Permission-Based Authorization Failing after .Net upgrade 8.0 #8239 | Support

prachi@urvin.finance created 8 days ago

ABP Framework version: v8.3.0* UI Type:Blazor Server
Database System: EF Core (PostgreSQL)
Exception message and full stack trace: 403 Forbidden
Steps to reproduce the issue: Log in as an super-admin. Not able to access any identity-related pages such as /identity/organization-units, /identity/roles, etc

I am encountering an application-wide issue where I'm unable to authorize any action method or view based on user permissions. However, role-based authorization is functioning as expected. Upon inspecting the token, it includes the user's role, but ABP is not retrieving permissions associated with that role.

I've also verified the database, and all necessary permissions are correctly seeded to this role. However, ABP still isn't retrieving or recognizing these permissions for authorization, even though role-based checks are working.

I suspect this issue may have arisen due to a recent project upgrade.

14 Answer(s)

maliming created 7 days ago

Support Team Fullstack Developer

Please share a test access_token
Please share the Debug logs of your API call.
Please set a breakpoint to see the current claims of the API call.

public class Program
{
    public async static Task<int> Main(string[] args)
    {
        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())
            .CreateLogger();

https://abp.io/community/articles/how-claim-type-works-in-asp-net-core-and-abp-framework-km5dw6g1

Thanks.

0

prachi@urvin.finance created yesterday

Hi, I would like to open this ticket again.

I would like to give more context to this.

I created same endpoint GetPAuthWithPermissions in administration service and identity service. It is running fine in administration service after clearing cache from Redis.

But the same is not working in Identity service

Below are the logs

---------------------------------------------------Administration service logs -------------------------------------------------------------------------------------------

[13:06:39 INF] Request starting HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - null null [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: U,3a12fe40-5e08-9485-9631-e33430540d9e [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: R,admin [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 INF] Executing endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 INF] Route matched with {area = "AdministrationService", controller = "Permission", action = "GetPAuthWithPermission", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Boolean] GetPAuthWithPermission() on controller UrvinFinance.AdministrationService.Permissions.PermissionController (UrvinFinance.AdministrationService.HttpApi). [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 INF] Executing ObjectResult, writing value of type 'System.Boolean'. [13:06:42 INF] Executed action UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi) in 36.9788ms [13:06:42 INF] Executed endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 INF] Request finished HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - 200 null application/json; charset=utf-8 2833.4599ms

---------------------------------------------------Identity service logs ------------------------------------------------------------------------------------------- [13:09:03 INF] Request starting HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - null null [13:09:03 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:09:03 DBG] Setting the cache items. Count: 166 [13:09:03 DBG] Finished setting the cache items. Count: 166 [13:09:03 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.Roles [13:09:03 INF] AuthenticationScheme: Bearer was forbidden. [13:09:03 INF] Request finished HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - 403 0 null 25.4081ms

maliming created 19 hours ago

Support Team Fullstack Developer

Identity service logs

Please share a test access_token
Please set the log level as Debug and share full logs of Identity service logs

public class Program
{
    public async static Task<int> Main(string[] args)
    {
        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())
            .CreateLogger();```

Please set a breakpoint in Identity service project to see the current claims of the api/identity-service/user-account/GetPAuthWithPermission call.

