ABP version: 9.0.0 .Net version: 9.0.304 Node.js: 22.17.1 TypeScript: 5.3.3 Angular Version: 17.3.12
Good morning, the main problem is that we can not login via angular interface at the address https://localhost:44380/account/login?returnUrl=%2Fofertas-abertas. The tokens are cleaned after login and we get redirected back to login page. We get no errors. We are using a layered application with a separate service for authserver running at https://localhost:44334. Our API is running at https://localhost:44354. We have generate our certificates using the following code:
dotnet dev-certs https --trust
dotnet dev-certs https -ep ./localhost.pfx -p <password>
openssl pkcs12 -in localhost.pfx -nocerts -nodes -out localhost.key -passin pass: <password>
openssl pkcs12 -in localhost.pfx -clcerts -nokeys -out localhost.crt -passin pass: <password>
We are using a docker compose file:
services:
cargo_fleet-angular:
image: cargo_fleet-angular:latest
container_name: cargo_fleet-angular
build:
context: ../../../
dockerfile: angular/Dockerfile
args:
- build_env=${build_env}
ports:
- "44380:443"
depends_on:
- cargo_fleet-api
- cargo_fleet-authserver
networks:
- abp-network
volumes:
- ./certs:/etc/ssl/cargofleet
- ./dynamic-env.json:/usr/share/nginx/html/dynamic-env.json
cargo_fleet-api:
image: cargo_fleet-api:latest
container_name: cargo_fleet-api
hostname: cargo_fleet-api
build:
context: ../../
dockerfile: src/cargo_fleet.HttpApi.Host/Dockerfile
environment:
- ASPNETCORE_URLS=https://+:443;http://+:80;
- Kestrel__Certificates__Default__Path=/root/certificate/localhost.pfx
- Kestrel__Certificates__Default__Password=<password>
- App__SelfUrl=https://localhost:44354
- App__AngularUrl=https://localhost:44380
- App__CorsOrigins=https://localhost:44380,https://localhost:44334,https://localhost:44354
- App__HealthCheckUrl=https://cargo_fleet-api/health-status
- AuthServer__RequireHttpsMetadata=false
- AuthServer__Authority=https://localhost:44334
- AuthServer__MetaAddress=https://localhost:44334
- ConnectionStrings__Default=Server=postgres;Port=5432;Database=cargo_fleet;User Id=postgres;Password=root;
- Redis__Configuration=redis
- AbpLicenseCode=<license-code>
ports:
- "44354:443"
redis:
condition: service_healthy
restart: on-failure
volumes:
- ./certs:/root/certificate
networks:
- abp-network
cargo_fleet-authserver:
image: cargo_fleet-authserver:latest
container_name: cargo_fleet-authserver
build:
context: ../../
dockerfile: src/cargo_fleet.AuthServer/Dockerfile
environment:
- ASPNETCORE_URLS=https://+:443;http://+:80;
- App__SelfUrl=https://localhost:44334
- App__CorsOrigins=https://localhost:44380,https://localhost:44334,https://localhost:44354
- App__AngularUrl=https://localhost:44380
- AuthServer__RequireHttpsMetadata=false
- AuthServer__Authority=https://localhost:44334
- Kestrel__Certificates__Default__Path=/root/certificate/localhost.pfx
- Kestrel__Certificates__Default__Password=<password>
- ConnectionStrings__Default=Server=postgres;Port=5432;Database=cargo_fleet;User Id=postgres;Password=root;
- Redis__Configuration=redis
- AbpLicenseCode=<license-code>
ports:
- "44334:443"
redis:
condition: service_healthy
restart: on-failure
volumes:
- ./certs:/root/certificate
networks:
- abp-network
db-migrator:
image: cargo_fleet-db-migrator:latest
container_name: db-migrator
build:
context: ../../
dockerfile: src/cargo_fleet.DbMigrator/Dockerfile
environment:
- OpenIddict__Applications__cargo_fleet_App__RootUrl=https://localhost:44380
- OpenIddict__Applications__cargo_fleet_Swagger__RootUrl=https://localhost:44354
- ConnectionStrings__Default=Server=postgres;Port=5432;Database=cargo_fleet;User Id=postgres;Password=root;
- Redis__Configuration=redis
restart: on-failure
networks:
- abp-network
redis:
container_name: redis
image: redis:alpine
ports:
- "6379:6379"
networks:
- abp-network
healthcheck:
test: ["CMD", "redis-cli","ping"]
postgres:
image: postgres:latest
container_name: postgres
restart: always
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: root
