Authentication failure on tiered blazor server app in iis #8641 | Support

chrisalves created 3 days ago

I am making the deploy of a tiered blazor server app to iis server on a vm hosted in azure and i am having trouble with authentication. I run the authserver, httpapihost and finally the blazor app, it loads correctly but when I click in login the error 400 appears, and the logs allegate a fail with the authentication.

I am using a wildcard ssl certificate configured on iis for *.pipali.com.br

I'll show now my appsettings of the projects:

Authserver:

{ "App": { "SelfUrl": "https://alfa9authserver.pipali.com.br", "CorsOrigins": "https://alfa9blazor.pipali.com.br,https://alfa9httpapihost.pipali.com.br", "RedirectAllowedUrls": "https://alfa9blazor.pipali.com.br,https://alfa9httpapihost.pipali.com.br", "DisablePII": false }, "ConnectionStrings": { "Default": "Server=(LocalDb)\MSSQLLocalDB;Database=Alfa09-Quality;Trusted_Connection=True;TrustServerCertificate=true" }, "AuthServer": { "Authority": "https://alfa9authserver.pipali.com.br", "RequireHttpsMetadata": true, "CertificatePassPhrase": "1d9d9e9a-7480-4970-9495-f1e96de69336" }, "StringEncryption": { "DefaultPassPhrase": "z56ynL51bR7WsK28" }, "Redis": { "Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=dxQrHqkjDYmNiLXL2CgvR2PviA2DijWc" } }

HttpApiHost:

{ "App": { "SelfUrl": "https://alfa9httpapihost.pipali.com.br", "MVCPublicUrl": "https://localhost:44345", "CorsOrigins": "https://*.Alfa09.com", "DisablePII": false, "HealthCheckUrl": "https://alfa9httpapihost.pipali.com.br/health-status" }, "ConnectionStrings": { "Default": "Server=(LocalDb)\MSSQLLocalDB;Database=Alfa09-Quality;Trusted_Connection=True;TrustServerCertificate=true" }, "Redis": { "Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=dxQrHqkjDYmNiLXL2CgvR2PviA2DijWc" }, "RabbitMQ": { "Connections": { "Default": { "HostName": "localhost" } }, "EventBus": { "ClientName": "HttpApiHost", "ExchangeName": "Alfa09" } }, "AuthServer": { "Authority": "https://alfa9authserver.pipali.com.br", "RequireHttpsMetadata": true, "MetaAddress": "https://alfa9authserver.pipali.com.br", "SwaggerClientId": "Alfa09_Swagger" }, "StringEncryption": { "DefaultPassPhrase": "z56ynL51bR7WsK28" } }

Blazor:

{ "App": { "SelfUrl": "https://alfa9blazor.pipali.com.br", "DisablePII": false }, "RemoteServices": { "Default": { "BaseUrl": "https://alfa9httpapihost.pipali.com.br" }, "AbpAccountPublic": { "BaseUrl": "https://alfa9authserver.pipali.com.br" } }, "Redis": { "Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=dxQrHqkjDYmNiLXL2CgvR2PviA2DijWc" }, "RabbitMQ": { "Connections": { "Default": { "HostName": "localhost", "Port": 5672, "Username": "guest", "Password": "guest", } }, "EventBus": { "ClientName": "BlazorServer", "ExchangeName": "Alfa09" } }, "AuthServer": { "Authority": "https://alfa9authserver.pipali.com.br", "RequireHttpsMetadata": true, "ClientId": "Alfa09_BlazorServer", "ClientSecret": "1q2w3e*" }, "StringEncryption": { "DefaultPassPhrase": "z56ynL51bR7WsK28" } }

ABP Framework version: v0.9.20
UI Type: Blazor Server
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:

Logs from blazor:

