Because https://int-fbteammgmt.lpl-cloud.com/ is the public endpoint.
There are also errors like this in the log:
PermissionRequirement: Calendar_Parameters
2025-12-04 08:26:08.481 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Calendar_Parameters
2025-12-04 08:26:08.484 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Planning_Parameters
2025-12-04 08:26:08.486 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Trade_Parameters
2025-12-04 08:26:08.618 +00:00 [DBG] Executing view component Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX.Themes.LeptonX.Components.SideMenu.MainMenu.MainMenuViewComponent with arguments ([]).
2025-12-04 08:26:08.631 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Calendar_Parameters
2025-12-04 08:26:08.632 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Calendar_Parameters
2025-12-04 08:26:08.634 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Planning_Parameters
2025-12-04 08:26:08.635 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: Trade_Parameters
Can you tell me what this is?
I have the debug log file, but it's too big to put here. Can I email it to you? Can you give me an address?
Ok, but how do I fix it?
Hi,
The problem doesn't occur in the development environment. Furthermore, if I authenticate locally with my username and password, there are no problems. The problem only occurs with AAD authentication. Providing you with AAD login credentials is problematic because the Azure environment is that of a large customer with stringent security policies. What we can do is arrange a call where I can walk you through the necessary checks. If necessary, I'm available this afternoon.
Also, please note this: the Azue application is associated with the URL https://webap-fbteammanagement-we1-int.azurewebsites.net/, but access is via the URL https://int-fbteammgmt.lpl-cloud.com/, and there's a redirect code to the latter URL. I extracted the log with this configuration:
2025-12-03 08:17:02.774 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
2025-12-03 08:17:02.776 +00:00 [INF] Executing endpoint '/Account/Login'
2025-12-03 08:17:02.777 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2025-12-03 08:17:02.777 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2025-12-03 08:17:02.779 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
2025-12-03 08:17:02.793 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
2025-12-03 08:17:02.794 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
2025-12-03 08:17:02.794 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
2025-12-03 08:17:02.794 +00:00 [INF] Executed page /Account/Login in 17.8239ms
2025-12-03 08:17:02.794 +00:00 [INF] Executed endpoint '/Account/Login'
2025-12-03 08:17:02.846 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 71.8851ms
2025-12-03 08:17:29.371 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3574
2025-12-03 08:17:29.613 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
2025-12-03 08:17:29.614 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 243.428
As you can see the authentication is successful but then the application stop without errors when redirected, even if and the page shows error 502.
However, if I change the redirect values ββto point to https://webap-fbteammanagement-we1-int.azurewebsites.net/ it seems to work:
2025-12-03 07:21:26.849 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
2025-12-03 07:21:26.852 +00:00 [INF] Executing endpoint '/Account/Login'
2025-12-03 07:21:26.852 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2025-12-03 07:21:26.852 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2025-12-03 07:21:26.854 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
2025-12-03 07:21:26.857 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
2025-12-03 07:21:26.857 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
2025-12-03 07:21:26.857 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
2025-12-03 07:21:26.857 +00:00 [INF] Executed page /Account/Login in 5.4688ms
2025-12-03 07:21:26.857 +00:00 [INF] Executed endpoint '/Account/Login'
2025-12-03 07:21:26.873 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 23.8727ms
2025-12-03 07:21:48.341 +00:00 [INF] Executed endpoint '/signalr-hubs/chat'
2025-12-03 07:21:48.341 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/signalr-hubs/chat?id=WJ0DIvtwrq6BStrHknnenA - 200 null text/event-stream 30379.334ms
2025-12-03 07:21:48.712 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3612
2025-12-03 07:21:49.088 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
2025-12-03 07:21:49.089 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 376.596ms
2025-12-03 07:21:49.154 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLoginCallback - null null
2025-12-03 07:21:49.156 +00:00 [INF] Executing endpoint '/Account/Login'
2025-12-03 07:21:49.156 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2025-12-03 07:21:49.156 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2025-12-03 07:21:49.158 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetExternalLoginCallbackAsync - ModelState is "Valid"
2025-12-03 07:21:49.423 +00:00 [INF] AuthenticationScheme: Identity.External signed out.
2025-12-03 07:21:49.506 +00:00 [INF] AuthenticationScheme: Identity.Application signed in.
2025-12-03 07:21:49.636 +00:00 [INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectResult.
2025-12-03 07:21:49.645 +00:00 [INF] Executing RedirectResult, redirecting to /.
2025-12-03 07:21:49.645 +00:00 [INF] Executed page /Account/Login in 488.865ms
2025-12-03 07:21:49.645 +00:00 [INF] Executed endpoint '/Account/Login'
2025-12-03 07:21:49.647 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLoginCallback - 302 null null 492.9503ms
2025-12-03 07:21:49.688 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/ - null null
2025-12-03 07:21:49.721 +00:00 [INF] Executing endpoint '/Index'
I have looked at AI-Bot's response but I think all the suggestions were followed and did not solve the problem.
[maliming] said: hi
What is the logs of http 502?
Thanks.
Hi, this is the login related log. No errors was logged:
...
...
