Thank you for the tip. Actually in my stash I did have that setIssuer because there was that line in example project what I created with abp suite, but I wasn't sure was that needed because there wasn't anything in migration guide and there was not need for it with IdentityServer. I will first only add it and if it doesn't work then I will add that configure part.
here is example token payload. If it tells you enything.
{
"sub": "f6277149-bcd8-7587-5001-3a096665a3a1",
"preferred_username": "admin",
"email": "SCMadmin@leanware.fi",
"role": "admin",
"given_name": "admin",
"phone_number_verified": "False",
"email_verified": "False",
"unique_name": "admin",
"oi_prst": "SCM_App",
"iss": "https://auth.scm-test.lw.app/",
"oi_au_id": "0a696354-cb8f-b108-c129-3a666cdeae51",
"client_id": "SCM_App",
"oi_tkn_id": "5ba7a0c9-4577-a3ea-a15a-3a666ab74e8c",
"aud": "SCM",
"scope": "offline_access openid profile roles email phone SCM",
"jti": "fe00a5cf-c813-4713-9219-85e04666cc29",
"exp": 1702564553,
"iat": 1702560953
}
We have Application Gateway which direct calls to App service. That appserviceenvironment.net is app service address. And lw.app is Application gateway address. Can you tell me is that Issuer: 'https://auth.scm-test.lw.app/' value from fronend Authority parameter? And can you tell me where this value is coming from validationParameters.ValidIssuers: 'https://app-scm-auth-test-qa-001.ase-sharedeawgeacbyumuk-qa-001.appserviceenvironment.net/'? I mean from what configuration. Appsettings.json?, database? Because I'm sure that there is no where that exact value. But in earlier project when some url changed from lw.app to appserviceenvironment.net there was missing trailing / . And adding / fixed. So now I'm wondering is it same problem and if it is where I'm missing that / . Because I think I have added it to all places.
Here are logs when I did one login. There was on ly csv export possibility in our logging tool, but I copied data from there to txt format if you prefer it. https://drive.google.com/drive/folders/1yTPoOMqUpcpTjlXgdEKsSJahgIRTd65A?usp=drive_link
Those logs what I give has all related logs what happened when I start to login give correct account informations and return back to application. Because there was so much logs I filtered these kind of lines away because I assume they are not related to this issue:
customDimensions.SourceContext !contains "HealthChecks" and message != "Added 0 entity changes to the current audit log" and message !contains "Added bundle 'Lepton.Global'"
And here is our Host module.
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Google;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
using Microsoft.AspNetCore.Authentication.Twitter;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Cors;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.OpenApi.Models;
using ABC.Analytics;
using ABC.Analytics.EntityFrameworkCore;
using ABC.Application.EntityFrameworkCore;
using ABC.HealthChecks;
using ABC.Integration;
using ABC.Integration.EntityFrameworkCore;
using ABC.ObjectControl;
using ABC.ObjectControl.EntityFrameworkCore;
using ABC.ObjectControl.MultiTenancy;
using ABC.ItemPortfolioManagement;
using ABC.ItemPortfolioManagement.EntityFrameworkCore;
using ABC.MasterDataManagement;
using ABC.MasterDataManagement.EntityFrameworkCore;
using ABC.Procurement.EntityFrameworkCore;
using ABC.Shared.BackgroundJobs;
using ABC.Shared.Hosting;
using Volo.Abp;
using Volo.Abp.Account;
using Volo.Abp.AspNetCore.Mvc;
using Volo.Abp.AspNetCore.Mvc.UI.MultiTenancy;
using Volo.Abp.AspNetCore.Serilog;
using Volo.Abp.BackgroundJobs;
using Volo.Abp.Caching.StackExchangeRedis;
using Volo.Abp.Identity.AspNetCore;
using Volo.Abp.Modularity;
using Volo.Abp.Swashbuckle;
using Volo.Abp.UI.Navigation.Urls;
using Volo.Abp.VirtualFileSystem;
namespace ABC
{
[DependsOn(
typeof(ABCSharedHostingModule),
typeof(ABCSharedBackgroundJobsModule),
typeof(ABCObjectControlHttpApiModule),
typeof(AbpCachingStackExchangeRedisModule),
typeof(AbpAspNetCoreMvcUiMultiTenancyModule),
typeof(AbpIdentityAspNetCoreModule),
typeof(ABCObjectControlApplicationModule),
typeof(ABCEntityFrameworkCoreModule),
typeof(MasterDataManagementEntityFrameworkCoreModule),
typeof(AnalyticsEntityFrameworkCoreModule),
typeof(ProcurementEntityFrameworkCoreModule),
