Open Closed

Identity showing host data inside tenant #9577


User avatar
0
andmattia created

I’m working with ABP 9.1.1 in a microservices-based application.

I deployed it on Linux machines using NGINX: one machine exposes the Angular app, API Gateway, and Auth Server. The Angular app is directly exposed on the first machine, while the Gateway and Auth Servers have NGINX forwarding traffic to the second machine.

The strange thing is this: when I enter a tenant and request data from a new microservice, I only see data for my tenant, as expected. However, when I request user data, I see Host-level data.

https://github.com/abpframework/abp/issues/21188

I had already faced similar issues, like in this GitHub issue, but it was never fully investigated or resolved.


18 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • In ABP microservice solutions, if user data requests return Host-level data while other microservices correctly filter by tenant, the most common cause is that the tenant resolution is not working for the Identity (user) service. This is especially likely when using NGINX as a reverse proxy, because NGINX by default strips or blocks HTTP headers with underscores (such as the __tenant header used by ABP for tenant resolution).

    • When the __tenant header is missing or not forwarded, the Identity service cannot resolve the current tenant and defaults to Host context, exposing Host-level users.

    Solution Steps:

    1. NGINX Configuration:

      • Ensure NGINX is configured to allow headers with underscores. Add the following to your NGINX configuration:
        underscores_in_headers on;
        
      • Also, make sure you are not using ignore_invalid_headers on; (the default), as this will drop such headers.
    2. Check Tenant Resolver Configuration:

      • Verify that your Identity service and all microservices have the correct tenant resolver configuration, e.g.:
        Configure<AbpTenantResolveOptions>(options =>
        {
            options.AddDomainTenantResolver("{0}.yourdomain.com");
            options.AddHeaderTenantResolver();
            options.AddCookieTenantResolver();
            options.AddQueryStringTenantResolver();
        });
        
    3. Verify Angular App Sends __tenant Header:

      • The Angular UI must send the __tenant header on all API requests. This is handled automatically by ABP Angular modules if multi-tenancy is enabled, but custom HTTP logic may interfere.
    4. Restart NGINX and Services:

      • After updating the NGINX config, reload or restart NGINX and your services.

    Summary:
    The issue is almost always due to NGINX blocking the __tenant header, causing tenant resolution to fail and Host data to be shown. Allowing underscores in headers resolves this and ensures correct tenant isolation.

    Sources:


    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    andmattia created

    No is not this problem related

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi andmattia

    when I enter a tenant and request data from a new microservice, I only see data for my tenant, as expected. However, when I request user data, I see Host-level data.

    This should be due to the tenant not identifying correctly.

    You can add a middleware to your user data website. That prints the current claims and claim types.

    app.UseAuthentication();
    
    app.Use(async (httpContext, next) =>
    {
        var logger = httpContext.RequestServices.GetRequiredService<ILogger<YourModule>>();
        var claims = httpContext.User.Claims.Select(x => new { x.Type, x.Value }).ToList();
        logger.LogError("HttpContext.User Claims:");
        logger.LogError(JsonSerializer.Serialize(claims));
    
        var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>().GetAllClaims().Select(x => new { x.Type, x.Value }).ToList();
        logger.LogError("Current User Claims:");
        logger.LogError(JsonSerializer.Serialize(currentUser));
    
    
        var userid = AbpClaimTypes.UserId;
        var username = AbpClaimTypes.UserName;
        var roleClaimType = AbpClaimTypes.Role;
    
        logger.LogError($"UserId Claim Type: {userid}");
        logger.LogError($"UserName Claim Type: {username}");
        logger.LogError($"Role Claim Type: {roleClaimType}");
    
        var authorizationHeader = httpContext.Request.Headers["Authorization"];
        logger.LogError(!string.IsNullOrEmpty(authorizationHeader)
            ? $"Authorization Header: {authorizationHeader}"
            : "Authorization Header is missing or empty.");
    
        await next(httpContext);
    });
    

    Thanks

  • User Avatar
    0
    andmattia created

    I tyr this fix.