prachi@urvin.finance created 13 hours ago

bearer token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkNBMUNENEZCMjc5RTNGQTkxRjNFM0FBM0VGREM0REEyMEYxNUY1QzhSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6InloelUteWVlUDZrZlBqcWo3OXhOb2c4VjljZyJ9.eyJuYmYiOjE3MzE1Njg0NzIsImV4cCI6MTc2MzEwNDQ3MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLXNlcnZlcjo0NDMyMiIsImF1ZCI6WyJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiR2VuZXJhbFNlcnZpY2UiLCJJZGVudGl0eVNlcnZpY2UiLCJJbWFnZVNlcnZpY2UiLCJJbmRpY2F0b3JTZXJ2aWNlIiwiTmV3c1NlcnZpY2UiLCJOb3RpZmljYXRpb25TZXJ2aWNlIiwiUGF5bWVudFNlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIl0sImNsaWVudF9pZCI6IlVydmluRmluYW5jZV9CbGF6b3JTZXJ2ZXIiLCJzdWIiOiIzYTEyZmU0MC01ZTA4LTk0ODUtOTYzMS1lMzM0MzA1NDBkOWUiLCJhdXRoX3RpbWUiOjE3MzE1Njg0NzIsImlkcCI6ImxvY2FsIiwiZW1haWwiOiJlbWFpbEBmYWtlLmRvbWFpbiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Qb3JyYSIsIm5hbWUiOiJhZG1pblBvcnJhIiwiZ2l2ZW5fbmFtZSI6ImFkbWluUG9ycmEiLCJmYW1pbHlfbmFtZSI6IiIsInNlY3VyaXR5LXN0YW1wIjoiTVhUT083SUhVUFA0Nkk0NFVFUEFYUklPT0ZEM1I0REkiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MzE1Njg0NzIsInNjb3BlIjpbImFkZHJlc3MiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiZW1haWwiLCJHZW5lcmFsU2VydmljZSIsIklkZW50aXR5U2VydmljZSIsIkltYWdlU2VydmljZSIsIkluZGljYXRvclNlcnZpY2UiLCJOZXdzU2VydmljZSIsIk5vdGlmaWNhdGlvblNlcnZpY2UiLCJvcGVuaWQiLCJQYXltZW50U2VydmljZSIsInBob25lIiwiUHJvZHVjdFNlcnZpY2UiLCJwcm9maWxlIiwicm9sZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.kgSXpQqgJ-fUCsKsSdbZtrmvE\_R\_utayMPYEEKmeA7qseqOkiuFl2tAWaS9MfLhyhox8
a) full logs of Identity service:

{"Timestamp":"2024-11-14T08:24:28.9368522+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44388""""/api/identity-service/user-account/GetPAuth""" - null null","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44388","PathBase":"","Path":"/api/identity-service/user-account/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3484416+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)"'","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"EndpointName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3806442+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"IdentityService\\", action = \\"GetPAuth\\", controller = \\"UserAccount\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.IdentityService.User.UserAccountController\" (\"UrvinFinance.IdentityService.HttpApi\").","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"RouteData":"{area = \"IdentityService\", action = \"GetPAuth\", controller = \"UserAccount\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.IdentityService.User.UserAccountController","AssemblyName":"UrvinFinance.IdentityService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"bb170843-9eb1-4d97-83e5-b5e8f74b610f","ActionName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}

b) full logs of Administration service

{"Timestamp":"2024-11-14T08:26:55.6814108+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44367""""/api/permission-service/permission/GetPAuth""" - null null","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44367","PathBase":"","Path":"/api/permission-service/permission/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8101460+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)"'","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"EndpointName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8344923+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"AdministrationService\\", controller = \\"Permission\\", action = \\"GetPAuth\\", page = \\"\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.AdministrationService.Permissions.PermissionController\" (\"UrvinFinance.AdministrationService.HttpApi\").","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"RouteData":"{area = \"AdministrationService\", controller = \"Permission\", action = \"GetPAuth\", page = \"\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.AdministrationService.Permissions.PermissionController","AssemblyName":"UrvinFinance.AdministrationService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"87349f99-8ce5-4ee5-823a-5cdca8724e11","ActionName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}

current claims for identity service

[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "[https://auth-server:44322"](https://auth-server:44322&quot;)
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "aud",
"Value": "AuthServer"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier&quot;),
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "[http://schemas.microsoft.com/identity/claims/identityprovider"](http://schemas.microsoft.com/identity/claims/identityprovider&quot;),
"Value": "local"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress&quot;),
"Value": "[email@fake.domain](mailto:email@fake.domain)"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname&quot;),
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname&quot;),
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "[http://schemas.microsoft.com/ws/2008/06/identity/claims/role"](http://schemas.microsoft.com/ws/2008/06/identity/claims/role&quot;),
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "address"
},