typeof(IntegrationEntityFrameworkCoreModule),
typeof(ItemPortfolioManagementEntityFrameworkCoreModule),
// ABCApplicationEntityFrameworkCoreModule must be after the other EntityFrameworkCoreModules to replace db contexts
typeof(ABCApplicationEntityFrameworkCoreModule),
typeof(AbpSwashbuckleModule),
typeof(AbpAspNetCoreSerilogModule),
typeof(IntegrationApplicationModule)
)]
#pragma warning disable S101 // Types should be named in PascalCase
public class ABCHttpApiHostModule : AbpModule
#pragma warning restore S101 // Types should be named in PascalCase
{
public override void ConfigureServices(ServiceConfigurationContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var configuration = context.Services.GetConfiguration();
ConfigureUrls(configuration);
ConfigureConventionalControllers();
ConfigureAuthentication(context, configuration);
ConfigureSwagger(context, configuration);
ConfigureVirtualFileSystem(context);
ConfigureCors(context, configuration);
ConfigureExternalProviders(context);
ConfigureHealthChecks(context);
// Background jobs are executed in background process manager application
Configure<AbpBackgroundJobOptions>(options => options.IsJobExecutionEnabled = false);
ApplicationInsightsConfigurationHelper.AddApplicationInsightsForHttpApplications(context, configuration, Assembly.GetExecutingAssembly().GetName().Name);
}
#pragma warning disable CA1822 // Method can be made static
private void ConfigureHealthChecks(ServiceConfigurationContext context)
#pragma warning restore CA1822 // Method can be made static
{
context.Services.AddABCHealthChecks();
}
private void ConfigureUrls(IConfiguration configuration)
{
Configure<AppUrlOptions>(options =>
{
options.Applications["Angular"].RootUrl = configuration["App:AngularUrl"];
options.Applications["Angular"].Urls[AccountUrlNames.PasswordReset] =
"account/reset-password";
options.Applications["Angular"].Urls[AccountUrlNames.EmailConfirmation] =
"account/email-confirmation";
});
}
private void ConfigureVirtualFileSystem(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
if (hostingEnvironment.IsDevelopment())
{
Configure<AbpVirtualFileSystemOptions>(options =>
{
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlDomainSharedModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}src{0}ABC.ObjectControl.Domain.Shared", Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlDomainModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}src{0}ABC.ObjectControl.Domain", Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlApplicationContractsModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}src{0}ABC.ObjectControl.Application.Contracts",
Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlApplicationModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}src{0}ABC.ObjectControl.Application", Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlHttpApiModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}src{0}ABC.ObjectControl.HttpApi", Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<MasterDataManagementDomainSharedModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}modules{0}ABC.MasterDataManagement{0}src{0}ABC.MasterDataManagement.Domain.Shared",
Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<AnalyticsDomainSharedModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}modules{0}ABC.Analytics{0}src{0}ABC.Analytics.Domain.Shared",
Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ItemPortfolioManagementDomainSharedModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}..{0}modules{0}ABC.ItemPortfolioManagement{0}src{0}ABC.ItemPortfolioManagement.Domain.Shared",
Path.DirectorySeparatorChar)));
});
}
}
private void ConfigureConventionalControllers()
{
Configure<AbpAspNetCoreMvcOptions>(options =>
options.ConventionalControllers.Create(typeof(ABCObjectControlApplicationModule).Assembly)
);
}
private static void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
var authenticationBuilder = context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata =
Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "ABC";
});
if (configuration.GetValue<bool?>("AzureAd:IsEnbaled") is true)
{
authenticationBuilder.AddOpenIdConnect("AzureOpenId", "Azure AD", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("email");
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