    In the main time I check the ClaimTable and it'empty

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    What is the output of the new middleware?

    logger.LogError

  • User Avatar
    0
    andmattia created

    2025-07-08 09:56:30.135 +02:00 [ERR] HttpContext.User Claims: 2025-07-08 09:56:30.135 +02:00 [ERR] [] 2025-07-08 09:56:30.135 +02:00 [ERR] Current User Claims: 2025-07-08 09:56:30.135 +02:00 [ERR] [] 2025-07-08 09:56:30.135 +02:00 [ERR] UserId Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier 2025-07-08 09:56:30.135 +02:00 [ERR] UserName Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 2025-07-08 09:56:30.135 +02:00 [ERR] Role Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role 2025-07-08 09:56:30.135 +02:00 [ERR] Authorization Header is missing or empty.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Share the full request logs of when I request user data, I see Host-level data.

    Thanks.

  • User Avatar
    0
    andmattia created
    https://uat.api.routilia.com/api/identity/users?skipCount=0&maxResultCount=10
    

    the full log is

    2025-07-08 10:05:28.051 +02:00 [INF] Request starting HTTP/1.1 GET http://localhost/api/identity/users?skipCount=0&maxResultCount=10 - null null
    2025-07-08 10:05:28.051 +02:00 [INF] CORS policy execution failed.
    2025-07-08 10:05:28.051 +02:00 [INF] Request origin https://uat.app.routilia.com does not have permission to access the resource.
    2025-07-08 10:05:28.052 +02:00 [ERR] HttpContext.User Claims:
    2025-07-08 10:05:28.052 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751965086"},{"Type":"iat","Value":"1751961486"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"b1ebdbb7-52dc-4329-8331-cdc28f284bd3"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"25376a06-1286-4291-9b1f-3b2c956c8739"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb37-9cbb-d457-bea3-0b7f0225e1e7"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb37-9cd8-2550-7447-459af0840dd1"}]
    2025-07-08 10:05:28.052 +02:00 [ERR] Current User Claims:
    2025-07-08 10:05:28.052 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751965086"},{"Type":"iat","Value":"1751961486"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"b1ebdbb7-52dc-4329-8331-cdc28f284bd3"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"25376a06-1286-4291-9b1f-3b2c956c8739"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb37-9cbb-d457-bea3-0b7f0225e1e7"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb37-9cd8-2550-7447-459af0840dd1"}]
    2025-07-08 10:05:28.052 +02:00 [ERR] UserId Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
    2025-07-08 10:05:28.052 +02:00 [ERR] UserName Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    2025-07-08 10:05:28.052 +02:00 [ERR] Role Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