2025-12-02 13:04:51.286 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 682.55ms
2025-12-02 13:04:51.286 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:51.292 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - 200 125427 application/javascript 707.7168ms
2025-12-02 13:04:52.621 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login - null null
2025-12-02 13:04:52.624 +00:00 [INF] Executing endpoint '/Account/Login'
2025-12-02 13:04:52.636 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2025-12-02 13:04:52.636 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2025-12-02 13:04:52.671 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetAsync - ModelState is "Valid"
2025-12-02 13:04:52.753 +00:00 [INF] Executed handler method OnGetAsync, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
2025-12-02 13:04:53.098 +00:00 [INF] Bundling __bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js (1 files)
2025-12-02 13:04:53.102 +00:00 [INF] > Minified /Pages/Account/Login.js (1968 bytes -> 1045 bytes)
2025-12-02 13:04:53.102 +00:00 [INF] Bundled __bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js (1048 bytes)
2025-12-02 13:04:53.103 +00:00 [INF] Executed page /Account/Login in 467.0683ms
2025-12-02 13:04:53.103 +00:00 [INF] Executed endpoint '/Account/Login'
2025-12-02 13:04:53.105 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login - 200 null text/html; charset=utf-8 483.4814ms
2025-12-02 13:04:53.248 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationConfigurationScript - null null
2025-12-02 13:04:53.252 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.252 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc).
2025-12-02 13:04:53.254 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
2025-12-02 13:04:53.315 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 61.1525ms.
2025-12-02 13:04:53.315 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
2025-12-02 13:04:53.315 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 63.4173ms
2025-12-02 13:04:53.315 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.316 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationConfigurationScript - 200 4667 application/javascript 68.1835ms
2025-12-02 13:04:53.323 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - null null
2025-12-02 13:04:53.324 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.325 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc).
2025-12-02 13:04:53.327 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
2025-12-02 13:04:53.363 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 36.1308ms.
2025-12-02 13:04:53.363 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
2025-12-02 13:04:53.364 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 39.2244ms
2025-12-02 13:04:53.364 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.367 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ServiceProxyScript - null null
2025-12-02 13:04:53.369 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.369 +00:00 [INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc).
2025-12-02 13:04:53.371 +00:00 [INF] Executing action method Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) - Validation state: "Valid"
2025-12-02 13:04:53.409 +00:00 [INF] Executed action method Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc), returned result Microsoft.AspNetCore.Mvc.ContentResult in 38.6275ms.
2025-12-02 13:04:53.410 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
2025-12-02 13:04:53.410 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 40.5489ms
2025-12-02 13:04:53.410 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
2025-12-02 13:04:53.413 +00:00 [INF] Request starting HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js?_v=639002774931021936 - null null
2025-12-02 13:04:53.414 +00:00 [INF] Sending file. Request path: '/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js'. Physical path: 'N/A'
2025-12-02 13:04:53.414 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/__bundles/Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.F7A5911E28D6821FA25AF0D82E7F53BF.js?_v=639002774931021936 - 200 1048 application/javascript 1.0533ms
2025-12-02 13:04:53.415 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ApplicationLocalizationScript?cultureName=it - 200 125427 application/javascript 92.3354ms
2025-12-02 13:04:53.415 +00:00 [INF] Request finished HTTP/1.1 GET https://webap-fbteammanagement-we1-int.azurewebsites.net/Abp/ServiceProxyScript - 200 48073 application/javascript 48.0272ms
2025-12-02 13:04:55.748 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - application/x-www-form-urlencoded 203
2025-12-02 13:04:55.764 +00:00 [INF] Executing endpoint '/Account/Login'
2025-12-02 13:04:55.764 +00:00 [INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
2025-12-02 13:04:55.764 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
2025-12-02 13:04:55.773 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is "Invalid"
2025-12-02 13:04:56.339 +00:00 [INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
2025-12-02 13:04:56.340 +00:00 [INF] Executing ChallengeResult with authentication schemes (["AzureOpenId"]).
2025-12-02 13:04:56.496 +00:00 [INF] AuthenticationScheme: AzureOpenId was challenged.
2025-12-02 13:04:56.497 +00:00 [INF] Executed page /Account/Login in 733.2503ms
2025-12-02 13:04:56.497 +00:00 [INF] Executed endpoint '/Account/Login'
2025-12-02 13:04:56.866 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/Account/Login?handler=ExternalLogin - 302 null null 1118.6383ms
2025-12-02 13:05:27.354 +00:00 [INF] Request starting HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - application/x-www-form-urlencoded 3396
2025-12-02 13:05:27.650 +00:00 [INF] AuthenticationScheme: Identity.External signed in.
2025-12-02 13:05:27.651 +00:00 [INF] Request finished HTTP/1.1 POST https://webap-fbteammanagement-we1-int.azurewebsites.net/signin-azuread-oidc - 302 null null 297.0264ms
Hi,
I converted my web application running on Azure from version 4.3 to version 9.3.6 of Abp.io. I'm having an issue with AAD authentication, which doesn't seem to work as it used to. The problem is that once authenticated the redirect on the main page shows a 502 error
This is the code I use for authentication:
private void ConfigureExternalProviders(ServiceConfigurationContext context)
{
context.Services.AddAuthentication()
.AddOpenIdConnect("AzureOpenId", "Azure Active Directory OpenId", options =>
{
options.Authority = "https://login.microsoftonline.com/" + context.Configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = context.Configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = context.Configuration["AzureAd:CallbackPath"];
options.ClientSecret = context.Configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.SignInScheme = IdentityConstants.ExternalScheme;
options.Scope.Add("email");
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
if (context.Services.GetHostingEnvironment().IsProduction())
{
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = redirectContext =>
{
redirectContext.ProtocolMessage.RedirectUri = context.Configuration["AzureAd:RedirectToIdentityProviderUri"];
return Task.CompletedTask;
}
};
}
});
}
The configuration parameters are exactly the same as those in version 4.3. What could be the problem? Where can I investigate?