});
}
}
private static void ConfigureSwagger(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAbpSwaggerGenWithOAuth(
configuration["AuthServer:Authority"],
new Dictionary<string, string> { { "ABC", "ABC API" } },
options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "ABC API", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
var basePath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
if (basePath != null)
{
foreach (var filePath in Directory.GetFiles(Path.Combine(basePath), "*.xml"))
{
options.IncludeXmlComments(filePath);
}
}
});
}
private static void ConfigureCors(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.Select(o => o.Trim().RemovePostFix("/"))
.ToArray()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
}
private static void ConfigureExternalProviders(ServiceConfigurationContext context)
{
context.Services
.AddDynamicExternalLoginProviderOptions<GoogleOptions>(
GoogleDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ClientId);
options.WithProperty(x => x.ClientSecret, isSecret: true);
}
)
.AddDynamicExternalLoginProviderOptions<MicrosoftAccountOptions>(
MicrosoftAccountDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ClientId);
options.WithProperty(x => x.ClientSecret, isSecret: true);
}
)
.AddDynamicExternalLoginProviderOptions<TwitterOptions>(
TwitterDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ConsumerKey);
options.WithProperty(x => x.ConsumerSecret, isSecret: true);
}
);
}
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
var app = context.GetApplicationBuilder();
var env = context.GetEnvironment();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAbpRequestLocalization();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseCors();
app.UseAuthentication();
if (MultiTenancyConsts.IS_ENABLED)
{
app.UseMultiTenancy();
}
app.UseAuthorization();
app.UseSwagger();
app.UseAbpSwaggerUI(options =>
{
options.SwaggerEndpoint("/swagger/v1/swagger.json", "ABC API");
var configuration = context.GetConfiguration();
options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]);
});
app.UseAuditing();
app.UseAbpSerilogEnrichers();
app.UseUnitOfWork();
app.UseConfiguredEndpoints();
}
}
}
Here is AuthServer module if it helps anything.
using System;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using Localization.Resources.AbpUi;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Google;
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
using Microsoft.AspNetCore.Authentication.Twitter;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.EntityFrameworkCore.Metadata.Internal;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using OpenIddict.Validation.AspNetCore;
using ABC.Analytics.EntityFrameworkCore;
using ABC.Application.EntityFrameworkCore;
using ABC.ObjectControl;
using ABC.ObjectControl.EntityFrameworkCore;
using ABC.ObjectControl.Localization;
using ABC.ObjectControl.MultiTenancy;
using ABC.MasterDataManagement.EntityFrameworkCore;
using ABC.Shared.Hosting;
using Volo.Abp;
using Volo.Abp.Account;
using Volo.Abp.Account.Localization;
using Volo.Abp.Account.Public.Web;
using Volo.Abp.Account.Public.Web.ExternalProviders;
using Volo.Abp.Account.Public.Web.Impersonation;
using Volo.Abp.Account.Web;
using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
using Volo.Abp.AspNetCore.Mvc.UI.MultiTenancy.Localization;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Lepton;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Lepton.Bundling;
using Volo.Abp.AspNetCore.Serilog;
using Volo.Abp.Auditing;
using Volo.Abp.BackgroundJobs;
using Volo.Abp.Caching.StackExchangeRedis;
using Volo.Abp.Emailing;
using Volo.Abp.Identity;
using Volo.Abp.Localization;
using Volo.Abp.Modularity;
using Volo.Abp.OpenIddict;
using Volo.Abp.OpenIddict.Localization;
using Volo.Abp.UI.Navigation.Urls;
using Volo.Abp.VirtualFileSystem;
using Volo.Saas.Host;
namespace ABC
{
[DependsOn(
typeof(ABCSharedHostingModule),
typeof(AbpCachingStackExchangeRedisModule),
typeof(AbpAspNetCoreSerilogModule),
typeof(AbpAccountPublicWebOpenIddictModule),
typeof(AbpAccountPublicHttpApiModule),
typeof(AbpAspNetCoreMvcUiLeptonThemeModule),
typeof(AbpAccountPublicApplicationModule),
typeof(AbpAccountPublicWebImpersonationModule),
typeof(SaasHostApplicationContractsModule),