    2025-07-08 10:05:28.052 +02:00 [ERR] Authorization Header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjI5MzBDQUQ1REEyNTQ2N0U2NkZFQTgxOEVBNDU0NzhBNDBEMTM5RTciLCJ4NXQiOiJLVERLMWRvbFJuNW1fcWdZNmtWSGlrRFJPZWMiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3VhdC5hdXRoLnJvdXRpbGlhLmNvbS8iLCJleHAiOjE3NTE5NjUwODYsImlhdCI6MTc1MTk2MTQ4NiwiYXVkIjpbIkF1dGhTZXJ2ZXIiLCJJZGVudGl0eVNlcnZpY2UiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJTYWFzU2VydmljZSIsIkF1ZGl0TG9nZ2luZ1NlcnZpY2UiLCJHZHByU2VydmljZSIsIkxhbmd1YWdlU2VydmljZSIsIk9mZmljZVNlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBhZGRyZXNzIHJvbGVzIG9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIEF1dGhTZXJ2ZXIgSWRlbnRpdHlTZXJ2aWNlIEFkbWluaXN0cmF0aW9uU2VydmljZSBBdWRpdExvZ2dpbmdTZXJ2aWNlIEdkcHJTZXJ2aWNlIFNhYXNTZXJ2aWNlIExhbmd1YWdlU2VydmljZSBPZmZpY2VTZXJ2aWNlIiwianRpIjoiYjFlYmRiYjctNTJkYy00MzI5LTgzMzEtY2RjMjhmMjg0YmQzIiwic3ViIjoiM2ExYTk0OWUtYTQ3Ni1kYmEzLTJiMDctZDdjNDU1YTg1NGU3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImNsaWVudGUxQHJ0bC5sb2NhbCIsInJvbGUiOiJhZG1pbiIsInRlbmFudGlkIjoiM2ExYTk0OWUtYTAzMS0wMzBkLWM1MWYtMzUyMTQwZGE0Yjg5IiwiZ2l2ZW5fbmFtZSI6ImFkbWluIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjoiRmFsc2UiLCJlbWFpbF92ZXJpZmllZCI6IkZhbHNlIiwiZWRpdGlvbmlkIjoiM2ExYTk0YTEtYzc2NS05ZGVlLWExZTItM2ZjYjIwYjM4ZDBhIiwic2Vzc2lvbl9pZCI6IjI1Mzc2YTA2LTEyODYtNDI5MS05YjFmLTNiMmM5NTZjODczOSIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExYWZiMzctOWNiYi1kNDU3LWJlYTMtMGI3ZjAyMjVlMWU3IiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMWFmYjM3LTljZDgtMjU1MC03NDQ3LTQ1OWFmMDg0MGRkMSJ9.Ranh4KoSTu9YmXTE33LJjkcKU-BU84QIIv7VMZU17DOP_IV8brTWgrXumSKJDyWmPH413JhdNP_K_45rCMlP-DwdejUa_dpRqRrJQfux2_M0FlnCCDehZleor0VYkwpcWHa4uHhsH_L5DiBu57b4dwzByG2Vt_XUzqZrfYW2SDcoHTrBBfI6RTAUv6tWPES-KBntJJLnLRDheFQA04Q_dWE90r0ZMDy9oy3S107_0qKxQ2ZPPgDAzCh18ZxjPXuV0aSTbF4J0lZOHoguu9usuAELWRQlcClxEGFoYJt34EpdPgvMgecTfhBFo6UiODy6nu25Cc2uxbT68ybhvOVrgA
    2025-07-08 10:05:28.055 +02:00 [INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
    2025-07-08 10:05:28.055 +02:00 [INF] Route matched with {area = "identity", controller = "User", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
    2025-07-08 10:05:28.067 +02:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto`1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=9.1.1.0, Culture=neutral, PublicKeyToken=null]]'.
    2025-07-08 10:05:28.067 +02:00 [INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 11.9418ms
    2025-07-08 10:05:28.067 +02:00 [INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
    2025-07-08 10:05:28.068 +02:00 [INF] Request finished HTTP/1.1 GET http://localhost/api/identity/users?skipCount=0&maxResultCount=10 - 200 null application/json; charset=utf-8 16.5087ms
    

