Thank you. It worked
OK, after fixing email settings, I got another error, here is the log
2025-03-28 12:29:49.012 +03:00 [ERR] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: When using X.509 encryption credentials, at least one of the registered certificates must be valid.
To use key rollover, register both the new certificate and the old one in the credentials collection.
at OpenIddict.Server.OpenIddictServerConfiguration.PostConfigure(String name, OpenIddictServerOptions options)
at Microsoft.Extensions.Options.OptionsFactory1.Create(String name) at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor) at System.Lazy1.CreateValue()
at Microsoft.Extensions.Options.OptionsCache1.GetOrAdd[TArg](String name, Func3 createOptions, TArg factoryArgument)
at Microsoft.Extensions.Options.OptionsMonitor1.Get(String name) at OpenIddict.Validation.ServerIntegration.OpenIddictValidationServerIntegrationConfiguration.Configure(OpenIddictValidationOptions options) at Microsoft.Extensions.Options.OptionsFactory1.Create(String name)
at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode) at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy1.CreateValue() at Microsoft.Extensions.Options.OptionsCache1.GetOrAdd[TArg](String name, Func3 createOptions, TArg factoryArgument) at Microsoft.Extensions.Options.OptionsMonitor1.Get(String name)
at OpenIddict.Validation.OpenIddictValidationFactory.CreateTransactionAsync()
at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
2025-03-28 12:29:49.024 +03:00 [ERR] An exception was thrown attempting to execute the error handler.
System.InvalidOperationException: When using X.509 encryption credentials, at least one of the registered certificates must be valid.
To use key rollover, register both the new certificate and the old one in the credentials collection.
at OpenIddict.Server.OpenIddictServerConfiguration.PostConfigure(String name, OpenIddictServerOptions options)
at Microsoft.Extensions.Options.OptionsFactory1.Create(String name) at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode)
at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor) at System.Lazy1.CreateValue()
at Microsoft.Extensions.Options.OptionsCache1.GetOrAdd[TArg](String name, Func3 createOptions, TArg factoryArgument)
at Microsoft.Extensions.Options.OptionsMonitor1.Get(String name) at OpenIddict.Validation.ServerIntegration.OpenIddictValidationServerIntegrationConfiguration.Configure(OpenIddictValidationOptions options) at Microsoft.Extensions.Options.OptionsFactory1.Create(String name)
at System.Lazy1.ViaFactory(LazyThreadSafetyMode mode) at System.Lazy1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
at System.Lazy1.CreateValue() at Microsoft.Extensions.Options.OptionsCache1.GetOrAdd[TArg](String name, Func3 createOptions, TArg factoryArgument) at Microsoft.Extensions.Options.OptionsMonitor1.Get(String name)
at OpenIddict.Validation.OpenIddictValidationFactory.CreateTransactionAsync()
at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.HandleException(HttpContext context, ExceptionDispatchInfo edi)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at RMG.Iso20.AuthServer.Iso20AuthServerModule.<>c.<<OnApplicationInitialization>b__2_0>d.MoveNext() in /home/vsts/work/1/s/apps/auth-server/src/RMG.Iso20.AuthServer/Iso20AuthServerModule.cs:line 214
--- End of stack trace from previous location ---
at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
an issue with the certificate. More info: We are hosting Auth server project from IIS, and the certificate is generated using Let's Encrypt (gets renewed every 3 months)
The issue seems here
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");
serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
}
Because when commenting this code it works fine.
I wander how this line works
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");
since this openiddict.pfx file is ignored from git (i.e: it doesn't exist on ther server)!!!
can you check your SMTP configs and ensure they are correct or not?