typeof(ABCEntityFrameworkCoreModule),
typeof(MasterDataManagementEntityFrameworkCoreModule),
typeof(AnalyticsEntityFrameworkCoreModule),
typeof(AbpEmailingModule),
// ABCApplicationEntityFrameworkCoreModule must be after the other EntityFrameworkCoreModules to replace db contexts
typeof(ABCApplicationEntityFrameworkCoreModule)
)]
public class ABCAuthServerModule : AbpModule
{
public override void PreConfigureServices(ServiceConfigurationContext context)
{
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("ABC");
options.UseLocalServer();
options.UseAspNetCore();
});
});
var hostingEnvironment = context.Services.GetHostingEnvironment();
// Other than development environments, use the certificates from the certificate store
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
var configuration = context.Services.GetConfiguration();
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddSigningCertificate(LoadCertificate(configuration["AuthServer:SigningCertificateThumbprint"]));
builder.AddEncryptionCertificate(LoadCertificate(configuration["AuthServer:EncryptionCertificateThumbprint"]));
});
}
}
public override void ConfigureServices(ServiceConfigurationContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
// Enable for debugging only
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = false;
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
Configure<EmailSenderConfiguration>(configuration.GetSection("Settings"));
Configure<ForwardedHeadersOptions>(options => options.ForwardedHeaders = ForwardedHeaders.XForwardedHost);
context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
// Add a custom CSS to your ABP MVC / Razor Pages solution
// https://docs.abp.io/en/commercial/7.1/themes%2Flepton%2Fcustomizing-lepton-theme?UI=MVC
Configure<LeptonThemeOptions>(options =>
{
options.StylePath = $"/Themes/Lepton/Global/Styles/lepton7.css";
});
Configure<AbpLocalizationOptions>(options =>
{
options.Resources
.Get<ABCObjectControlResource>()
.AddBaseTypes(
typeof(AbpUiResource)
);
options.Resources
.Get<AbpUiResource>()
.AddVirtualJson("/Localization/AbpUi");
options.Resources
.Get<AccountResource>()
.AddVirtualJson("/Localization/Account");
options.Resources
.Get<AbpOpenIddictResource>()
.AddVirtualJson("/Localization/OpenIddict");
options.Resources
.Get<AbpUiMultiTenancyResource>()
.AddVirtualJson("/Localization/AbpUiMultiTenancy");
});
Configure<AbpBundlingOptions>(options =>
{
options.StyleBundles.Configure(
LeptonThemeBundles.Styles.Global,
bundle => bundle.AddFiles("/global-styles.css")
);
});
Configure<AbpAuditingOptions>(options =>
{
options.IsEnabledForGetRequests = true;
options.ApplicationName = "AuthServer";
});
if (hostingEnvironment.IsDevelopment())
{
Configure<AbpVirtualFileSystemOptions>(options =>
{
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlDomainSharedModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}ABC.ObjectControl.Domain.Shared", Path.DirectorySeparatorChar)));
options.FileSets.ReplaceEmbeddedByPhysical<ABCObjectControlDomainModule>(
Path.Combine(hostingEnvironment.ContentRootPath,
String.Format("..{0}ABC.ObjectControl.Domain", Path.DirectorySeparatorChar)));
});
}
Configure<AppUrlOptions>(options =>
{
options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"];
options.RedirectAllowedUrls.AddRange(configuration["App:RedirectAllowedUrls"].Split(','));
});
Configure<AbpBackgroundJobOptions>(options => options.IsJobExecutionEnabled = false);
context.Services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.Select(o => o.Trim().RemovePostFix("/"))
.ToArray()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
var authenticationBuilder = context.Services.AddAuthentication();
if (configuration.GetValue<bool?>("AzureAd:IsEnbaled") is true)
{
authenticationBuilder.AddOpenIdConnect("AzureOpenId", "Azure AD", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("email");
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
});
}
authenticationBuilder.AddGoogle(GoogleDefaults.AuthenticationScheme, _ => { })
.WithDynamicOptions<GoogleOptions, GoogleHandler>(
GoogleDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ClientId);
options.WithProperty(x => x.ClientSecret, isSecret: true);
}
)
.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, options =>
{
//Personal Microsoft accounts as an example.