    The empty claims happen only with health checks

  • User Avatar
    0
    andmattia created

    All operation to IdentityService work has host and not tenant.

    I try to crate user, role and data was stored without tenant Id. If I put tenant Id data hide on application

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you add new info to the logs?

    var currentTenant = httpContext.RequestServices.GetRequiredService<ICurrentTenant>();
    logger.LogError("Current TenantId:" + currentTenant.Id + ",name: " + currentTenant.Name );
    
  • User Avatar
    0
    andmattia created

    Yes I do now

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks.

  • User Avatar
    0
    andmattia created

    The new log is

    2025-07-08 10:40:12.684 +02:00 [ERR] HttpContext.User Claims:
    2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
    2025-07-08 10:40:12.684 +02:00 [ERR] Current User Claims:
    2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
    2025-07-08 10:40:12.684 +02:00 [ERR] Current TenantId:,name: 
    2025-07-08 10:40:12.684 +02:00 [ERR] UserId Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
    2025-07-08 10:40:12.684 +02:00 [ERR] UserName Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    2025-07-08 10:40:12.684 +02:00 [ERR] Role Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
    2025-07-08 10:40:12.684 +02:00 [ERR] Authorization Header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjI5MzBDQUQ1REEyNTQ2N0U2NkZFQTgxOEVBNDU0NzhBNDBEMTM5RTciLCJ4NXQiOiJLVERLMWRvbFJuNW1fcWdZNmtWSGlrRFJPZWMiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3VhdC5hdXRoLnJvdXRpbGlhLmNvbS8iLCJleHAiOjE3NTE5Njc2MDYsImlhdCI6MTc1MTk2NDAwNiwiYXVkIjpbIkF1dGhTZXJ2ZXIiLCJJZGVudGl0eVNlcnZpY2UiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJTYWFzU2VydmljZSIsIkF1ZGl0TG9nZ2luZ1NlcnZpY2UiLCJHZHByU2VydmljZSIsIkxhbmd1YWdlU2VydmljZSIsIk9mZmljZVNlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBhZGRyZXNzIHJvbGVzIG9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIEF1dGhTZXJ2ZXIgSWRlbnRpdHlTZXJ2aWNlIEFkbWluaXN0cmF0aW9uU2VydmljZSBBdWRpdExvZ2dpbmdTZXJ2aWNlIEdkcHJTZXJ2aWNlIFNhYXNTZXJ2aWNlIExhbmd1YWdlU2VydmljZSBPZmZpY2VTZXJ2aWNlIiwianRpIjoiZjdkNzIzOTctMmZiZS00ZjQwLTk4NTYtYTdiYTllMzNkMGMwIiwic3ViIjoiM2ExYTk0OWUtYTQ3Ni1kYmEzLTJiMDctZDdjNDU1YTg1NGU3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImNsaWVudGUxQHJ0bC5sb2NhbCIsInJvbGUiOiJhZG1pbiIsInRlbmFudGlkIjoiM2ExYTk0OWUtYTAzMS0wMzBkLWM1MWYtMzUyMTQwZGE0Yjg5IiwiZ2l2ZW5fbmFtZSI6ImFkbWluIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjoiRmFsc2UiLCJlbWFpbF92ZXJpZmllZCI6IkZhbHNlIiwiZWRpdGlvbmlkIjoiM2ExYTk0YTEtYzc2NS05ZGVlLWExZTItM2ZjYjIwYjM4ZDBhIiwic2Vzc2lvbl9pZCI6IjIwMjZjNDg0LWI3MGEtNDMzMS1iODIyLTRiNjcyYjNkZTdiMiIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExYWZiNWUtMTBiZi04OTA2LTBiM2UtMWUxYTdjMWI4NWNjIiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMWFmYjVlLTEwZDgtY2Q3Mi04YTk1LTVkNTJlODMwNmQ3NSJ9.joXzDGIJuhzhqbzUp8RqyZpZI2ujrxuw5jtFIKwtDhqw1OMExh99ivoySZbyvlm46PayP-PJUIfCJAnw45E2g7ybBl3As_udX7ChnisxTjk7pU3q4UxjntC88kE_RhXlnaPUzGLvw4apWu208LDUQuIxtjL2S2-5Z7j94Q7aunk2YU47JdDAv6DfFWEC1-3HcwNK2iL5SJv3qe-KcT_MKDOOmNT0J4_SxdNE7Hs1iKXtkCyUFJIU1nNoyX-cUin15DXozQNgYQIcuvuEbBeG9O3PbS13JALf_3O9QPSuof2O46UWC5KTYnNPpNi_EAF_KaetHjT90TycFcsg3AYImQ
    2025-07-08 10:40:12.687 +02:00 [INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
    2025-07-08 10:40:12.687 +02:00 [INF] Route matched with {area = "identity", controller = "User", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
    2025-07-08 10:40:12.697 +02:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto`1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=9.1.1.0, Culture=neutral, PublicKeyToken=null]]'.
    2025-07-08 10:40:12.697 +02:00 [INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 9.8272ms
    2025-07-08 10:40:12.697 +02:00 [INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
    2025-07-08 10:40:12.698 +02:00 [INF] Request finished HTTP/1.1 GET http://localhost/api/identity/users?skipCount=0&maxResultCount=10 - 200 null application/json; charset=utf-8 14.6775ms
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Do you have app.UseMultiTenancy(); in your http://localhost/api/identity/users? module?

  • User Avatar
    0
    andmattia created

    Yes I've UseMultiTenancy in all services

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    That's strange.

    Can you share a project to reproduce it? you can use new template project.

    Thanks.

  • User Avatar
    0
    andmattia created

    Sovled!

    https://abp.io/docs/9.1/framework/architecture/multi-tenancy#multi-tenancy-middleware

    In IdentityService

            ...
            app.UseCors();
            app.UseRouting();
            app.UseMultiTenancy();
            app.UseHttpMetrics();
            app.UseAuthentication();
            app.UseAuthorization();
    

    In SaasService

            app.UseAbpStudioLink();
            app.UseCors();
            app.UseRouting();
            app.UseMultiTenancy();
            app.UseHttpMetrics();
            app.UseAuthentication();
            app.UseAuthorization();
    

    I move the app.UseMultiTenancy(); after app.UseAuthentication(); and now works has expected

    This service template came from studio on startup init

  • User Avatar
    1
    maliming created
    Support Team Fullstack Developer

    Yes, The UseMultiTenancy needs to be added after UseAuthentication

    I will check and fix it in Studio.

    Thanks.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 01, 2025, 08:37