POSTGRES_DB: cargo_fleet
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- abp-network
volumes:
sqldata:
name: cargo_fleet_sqldata
postgres_data:
networks:
abp-network:
name: cargo_fleet-network
driver: bridge
We are using dynamic-env.json as well:
{
"production": true,
"application": {
"baseUrl": "https://localhost:44380",
"name": "cargo_fleet"
},
"oAuthConfig": {
"issuer": "https://localhost:44334/",
"redirectUri": "https://localhost:44380",
"clientId": "cargo_fleet_App",
"dummyClientSecret": "",
"scope": "offline_access cargo_fleet",
"requireHttps": true,
"IsSelfRegistrationEnabled": false
},
"apis": {
"default": {
"url": "https://localhost:44354",
"rootNamespace": "cargo_fleet"
},
"AbpAccountPublic": {
"url": "https://localhost:44334/",
"rootNamespace": "AbpAccountPublic"
}
},
"firebaseConfig": {
"apiKey":<firebase-api-key>,
"authDomain": <firebase-auth-domain>,
"projectId": <firebase-id>
"storageBucket": <storage-bucket>
"messagingSenderId": <message-sender-id>
"appId": <app-id>,
"measurementId": <measurement-id>
},
"vapidKey": <vapid-key>
}
Our environment.prod.ts:
(...)
remoteEnv: {
url: '/getEnvConfig',
mergeStrategy: 'overwrite' }
} as Environment;
3 Answer(s)
-
0
The issue you are experiencing—where the Angular UI redirects back to the login page after authentication and tokens are cleared—is commonly caused by one or more of the following misconfigurations in a tiered ABP setup with separated AuthServer:
Token Storage and Domain Mismatch:
If your Angular app and AuthServer are running on different ports or hostnames, browser security policies (especially withSameSitecookies and localStorage) can prevent tokens from being shared or persisted correctly. This can result in tokens being cleared after login.Redirect URI and OpenIddict Application Configuration:
TheredirectUriin your Angular environment and theRootUrlin your OpenIddict application registration must match exactly (including protocol, hostname, and port). Any mismatch will cause the login flow to break.Certificate Trust and HTTPS:
All services must trust the same certificate, and the certificate must be valid for all involved hostnames/ports. If the browser or .NET runtime does not trust the certificate, authentication may silently fail.CORS and Allowed Origins:
All CORS origins must be set correctly on both the AuthServer and API. The origins must include the exact URLs (with protocol and port) of your Angular app.Docker Networking and Hostname Resolution:
When running in Docker,localhostinside a container does not refer to the host machine. You must use Docker networking (service names) or configure your hosts file accordingly.
Recommended Steps:
- Double-check that the
issuer,redirectUri, andclientIdin your Angulardynamic-env.jsonmatch the OpenIddict application registration in your database. - Ensure that the
RootUrlfor the Angular client in OpenIddict is set tohttps://localhost:44380/(with trailing slash). - Make sure all CORS origins in your API and AuthServer include
https://localhost:44380. - If running in Docker, use service names (e.g.,
https://cargo_fleet-authserver:443) for internal communication, and expose the correct ports for external access. - Clear your browser cache and cookies, and ensure your development certificate is trusted by both the OS and browser.
- Check the browser console for any silent errors or warnings related to cookies, storage, or CORS.
If the problem persists, review the OpenIddict application registration and ensure the
PostLogoutRedirectUriis also set tohttps://localhost:44380/.This approach aligns with common ABP conventions, but specific official documentation for this exact scenario is not available.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
Good afternoon, we were not able to solve the problem with the AI-Bot solutions.
-
0
hi
Can you share the debug logs of AuthServer and API websites? https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
liming.ma@volosoft.com
Thanks