[15:59:07 INF] Initialized all ABP modules. [15:59:07 INF] Application started. Press Ctrl+C to shut down. [15:59:07 INF] Hosting environment: Quality [15:59:07 INF] Content root path: C:\inetpub\apps\alfa9\alfa9blazor [15:59:07 INF] Request starting HTTP/2 GET https://alfa9blazor.pipali.com.br/ - null null [15:59:09 INF] Executing endpoint '/ (/)' [15:59:09 INF] Bundling __bundles/Blazor.LeptonXTheme.Global.8825C25A46067E659DE2294C6AF67F1C.css (17 files) [15:59:09 INF] > Minified /libs/@fortawesome/fontawesome-free/css/all.css (106394 bytes -> 72264 bytes) [15:59:09 INF] > Minified /libs/@fortawesome/fontawesome-free/css/v4-shims.css (38514 bytes -> 30407 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/css/abp.css (1342 bytes -> 878 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.BlazoriseUI/volo.abp.blazoriseui.css (1274 bytes -> 939 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AuditLogging.Blazor/css/audit-logging.css (84 bytes -> 59 bytes) [15:59:09 INF] > Minified /_content/Volo.FileManagement.Blazor/filemanagement/css/filemanagement.css (2703 bytes -> 2144 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web.LeptonXTheme/side-menu/libs/bootstrap-icons/font/bootstrap-icons.css (74827 bytes -> 57858 bytes) [15:59:09 INF] > Minified /blazor-global-styles.css (847 bytes -> 574 bytes) [15:59:09 INF] > Minified /Alfa09.Blazor.styles.css (867 bytes -> 607 bytes) [15:59:09 INF] Bundled __bundles/Blazor.LeptonXTheme.Global.8825C25A46067E659DE2294C6AF67F1C.css (619780 bytes) [15:59:09 INF] Bundling __bundles/Blazor.LeptonXTheme.Global.08DDBD1A43C345973039B06AD8A11F66.js (13 files) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/js/abp.js (8553 bytes -> 3582 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/js/authentication-state-listener.js (453 bytes -> 234 bytes) [15:59:09 INF] > Minified /_content/Volo.Chat.Blazor/libs/AvatarManager.js (2123 bytes -> 1086 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Server.LeptonXTheme/scripts/leptonx-blazor-compatibility.js (4501 bytes -> 2011 bytes) [15:59:09 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web.LeptonXTheme/scripts/global.js (798 bytes -> 269 bytes) [15:59:09 INF] Bundled __bundles/Blazor.LeptonXTheme.Global.08DDBD1A43C345973039B06AD8A11F66.js (1044243 bytes) [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: Chat.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: CmsKit.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: Chat.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: CmsKit.SettingManagement [15:59:10 WRN] Could not find the localization resource LeptonX on the remote server! [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: Chat.SettingManagement [15:59:10 INF] Authorization failed. These requirements were not met: PermissionRequirement: CmsKit.SettingManagement [15:59:10 WRN] Could not find the localization resource LeptonX on the remote server! [15:59:10 WRN] Could not find the localization resource LeptonX on the remote server!

Logs from authserver:

[15:59:16 INF] Client validation failed because 'https://alfa9blazor.pipali.com.br/signin-oidc' was not a valid redirect_uri for Alfa09_BlazorServer. [15:59:16 INF] The authorization request was rejected because the redirect_uri was invalid: 'https://alfa9blazor.pipali.com.br/signin-oidc'. [15:59:16 INF] Request finished HTTP/2 GET https://alfa9authserver.pipali.com.br/connect/authorize?client_id=Alfa09_BlazorServer&redirect_uri=https%3A%2F%2Falfa9blazor.pipali.com.br%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20Alfa09&response_mode=form_post&nonce=638724671559100420.NTdhMTNkMmEtNDVjNC00N2U1LTlkOTAtYzVlNzg2MGJhMzkwZTU0NmJhY2YtNDJjYy00OGYzLTk2MzMtYzQ5NzViMzY2OThh&state=CfDJ8DClCOtfvdVOknIgtKcPoeh6I1YMlzFeYAAuNf_BerK63LuVAZEg47FYaCxSSibZqBup8GmcPNmTX3h9OT4YksFEOcCvyTE6cVeVVBS58DG0PjC8tf5XbIrKtiYz4cwqJdNPzt0HchAOaBom7m-IiJIQqmuSuehKSUWbE8ZExjFOqrqbGTYWm-tZ0x0PxtbDg8Nfb_ady-h0K5gAfQjT2pRt95mOCRC1yenO576LwFEnLRJeitVsxpD4E3V5j9lvnF9qVqgSeRVgr8H3Xzy3LLKS2S71sYOuX2X--0NLWE_W3VYUHqkFDuu3ByiJf-vaKA&x-client-SKU=ID_NET9_0&x-client-ver=8.1.0.0 - 302 null null 130.6717ms [15:59:16 INF] Request starting HTTP/2 GET https://alfa9authserver.pipali.com.br/Error?httpStatusCode=400 - null null [15:59:16 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [15:59:16 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController

Steps to reproduce the issue:

Publish the projects on windows server
Configure the iis and the websites
Configure the appsettings of each site
Try to login

Please help, if you need more info i'll send :)

5 Answer(s)

0

Anjali_Musmade created 3 days ago
Support Team Support Team Member

Hello

Please check this link https://abp.io/support/questions/6031/Client-validation-failed-because-%27xxx%27-was-not-a-valid-redirecturi-for-AppWeb

Thank you
0

chrisalves created 2 days ago

Hi

I tried https://abp.io/support/questions/1009/Invalid-redirecturi---RedirectAllowedUrls-on-Login-page and worked for me, I forgot to specify the uri on dbmigrator's appsettings.

But now i'm facing another problem, I can make the login but when I am logged the error 400 appears.

logs on blazor:

[15:22:17 INF] Initialized all ABP modules. [15:22:17 INF] Application started. Press Ctrl+C to shut down. [15:22:17 INF] Hosting environment: Quality [15:22:17 INF] Content root path: C:\inetpub\apps\alfa9\alfa9blazor [15:22:17 INF] Request starting HTTP/2 GET https://alfa9blazor.pipali.com.br/ - null null [15:22:17 WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration. [15:22:17 INF] Start processing HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-configuration?* [15:22:17 INF] Sending HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-configuration?* [15:22:17 INF] Received HTTP response headers after 290.6175ms - 200 [15:22:17 INF] End processing HTTP request after 295.4833ms - 200 [15:22:17 WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration. [15:22:17 INF] Start processing HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-localization?* [15:22:17 INF] Sending HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-localization?* [15:22:18 INF] Received HTTP response headers after 378.8282ms - 200 [15:22:18 INF] End processing HTTP request after 379.3016ms - 200 [15:22:20 INF] Executing endpoint '/ (/)' [15:22:20 INF] Bundling __bundles/Blazor.LeptonXTheme.Global.8825C25A46067E659DE2294C6AF67F1C.css (17 files) [15:22:20 INF] > Minified /libs/@fortawesome/fontawesome-free/css/all.css (106394 bytes -> 72264 bytes) [15:22:20 INF] > Minified /libs/@fortawesome/fontawesome-free/css/v4-shims.css (38514 bytes -> 30407 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/css/abp.css (1342 bytes -> 878 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.BlazoriseUI/volo.abp.blazoriseui.css (1274 bytes -> 939 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AuditLogging.Blazor/css/audit-logging.css (84 bytes -> 59 bytes) [15:22:20 INF] > Minified /_content/Volo.FileManagement.Blazor/filemanagement/css/filemanagement.css (2703 bytes -> 2144 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web.LeptonXTheme/side-menu/libs/bootstrap-icons/font/bootstrap-icons.css (74827 bytes -> 57858 bytes) [15:22:20 INF] > Minified /blazor-global-styles.css (847 bytes -> 574 bytes) [15:22:20 INF] > Minified /Alfa09.Blazor.styles.css (867 bytes -> 607 bytes) [15:22:20 INF] Bundled __bundles/Blazor.LeptonXTheme.Global.8825C25A46067E659DE2294C6AF67F1C.css (619780 bytes) [15:22:20 INF] Bundling __bundles/Blazor.LeptonXTheme.Global.08DDBD1A43C345973039B06AD8A11F66.js (13 files) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/js/abp.js (8553 bytes -> 3582 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web/libs/abp/js/authentication-state-listener.js (453 bytes -> 234 bytes) [15:22:20 INF] > Minified /_content/Volo.Chat.Blazor/libs/AvatarManager.js (2123 bytes -> 1086 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Server.LeptonXTheme/scripts/leptonx-blazor-compatibility.js (4501 bytes -> 2011 bytes) [15:22:20 INF] > Minified /_content/Volo.Abp.AspNetCore.Components.Web.LeptonXTheme/scripts/global.js (798 bytes -> 269 bytes) [15:22:20 INF] Bundled __bundles/Blazor.LeptonXTheme.Global.08DDBD1A43C345973039B06AD8A11F66.js (1044243 bytes) [15:22:20 WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration. [15:22:20 INF] Start processing HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-configuration?* [15:22:20 INF] Sending HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-configuration?* [15:22:21 INF] Received HTTP response headers after 386.6997ms - 200 [15:22:21 INF] End processing HTTP request after 387.0255ms - 200 [15:22:21 WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration. [15:22:21 INF] Start processing HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-localization?* [15:22:21 INF] Sending HTTP request GET https://alfa9httpapihost.pipali.com.br/api/abp/application-localization?* [15:22:21 INF] Received HTTP response headers after 195.1796ms - 200 [15:22:21 INF] End processing HTTP request after 195.5343ms - 200 [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: Chat.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: CmsKit.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: Chat.SettingManagement [15:22:21 INF] Authorization failed. These requirements were not met: PermissionRequirement: CmsKit.SettingManagement [15:22:21 WRN] Could not find the localization resource LeptonX on the remote server!

logs on authserver:

[15:19:05 INF] The response was successfully returned as a JSON document: { "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }.

My appsettings for all sites are the same as I mentioned above.

I would like to know if there are a guide to make this deployment (tiered using blazor server), because i am following the steps on https://abp.io/docs/commercial/8.1/startup-templates/application/deployment-iis?UI=BlazorServer&DB=EF&Tiered=Yes but i am not making it, the only thing different is that i am using is webdeploy to publish, publishing also the dbmigrator to make the updates, running it on Quality environment and using a wildcard ssl certificate for *.pipali.com.br instead making one manually for each site, furthermore there are nothing different, but i am still facing these troubles.

thanks :)
0

Anjali_Musmade created yesterday
Support Team Support Team Member

Hello

Can you please check the RedirectAllowedUrls in your AuthServer and Blazor Server configurations must be synchronized and include the exact URLs for your deployed application. Even a minor mismatch can cause this error.

Thank you.
0

chrisalves created yesterday

Hi

Thanks for your answer but unfortunately the proposed solution didn't work and I don't know what else can I do, the error persists the same, with the same warnings as I showed above.

I could send my project to you to able a better diagnosing, i am trying to deploy it on iis to validate the usabillity of the app so we can start the development later, the version and the configuration are the same as I described in the first interaction.

If its possible, can I send to you on email? I really will appreciate.

Thanks

liangshiwei created 16 hours ago

Support Team Fullstack Developer

Can you set log level to Debug and share the logs.txt shiwei.liang@volosoft.com

        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .MinimumLevel.Override("OpenIddict", LogEventLevel.Verbose)
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())

Thanks.

Have an answer to this question? Log in and write your answer.