options.AuthorizationEndpoint =
"https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize";
options.TokenEndpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
})
.WithDynamicOptions<MicrosoftAccountOptions, MicrosoftAccountHandler>(
MicrosoftAccountDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ClientId);
options.WithProperty(x => x.ClientSecret, isSecret: true);
}
)
.AddTwitter(TwitterDefaults.AuthenticationScheme,
options => options.RetrieveUserDetails = true)
.WithDynamicOptions<TwitterOptions, TwitterHandler>(
TwitterDefaults.AuthenticationScheme,
options =>
{
options.WithProperty(x => x.ConsumerKey);
options.WithProperty(x => x.ConsumerSecret, isSecret: true);
}
);
context.Services.Configure<AbpAccountOptions>(options =>
{
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
ApplicationInsightsConfigurationHelper.AddApplicationInsightsForHttpApplications(context, configuration, Assembly.GetExecutingAssembly().GetName().Name);
}
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
var app = context.GetApplicationBuilder();
var env = context.GetEnvironment();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAbpRequestLocalization();
#pragma warning disable S125 // Sections of code should not be commented out
/*
if (!env.IsDevelopment())
{
app.UseErrorPage();
}
*/
#pragma warning restore S125 // Sections of code should not be commented out
app.UseForwardedHeaders();
app.UseCorrelationId();
app.UseStaticFiles();
app.UseRouting();
app.UseCors();
app.UseAuthentication();
if (MultiTenancyConsts.IS_ENABLED)
{
app.UseMultiTenancy();
}
app.UseUnitOfWork();
app.UseAuthorization();
app.UseAuditing();
app.UseAbpSerilogEnrichers();
app.UseConfiguredEndpoints();
}
#pragma warning disable CA1822 // Method can be made static
private X509Certificate2 LoadCertificate(string thumbprint)
#pragma warning restore CA1822 // Method can be made static
{
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
// Replace below with your certificate's thumbprint
thumbprint,
false);
// Get the first cert with the thumbprint
X509Certificate2 cert = certCollection.OfType<X509Certificate2>().FirstOrDefault();
if (cert is null)
throw new AbpInitializationException($"Certificate with thumbprint {thumbprint} was not found");
// Use certificate
Console.WriteLine(cert.FriendlyName);
return cert;
}
}
else if(RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
{
var bytes = File.ReadAllBytes($"/var/ssl/private/{thumbprint}.p12");
return new X509Certificate2(bytes);
}
else
{
throw new AbpInitializationException("Unsupported OS");
}
}
}
}
Sorry about my misleading description. I removed UseAbpOpenIddictValidation() from AuthServer so there is no more that rejection. After that removal currentUser stays empty although login was done succesfully. So it wasn't about token validation. So it is something else.
Lets try google drive. https://drive.google.com/file/d/1aP8ErxxvPPnMCxZ_707llRAQYWSRDGfS/view?usp=drive_link
Yes I can. What is your address? I didn't manage to find any profile page of yours.