claim like this :

    protected override async Task&lt;ClaimsIdentity&gt; GenerateClaimsAsync(Volo.Abp.Identity.IdentityUser user)
    {
        var id = await base.GenerateClaimsAsync(user).ConfigureAwait(false);
    
        var existingRoleClaims = id.Claims.Where(x => x.Type == ClaimTypes.Role).ToList();
    
        foreach (var item in existingRoleClaims)
        {
            id.RemoveClaim(item);
        }
    
        if (UserManager.SupportsUserRole)
        {
            var roles = await IdentityUserManager.GetRoleNamesAsync(user).ConfigureAwait(false);
            foreach (var roleName in roles)
            {
                id.AddClaim(new Claim(Options.ClaimsIdentity.RoleClaimType, roleName));
    
                if (RoleManager.SupportsRoleClaims)
                {
                    var role = await IdentityRoleManager.FindByNameAsync(roleName).ConfigureAwait(false);
                    if (role != null)
                    {
                        id.AddClaims(await RoleManager.GetClaimsAsync(role).ConfigureAwait(false));
                    }
                }
            }
        }
        
        ********** THIS LINE I ADDED ***********
        id.AddClaim(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString()));
        
        return id;
    }
    

    I added that line in the code to achieve this.

    Now, after all this, I am able to get the permissions related only to Tenants, but I am getting this login icon even after user being logged in.

    And I also observed that when I check in the abp configuration response :

    "currentUser": {
        "isAuthenticated": true,
        "id": "3a0daa97-5fba-2079-563c-3e26309bdc81",
        "tenantId": "3a0daa97-5b6d-e661-4f00-22309be7478d",
        "impersonatorUserId": null,
        "impersonatorTenantId": null,
        "impersonatorUserName": null,
        "impersonatorTenantName": null,
        "userName": null,
        "name": null,
        "surName": null,
        "email": "safwan@gmail.com",
        "emailVerified": false,
        "phoneNumber": null,
        "phoneNumberVerified": false,
        "roles": [
            "admin"
        ],
        "sessionId": null
    },
    

    Here some of the claims are missing, like sessionId, username, name, I think it might be related to that, can you guide?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Now, after all this, I am able to get the permissions related only to Tenants, but I am getting this login icon even after user being logged in.

    What are the current user claims of the authserver project?

    And I also observed that when I check in the abp configuration response :

    Please share access_token of this request.


    Please share all logs of this case.

    Thanks.

  • User Avatar
    0
    pvala created
    1. What are the current user claims of the authserver project? Current Claims when hit the breakpoint on Login.chstml.cs page of the authseerver project

    "sub: 3a0daa97-5fba-2079-563c-3e26309bdc81" "preferred_username: admin" "email: safwan@gmail.com" "AspNet.Identity.SecurityStamp: 6DCVHJYKEIHLAYOAR3SQBAPWS23CADJ5" "role: admin" "tenantid: 3a0daa97-5b6d-e661-4f00-22309be7478d" "amr: pwd"

    1. Please share access_token of this request.

    Endpoint : https://test2dev.localhost:44322/connect/token

    Payload : grant_type: authorization_code code: nbTa2qb06FU_FlB3rvA8zFORItoJNIZhFC6yDM_fJyg redirect_uri: http://test2dev.localhost:4200 code_verifier: NHVvdURWZ2tRUnd4NGEyTFFEVkd2Q2RxOGdmQVVuZkdMVjdRVURVZmtmUEZy client_id: Angular

