Tenant impersonation doesn't work with separate database for tenant #8564 | Support

cvarela@ld created 4 days ago

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info: 🧐 Hint: If you are using the ABP Studio, you can see all the information about your solution from the configuration window, which opens when you right-click on the solution and click on the Solution Configuration button.

The option "login with this tenant" only works if the tenant database is the same as host but doesn't work if the tenant has it's own database.

ABP Framework version: v0.9.18
UI Type: Blazor Server
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace: An unhandled exception has occurred while executing the request. Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'SessionExpired', error_uri: 'error_uri is null'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
Steps to reproduce the issue:

Create tenant with separate connection string
Select tenant actions > "login with this tenant"
Input valid/existing user for login

7 Answer(s)

0

maliming created 4 days ago
Support Team Fullstack Developer

hi

Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'SessionExpired', error_uri: 'error_uri is null'.

Can you share all logs.txt? web, api, and authserver projects.

liming.ma@volosoft.com
Thanks.
0

cvarela@ld created 4 days ago

Hello,

Sent logs through email.

Thank you!
0

maliming created 4 days ago
Support Team Fullstack Developer

Thanks, I will check the logs.

maliming created 4 days ago

Support Team Fullstack Developer

Please try override the IdentitySessionManager, We will fix this in next patch version.

using System;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Volo.Abp.Caching;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Identity.Settings;
using Volo.Abp.Settings;
using Volo.Abp.Uow;
using Volo.Abp.Users;

namespace Volo.Abp.Identity.Session;

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IdentitySessionManager))]
public class MyIdentitySessionManager : IdentitySessionManager
{
    public MyIdentitySessionManager(
        IIdentitySessionRepository identitySessionRepository,
        ICurrentUser currentUser,
        IDistributedCache<IdentitySessionCacheItem> cache,
        IUnitOfWorkManager unitOfWorkManager,
        ISettingProvider settingProvider,
        IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
        : base(identitySessionRepository, currentUser, cache, unitOfWorkManager, settingProvider, identityDynamicClaimsPrincipalContributorCache)
    {
    }

    public override Task<IdentitySession> CreateAsync(string sessionId, string device, string deviceInfo, Guid userId, Guid? tenantId, string clientId,
        string ipAddresses, bool setLastAccessed = false)
    {
        Check.NotNullOrWhiteSpace(sessionId, nameof(sessionId));
        Check.NotNullOrWhiteSpace(device, nameof(device));

        using (CurrentTenant.Change(tenantId))
        {
            var session = await IdentitySessionRepository.FindAsync(sessionId);
            if (session == null)
            {
                Logger.LogDebug($"Creating identity session for session id: {sessionId}, device: {device}, user id: {userId}, tenant id: {tenantId}, client id: {clientId}");
                DateTime? lastAccessed = setLastAccessed ? Clock.Now : null;
                session = await IdentitySessionRepository.InsertAsync(new IdentitySession(
                    GuidGenerator.Create(),
                    sessionId,
                    device,
                    deviceInfo,
                    userId,
                    tenantId,
                    clientId,
                    ipAddresses,
                    Clock.Now,
                    lastAccessed
                ));
            }

            var preventConcurrentLoginBehaviour = await IdentityProPreventConcurrentLoginBehaviourSettingHelper.Get(SettingProvider);
            switch (preventConcurrentLoginBehaviour)
            {
                case IdentityProPreventConcurrentLoginBehaviour.LogoutFromSameTypeDevices:
                    await RevokeAllAsync(userId, device, session.Id);
                    break;

                case IdentityProPreventConcurrentLoginBehaviour.LogoutFromAllDevices:
                    await RevokeAllAsync(userId, session.Id);
                    break;
            }

            return session;
        }
    }
}

0

maliming created 4 days ago
Support Team Fullstack Developer

Your question ticket has been refunded.

Thanks,
0

cvarela@ld created 4 days ago

That fixed the issue.

Thanks.
0

maliming created 4 days ago
Support Team Fullstack Developer

Great 👍

Have an answer to this question? Log in and write your answer.