Open Closed

Returning User 403 - Forbidden: Access is denied. #9753

User avatar
0
cellero created

Blazor Web App ABP 9.2.2

On a production system, I am able to log in and use the system all ok. But often when logging back in a 403 - Forbidden: Access is denied error is given. Looking at the logs there are a bunch of "PermissionRequirement" messages.

This looks similar to this support case: https://abp.io/support/questions/8904/Returning-user-causes-permissions-to-fail-in-blazor-app

2025-08-09 15:25:11.480 +10:00 [INF] Request starting HTTP/1.1 GET https://cellero.net/Error?httpStatusCode=404 - null null 2025-08-09 15:25:11.482 +10:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2025-08-09 15:25:11.482 +10:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). 2025-08-09 15:25:11.482 +10:00 [INF] Executing ViewResult, running view ~/Views/Error/404.cshtml. 2025-08-09 15:25:11.484 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2025-08-09 15:25:11.484 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement 2025-08-09 15:25:11.484 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2025-08-09 15:25:11.485 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement 2025-08-09 15:25:11.485 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures 2025-08-09 15:25:11.485 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: Saas.SettingManagement 2025-08-09 15:25:11.486 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2025-08-09 15:25:11.486 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement 2025-08-09 15:25:11.486 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2025-08-09 15:25:11.486 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement 2025-08-09 15:25:11.487 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures 2025-08-09 15:25:11.487 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: Saas.SettingManagement 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures 2025-08-09 15:25:11.488 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: Saas.SettingManagement 2025-08-09 15:25:11.489 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2025-08-09 15:25:11.489 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement 2025-08-09 15:25:11.490 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2025-08-09 15:25:11.490 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AuditLogging.AuditLogs.SettingManagement 2025-08-09 15:25:11.490 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: FeatureManagement.ManageHostFeatures 2025-08-09 15:25:11.490 +10:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: Saas.SettingManagement

Go to accepted answer
8 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • This issue is commonly caused by stale or invalid authentication/authorization cookies or tokens in Blazor Web App applications, especially after a user logs out and logs back in, or if the user's permissions/roles have changed since their last session.
    • The referenced support case (https://abp.io/support/questions/8904/Returning-user-causes-permissions-to-fail-in-blazor-app) confirms that this is a known scenario in ABP Blazor applications.

    Solution Steps:

    1. Clear Cookies and Local Storage:

      • Ask the affected user to clear their browser cookies and local storage for your domain, then log in again. This often resolves the issue if it is caused by stale tokens.

    2. Ensure Claims/Permissions Are Refreshed:

      • In Blazor Web App, user claims and permissions are cached on the client. If a user's roles or permissions change, or if the authentication state is not refreshed, the client may operate with outdated permissions.
      • You can programmatically force a refresh of the user's claims/permissions by calling the BlazorWebAssemblyCurrentApplicationConfigurationCacheResetService.ResetAsync() method after login or when you detect a permission issue.

      Example:

    // Inject the service
   [Inject] private BlazorWebAssemblyCurrentApplicationConfigurationCacheResetService CacheResetService { get; set; }

   // Call this after login or when needed
   await CacheResetService.ResetAsync();

    1. Check for Multiple Authentication Schemes:

      • Ensure that your authentication configuration is not causing conflicts (e.g., multiple cookies, or mixing JWT and cookie authentication inappropriately).

    2. Check User Role/Permission Assignments:

      • Make sure the user actually has the required permissions (e.g., SettingManagement.Emailing, AbpAccount.SettingManagement, etc.) in the database.

    3. Production Deployment:

      • If you are using a load balancer or multiple servers, ensure that data protection keys and authentication settings are consistent across all instances.

    4. Upgrade ABP:

      • If you are not on the latest patch of ABP 9.x, consider upgrading, as some issues with authentication/authorization caching have been fixed in recent versions.

    If the problem persists after these steps, enable detailed logging for authentication and authorization, and check for any customizations that may affect claims or permission resolution.

    Sources:

    • https://abp.io/support/questions/8904/Returning-user-causes-permissions-to-fail-in-blazor-app
    • https://abp.io/docs/en/abp/latest/UI/Blazor/Authentication
    • https://abp.io/docs/en/abp/latest/API/Application-Configuration

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    cellero created

    Can you expand on the suggested Ensure Claims/Permissions Are Refreshed: Where should this code go?

    I can replicate this each time I choose logout from the top right menu:

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The Error is from the IIS server, not your ASP.NET Core application.

    I can replicate this each time I choose logout from the top right menu:

    Can you share an online website so I can also reproduce it?

    liming.ma@volosoft.com

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I try to sign in but continue to get a 400 error. Can you share the logs?

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The error is Could not allocate space for object 'celleron.AbpAuditLogActions'.'PK_AbpAuditLogActions' in database 'Cellero_CloudServices' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

    Please check your database.

    Thanks.

  • User Avatar
    0
    cellero created

    Ok, the database size issue has been sorted.
    Can you log in then log out to experience the 403 - Forbidden: Access is denied.

    Thanks!

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share the new debug logs?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    There is no 403 error in your latest logs.

    Can you check the logs in the Event Viewer app of your IIS server?

    https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524984(v=vs.90)

    Thanks

Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 01, 2025, 08:37