    Response : { "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEzQkQ5MUI5RTFDRkI2QjJGRTQ2OEQ1REE1NTUwMjc0NjcyNDFCRjMiLCJ4NXQiOiJFNzJSdWVIUHRyTC1SbzFkcFZVQ2RHY2tHX00iLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3Rlc3QyZGV2LmxvY2FsaG9zdDo0NDMyMi8iLCJleHAiOjE3Mjc0MTc1MzUsImlhdCI6MTcyNzQxMzkzNSwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIkNsaW5pY1NlcnZpY2UiLCJBcHBvaW50bWVudFNlcnZpY2UiLCJGb3Jtc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIFByb2R1Y3RTZXJ2aWNlIENsaW5pY1NlcnZpY2UgQXBwb2ludG1lbnRTZXJ2aWNlIEZvcm1zU2VydmljZSIsImp0aSI6IjRlNjM5M2U0LWU0NjEtNGRjNC1hNzljLTY0OTk4NzhmM2EzZSIsInN1YiI6IjNhMGRhYTk3LTVmYmEtMjA3OS01NjNjLTNlMjYzMDliZGM4MSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJzYWZ3YW5AZ21haWwuY29tIiwicm9sZSI6ImFkbWluIiwidGVuYW50aWQiOiIzYTBkYWE5Ny01YjZkLWU2NjEtNGYwMC0yMjMwOWJlNzQ3OGQiLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExNGVjYWYtZGFlMC1kNTM1LTQyMDEtNzE5N2U2ZTMwOTJlIiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMTU0NDExLWI3OGEtZDRhYy1iNTg0LWY0NmY3MTFiMDdlNSJ9.qaWIdl_7oxMzEURkomyX3-uJn4SWx7doGawPPvc9d5ll8cLNUnKYZEGF9zlSxVyhZD0MrjfJqvKWXEerDFBTM15LeKbupWj0jDdJfYmQS0Im1CJFWokVSwG5bywliuvlQjEpswuOO-lmDlGbtVHJZYvq9AWh0OrgmQYIsyC1MYBbKpF4yclgTxu2k4CCec-dybdQD6YfK-ON-mAGhUqSGZ4Vy3nqhQ1CSObRGVPtW0u9tK82wasvnpKBvKsvILXTPlKlVNvBNDGuJAVcNWkZafZW6mwLeO7ayfkTu4t2n6rDTYrHtoYV-KutEFhC5URYdfHH-YEBkwAlbwxCkgB3Q", "token_type": "Bearer", "expires_in": 3598, "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService ClinicService AppointmentService FormsService", "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEzQkQ5MUI5RTFDRkI2QjJGRTQ2OEQ1REE1NTUwMjc0NjcyNDFCRjMiLCJ4NXQiOiJFNzJSdWVIUHRyTC1SbzFkcFZVQ2RHY2tHX00iLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3Rlc3QyZGV2LmxvY2FsaG9zdDo0NDMyMi8iLCJleHAiOjE3Mjc0MTUxMzUsImlhdCI6MTcyNzQxMzkzNSwiYXVkIjoiQW5ndWxhciIsInN1YiI6IjNhMGRhYTk3LTVmYmEtMjA3OS01NjNjLTNlMjYzMDliZGM4MSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJzYWZ3YW5AZ21haWwuY29tIiwidGVuYW50aWQiOiIzYTBkYWE5Ny01YjZkLWU2NjEtNGYwMC0yMjMwOWJlNzQ3OGQiLCJvaV9hdV9pZCI6IjNhMTRlY2FmLWRhZTAtZDUzNS00MjAxLTcxOTdlNmUzMDkyZSIsImF6cCI6IkFuZ3VsYXIiLCJub25jZSI6ImMyRkhPVzVqYW01c1lUWi1haTE1YkZOUmQwUkxhMmRQWkVvNFVsOHdWVEJXZmtNdU1sRkxVMDgwVVZZNCIsImF0X2hhc2giOiJnb29ET01vcFQxVTBIVG81ZjVZeWRnIiwib2lfdGtuX2lkIjoiM2ExNTQ0MTEtYjk0My02Yzk1LWY0NDMtODA1MDZmODI1NTE1In0.l9E1MBJCFINBFp9BUZkm4fu1rHFy38PW9WcMus_12D-Y4WgEzFYQTREH-SPvvAKGk9Sc8aHUaMWIFZFO86L51AjbEOSazKhNhnGBpZO_o5AenXmGYeWb2I6mE4Sa5oIPZz61nM9J2Fat1eoqyojRL0_GNHscEd5xa8l2NANX31HbCB4_L0fVeqk5y9X2hPtLzmXh21rJJ7SsDWZYAwWM_Zh-0nnJPH2PKhtZPEE57QqrHD16JcjG86-AKcrl5tE0XUp9fmf5LrLN5za4HUrjnJr94j7TIJuk63RIWQwvwHC-kMBqkEcirOSusHhCUEFdiQqgsxrzOFE2UE4GmbgfQw", "refresh_token": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIyRUJEQzZDQTEzMTNENTJDMkQzQTc3NDhEMzM5RTI5RDgwMTUxQTU1IiwidHlwIjoib2lfcmVmdCtqd3QiLCJjdHkiOiJKV1QifQ.lzO4fwMo3yONJS_X0Nxk7DF-EnBmhgI3zcf7ZtxynQf6QXxB37VvG9g6gt0BQdHvNXJ0WKH5U9ro-EmwKGe9RhPJjt2WMBwcuQcWv1qyDK65SZ9ryKNoX1KaldTAFFOIfMvdflEUyMZK0Bz7jqQsEHXhExgfxSzshx9LDZub16MX0KavHmpyk1i_D9h-94S0UMlK2Au1hVbKwk7vDQxb-BJ8lIgj9EhW1ci5uV4IQNQ2DaO2UD05nGj5EiX7ZwVeR0pXR48XR_bQkTJNZbzC9Add07hW4xiCcHlHRUXYWZEEVvSAuSH6ewYydru3p4X2g1Tji-QaabKrY9gSAf0hOA.-a7O1vaRlgI2sFaw_62nMg.ebu4GOrMb-0ALghZRxN8bj95P1c6f52HlhYUxmAIJYevB8pIDhQjUgEUy-QAjQHpXRnY3JIkjJzwukqbQYQH1PSTlrpgNmY73i59V7VoLmim_3qu70kuv9QGPl5hb-CTyY2xQE0fCTxBZNPg4sPq006RRm-yProcZe-r3a0BZf5wczZMF5SHmthDk43T5dH_RhLVuAiMRgkWPsEi1Y4_6LBlR-mYMo-xLBxmsl3EtFFT7VXeVreuNFGpx3GYReLMu0pgTK2aYgS63NClBthx0MFysIoAL35FXsITXGRm8Hiso_n8AajI5ny7ovAxN3aYh8peCOza5DqdkUJUI2eMZeR4j53PiFRy5_xb-OxjvQhy9j-jm3yK9ghUCCCshjQ-TZcVFPGm-pi0frtA6UtPfWfDIOvTae1T9AMYCoasb-zUZynJstw-8ZK1Ehz5f55GRdd0-wW3YjDz6On9CFdkxbyVPI39QVr2_F9VQrdXBs4oN8tJoRvn0fzGs50BLT3KBfstOZObyKCC7zHvJAxBRE6ZVsjyW3zzU5qgUGNjsLw238HYEK2yJw5f1F7x1lLMSFDYxnmE8ShXD9w0RvLc9a0Lkxi9eZ_SHW_KPN1WNvsdg6gCKHbCiWNqC4JmBIYNtzsymXFK5LUGE19cHeXl6bXgD3k1S7w_v1AuWhjIqp7AbN8TftLa-KUt4DtM1oGbBmVGNjazhElPlzDxMQgARcLW4H2BP5sTV2m12F8chgHHC_fHa9wlPZCzEP7wErjTE36nwtkdxJYoCeugXG-539DyPB8tM0yAqbKuko1Jqu5sIbdJfEH73n5mSUbI7zXTnQdLgRzFlELuH6viGSveT24IylyhGeypUwKv01IeOhMQGA4mZmLmaLQoKTuKCSN3kX44MUs02_ZYZ6Bj5Qh25SAbDjuQ08jhgMyTKTdeXXFvNEOk40AAmWh081rURjybfEL2AbGrqc3NYihh_IUKCuEQ8VA_Tj-dXG_DX_IPhXfKmmRqUqvzDF4VFbnGIAf0hH5KVQSYes-SHxLaX5Dc5zMnsKfJVbh4UEJm_In0ri1suoXMDgY0XHkfIP_lKVEUFEMncPpTdILWpbECwTfNx1tzzBTgDOcrMILVT2H5vuaoxAlSrxXWYyw5LiL_phUOjLHs0c4-iuynJKCoRlFIOHbbVAk_JTXVGJkhRK_T9Dc2DVR8iEkgFCJvhMUCNBu-AB1vSl_HHq97vMfgV9qeOHzGpHDVI_1ct3PsEZMacdJq0AFd5H3TP2GKdDY6z-eUcV0F7OLB54lAZLpRhkn30XlwXne_w1q9H3GTmBW6W56lP1vvuaWH6roJklz0trpqjGOxay8lfF5bBPU5MvFr3rUXotFSLTmHW3Hg7qv0_VO_xK1MQ5WRwzFa3Do8OOJqD_kFQcVGxgf4NHhtto18mewHkQWdiGXo3Hk7-LN9gQXoyh8FeAiJ6Alf2WTbhlVa1s2F0bRuCo1tKeziGMc4Oa5ZfQnr0xoDCLKdsPUA0k4gvL42uZz8onE4riIyrO5FNQtxVSZ2AnAB4lpIhdFkyI2IN2bJS1Qdl-fwC3Ikbny6FMzMoOuWFQ80qkduk0EaUWKPOGpYXXJt-T2T5mW2NCuicGjmUdl8Hg2GnKUbW5mEUk1IkSWxvD9bs_Up28R465H5C3B5qIk5xFj4KDBNPsqwXt6NUCbGUcAbH8Y7ZfwiTj6kpGhq72DpDO-qRsh58Au8Eqn4_8JuWox4lrZAlXK6n1XBrUEwi4y2PyYJASfKtrUMySAk5y57KvPyLcWyQUZmbOMBgo1MDD-u77r1_r2ib7pqmQQSaY34zHEa27xRmRXD74W1KjXnIW-VPHPn0l0lBjkPfEyulr168FaIEMo48XfAtgGL5DXKH4ozf0hAGPMPtKP3ACs7d1AkOO3_xeHvy18n19lZ_6Pv9oqLBKM3MHUd4SH1DOAASfw25vkontN0DHs9o0Kxq4Y9_NhZxFvfr1GVhmwC3K8G2tOyM9VjvX6jJJdDLeeGerFWgc3qiZTNPMtTfte7RfKJee6S1zDq22Nu7zh5_zDwiBPWL1_iVvVyilzS16CeaRl9EPnKohrh2AcPSyLBlPsD9IP4aBu5QUnBK9X4War0wa9rTFUbDT18kFWzYSkGAgoneClZ-BzMjDG2CoCZXUFeFbOtowKaSVvGqt4cfze1D70T65CJLGfTk-jBzxJRtpLARp5LHhiBC_HlgZDCxNF6P1dtq7TtZribouxRpiv7PoYfxTq85UJ2p-ur-pVpP9nWai5JdOzzsEhjU5ZmZ8I59LgJtSBLfNMEeQreB77ZF7cOPzK_OR01A57ygsAGO_C4LPIyHaQYc7X0ZZWb-5uxeyrpiLfty1MfeNN43AK7sq8Ms-QkH1AN-jQoQ6i98V0-ahLJEZM36zExv1otwCEH5wVHyY0KO4fGVUYd0GFgM22gNCX36RjjtRG4y6JOJC2vzfllORYlFlhW7NDTudW3lcxYv1C-j8oiurdwLhPK9PPB6cBA_4O5ZTpl-UT6K3ttR8g1g_PHh0TDGJBMa3kkWhegQKnOqRUHHVlMRXH0pn3xDTkKLIwi2vq1_HfrHrv4bqZ-KIAUOUxk1OwQr0dP4LsUsdlqiSVKoW0U8fM6E8goZeYDayHg59nUo60rY30VFvGMLpdJn1Jh_tVi2a83fUFWhpzjGWfgPdadyYcLXvx1-3cvxEzBzxgnmrP8hsdzxt0wUADM67M5buTL5i97OcH85cjQi8TvRlx3jR_zDmPBRKfZ-7njrlj_NXGxTJSNDBqHDt_R__DFFkMD7pgBDSZd2S86MT65BcSTl3ocBzdIsrgWbyMgbRqo7tcIAvMNxaHv52GrqY8zbeGmQr9zcjP12YQ442y4woOaEzs-6GOiy6MF_5qsd18gfKh5V4djDWhhIcSqm1DCfbz-zGm-76NVptT6XqV0BQhdJggIPVWorKT_3aG33k-2iA8x18dhX647WEYa29zGR3MD-M0ep7XgjTJw1YWwYC7O3IhiiQpQ6PrkMB1n0SIFPPKFx7zUjsIecyxrz0l8EMxxMMB5sL7OZkAJ1hIG55C02D_kxo-dgsjtO4M2bYNeYFvk2zUZ83WVjN1d31qqnerqNeaxbjCeI0p5V1H5v4pp9cMZUhpTgKHfisxj9UlgEuOflNs6OBGFHm2eUL804yX00ltsMdTHBmAX5t5EcIayukwUVibrrnDsI1VrWH8NJo8fuTPLrMHKhSrAwjimnaa2grfSorXm9tV_F469oNvEk5mavnI1A.eMbinHcmgx8GnC4TymoVJtu2mSUbr-vDpmIZbZAtf30" }