{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "[http://schemas.microsoft.com/claims/authnmethodsreferences"](http://schemas.microsoft.com/claims/authnmethodsreferences&quot;),
"Value": "pwd"
},
{
"Type": "name",
"Value": "adminPorra"
}
]

current claims for administratotion service

[
 {
 "Type": "nbf",
 "Value": "1731568472"
 },
 {
 "Type": "exp",
 "Value": "1763104472"
 },
 {
 "Type": "iss",
 "Value": "https://auth-server:44322"
 },
 {
 "Type": "aud",
 "Value": "AdministrationService"
 },
 {
 "Type": "client\_id",
 "Value": "UrvinFinance\_BlazorServer"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
 "Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
 },
 {
 "Type": "auth\_time",
 "Value": "1731568472"
 },
 {
 "Type": "http://schemas.microsoft.com/identity/claims/identityprovider",
 "Value": "local"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
 "Value": "email@fake.domain"
 },
 {
 "Type": "phone\_number\_verified",
 "Value": "False"
 },
 {
 "Type": "email\_verified",
 "Value": "True"
 },
 {
 "Type": "preferred\_username",
 "Value": "adminPorra"
 },
 {
 "Type": "name",
 "Value": "adminPorra"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
 "Value": "adminPorra"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
 "Value": ""
 },
 {
 "Type": "security-stamp",
 "Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
 },
 {
 "Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
 "Value": "admin"
 },
 {
 "Type": "iat",
 "Value": "1731568472"
 },

 {
 "Type": "scope",
 "Value": "offline\_access"
 },
 {
 "Type": "http://schemas.microsoft.com/claims/authnmethodsreferences",
 "Value": "pwd"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
 "Value": "adminPorra"
 }
]

0
maliming created 12 hours ago
Support Team Fullstack Developer
hi

The role type in claims is ClaimTypes.Role(http://schemas.microsoft.com/ws/2008/06/identity/claims/role)

Please check the typeValue of AbpClaimTypes.Role

var typeValue = AbpClaimTypes.Role typeValue should be http://schemas.microsoft.com/ws/2008/06/identity/claims/role

{ "Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Value": "admin" }

If the typeValue is role, that's mean your claim type is incorrect.

Please also check the Roles of CurrentUser, if the Roles is empty, it is also the problem of claim type.

Thanks.
0

prachi@urvin.finance created 12 hours ago

You're right. In IdentityService, AbpClaimTypes.Role = "role" CurrentUser.Roles is empty

But in AdministrationService, AbpClaimTypes.Role = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" CurrentUser.Roles has data

Is there some reference missing which needs to be added in identity service? Kindly help.
0

maliming created 12 hours ago
Support Team Fullstack Developer

hi

Please share the content of IdentityService host module. It may be IdentityServiceModule or IdentityServiceHostModule
0

prachi@urvin.finance created 12 hours ago

Let me know how can we start a private chat?
0

maliming created 12 hours ago
Support Team Fullstack Developer

liming.ma@volosoft.com
0

prachi@urvin.finance created 11 hours ago

I have shared the file on google chat. Please check Thanks!
0

maliming created 11 hours ago
Support Team Fullstack Developer

hi

No ideas why AbpClaimTypes.Role changed.

We only change the AbpClaimTypes.Role to role in AbpOpenIddictAspNetCoreModule and some modules.

Can you search the AbpClaimTypes.Role in your whole solution?

Or can you share the full source code of your solution?
0

prachi@urvin.finance created 11 hours ago

I couldn't find anything AbpClaimTypes.Role in the code.

I can't share the full source code as it's an enterprise application. I can provide the remote access. Thanks
0

maliming created 10 hours ago
Support Team Fullstack Developer

hi

I can remote-check your app at https://www.worldtimebuddy.com/?qm=1&lid=1816670&h=1816670&date=2024-11-14&sln=10-17&hf=0

Please send your time to liming.ma@volosoft.com

I will share the zoom link.

1
0

prachi@urvin.finance created 8 hours ago

Could you please confirm if you received my email?

Have an answer to this question? Log in and write your answer.