    1. Please share all logs of this case.

    I am sharing the logs via WeTransfer

  • User Avatar
    0
    pvala created

    Also, here is the value of currentUser property of the response of the abp app configuration api call when breakpoint hits on the auth server project

    "currentUser": { "isAuthenticated": true, "id": "3a0daa97-5fba-2079-563c-3e26309bdc81", "tenantId": "3a0daa97-5b6d-e661-4f00-22309be7478d", "impersonatorUserId": null, "impersonatorTenantId": null, "impersonatorUserName": null, "impersonatorTenantName": null, "userName": "admin", "name": null, "surName": null, "email": "safwan@gmail.com", "emailVerified": false, "phoneNumber": null, "phoneNumberVerified": false, "roles": [ "admin" ], "sessionId": null },

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The claims seem to be no problem.

    Can you create a new question and share the info? I will ask our angular team why the UI is wrong.

    {
      "iss": "https://test2dev.localhost:44322/",
      "exp": 1727417535,
      "iat": 1727413935,
      "aud": [
        "AccountService",
        "IdentityService",
        "AdministrationService",
        "SaasService",
        "ProductService",
        "ClinicService",
        "AppointmentService",
        "FormsService"
      ],
      "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService ClinicService AppointmentService FormsService",
      "jti": "4e6393e4-e461-4dc4-a79c-6499878f3a3e",
      "sub": "3a0daa97-5fba-2079-563c-3e26309bdc81",
      "preferred_username": "admin",
      "email": "safwan@gmail.com",
      "role": "admin",
      "tenantid": "3a0daa97-5b6d-e661-4f00-22309be7478d",
      "oi_prst": "Angular",
      "oi_au_id": "3a14ecaf-dae0-d535-4201-7197e6e3092e",
      "client_id": "Angular",
      "oi_tkn_id": "3a154411-b78a-d4ac-b584-f46f711b07e5"
    }
    
  • User Avatar
    0
    pvala created

    Hi, I have created the ticket

    https://abp.io/support/questions/7989/User-profile-picture-section-not-visible-after-user-logs-in

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks. I have forwarded it to our angular team. They will reply you asap.

  • User Avatar
    0
    pvala created

    Hi, we were able to finally implement what we required, as to use roles and permissions from the host tenant for all the other tenants. But, there is still a minor issue, in which we are getting the sessionId and the username of the logged in user as NULL in the currentUser section of the abp application configuration API call. It might get further issues in the application, can you suggest why would it happen and how do we resolve this?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi @pvala

    in which we are getting the sessionId and the username of the logged in user as NULL in the currentUser section of the abp application configuration API call

    Why that's happened?

    If you don't need to use the session management feature, you can ignore the sessionId.

    username is getting from claims, Please check your current user claims

  • User Avatar
    0
    pvala created

    I checked the current claims, there I am getting the preferred_username as "admin", which is correct. So, I am not sure if it's related to claims.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you set a breakpoint to check the AbpClaimTypes.UserName in every project?

    I have an article to explain this.

    https://abp.io/community/posts/how-claim-type-works-in-asp-net-core-and-abp-framework-km5dw6g1

    AbpClaimTypes.UserId = JwtClaimTypes.Subject;
    AbpClaimTypes.UserName= JwtClaimTypes.PreferredUserName;
    AbpClaimTypes.Role = JwtClaimTypes.Role;
    AbpClaimTypes.Email = JwtClaimTypes.Email;
    
    AbpClaimTypes.UserId = JwtClaimTypes.Subject;
    AbpClaimTypes.UserName = JwtClaimTypes.Name;
    AbpClaimTypes.Role = JwtClaimTypes.Role;
    AbpClaimTypes.Email = JwtClaimTypes.Email;
    
  • User Avatar
    0
    pvala created

    I have done some more analysis on this. I took the JWT tokens from the API calls 2 scenarios, one where we haven't overridden anything and kept everything as per the Framework, and one where we have our implementation.

    I took those 2 JWT tokens and decoded them and came to know that the one which is using the default Framework implementation is these properties extra then the one where we have our implementation

    session_id unique_name given_name email_verified phone_number_verified

    Is there any significance of this? What I am thinking is somehow, it's because of the session id being null here.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The unique_name,given_name,email_verified,phone_number_verifiedclaims are created by AbpUserClaimsPrincipalFactory

    https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/AbpUserClaimsPrincipalFactory.cs#L14

    The session_id is created by IdentitySessionClaimsPrincipalContributor(AbpIdentityProDomainModule Volo.Abp.Identity.Pro.Domain)

Made with ❤️ on ABP v9.0.0-preview Updated on September 30, 2024, 13:13