In which service? AuthServer project doesn't have these configs and never uses SMTP client
We have a microservice app deployed and running normally. Sudenly AuthServer app fails to start with this repeating error
2025-03-23 16:13:02.702 +03:00 [ERR] Failure sending mail. System.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Threading.Tasks.ValueTask.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.TaskToAsyncResult.End(IAsyncResult asyncResult) at System.Net.Mail.SmtpConnection.EndInitializeConnection(IAsyncResult result) at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.InitializeConnectionCallback(IAsyncResult result) --- End of stack trace from previous location --- at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result) --- End of inner exception stack trace --- at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml, AdditionalEmailSendingArgs additionalEmailSendingArgs) at Volo.Abp.Emailing.BackgroundEmailSendingJob.ExecuteAsync(BackgroundEmailSendingJobArgs args) at Volo.Abp.BackgroundJobs.BackgroundJobExecuter.ExecuteAsync(JobExecutionContext context) 2025-03-23 16:13:04.749 +03:00 [WRN] We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit(https://docs.abp.io/en/abp/latest/MailKit) or other libraries instead.For more information, see https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md 2025-03-23 16:13:05.750 +03:00 [ERR] Failure sending mail. System.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Threading.Tasks.ValueTask.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.TaskToAsyncResult.End(IAsyncResult asyncResult) at System.Net.Mail.SmtpConnection.EndInitializeConnection(IAsyncResult result) at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.InitializeConnectionCallback(IAsyncResult result) --- End of stack trace from previous location --- at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result) --- End of inner exception stack trace --- at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml, AdditionalEmailSendingArgs additionalEmailSendingArgs) at Volo.Abp.Emailing.BackgroundEmailSendingJob.ExecuteAsync(BackgroundEmailSendingJobArgs args) at Volo.Abp.BackgroundJobs.BackgroundJobExecuter.ExecuteAsync(JobExecutionContext context) 2025-03-23 16:13:07.798 +03:00 [WRN] We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit(https://docs.abp.io/en/abp/latest/MailKit) or other libraries instead.For more information, see https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md 2025-03-23 16:13:08.802 +03:00 [ERR] Failure sending mail. System.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Threading.Tasks.ValueTask.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.TaskToAsyncResult.End(IAsyncResult asyncResult) at System.Net.Mail.SmtpConnection.EndInitializeConnection(IAsyncResult result) at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.InitializeConnectionCallback(IAsyncResult result) --- End of stack trace from previous location --- at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result) --- End of inner exception stack trace --- at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml, AdditionalEmailSendingArgs additionalEmailSendingArgs) at Volo.Abp.Emailing.BackgroundEmailSendingJob.ExecuteAsync(BackgroundEmailSendingJobArgs args) at Volo.Abp.BackgroundJobs.BackgroundJobExecuter.ExecuteAsync(JobExecutionContext context) 2025-03-23 16:13:10.845 +03:00 [WRN] We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit(https://docs.abp.io/en/abp/latest/MailKit) or other libraries instead.For more information, see https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md 2025-03-23 16:13:11.846 +03:00 [ERR] Failure sending mail. System.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Threading.Tasks.ValueTask.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.TaskToAsyncResult.End(IAsyncResult asyncResult) at System.Net.Mail.SmtpConnection.EndInitializeConnection(IAsyncResult result) at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.InitializeConnectionCallback(IAsyncResult result) --- End of stack trace from previous location --- at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result) --- End of inner exception stack trace --- at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml, AdditionalEmailSendingArgs additionalEmailSendingArgs) at Volo.Abp.Emailing.BackgroundEmailSendingJob.ExecuteAsync(BackgroundEmailSendingJobArgs args) at Volo.Abp.BackgroundJobs.BackgroundJobExecuter.ExecuteAsync(JobExecutionContext context) 2025-03-23 16:13:13.888 +03:00 [WRN] We don't recommend that you use the SmtpClient class for new development because SmtpClient doesn't support many modern protocols. Use MailKit(https://docs.abp.io/en/abp/latest/MailKit) or other libraries instead.For more information, see https://github.com/dotnet/platform-compat/blob/master/docs/DE0005.md 2025-03-23 16:13:14.891 +03:00 [ERR] Failure sending mail. System.Net.Mail.SmtpException: Failure sending mail. ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it. at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at System.Threading.Tasks.ValueTask.ValueTaskSourceAsTask.<>c.<.cctor>b__4_0(Object state) --- End of stack trace from previous location --- at System.Threading.Tasks.TaskToAsyncResult.End(IAsyncResult asyncResult) at System.Net.Mail.SmtpConnection.EndInitializeConnection(IAsyncResult result) at System.Net.Mail.SmtpConnection.ConnectAndHandshakeAsyncResult.InitializeConnectionCallback(IAsyncResult result) --- End of stack trace from previous location --- at System.Net.Mail.SmtpClient.ConnectCallback(IAsyncResult result) --- End of inner exception stack trace --- at Volo.Abp.Emailing.Smtp.SmtpEmailSender.SendEmailAsync(MailMessage mail) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(MailMessage mail, Boolean normalize) at Volo.Abp.Emailing.EmailSenderBase.SendAsync(String to, String subject, String body, Boolean isBodyHtml, AdditionalEmailSendingArgs additionalEmailSendingArgs) at Volo.Abp.Emailing.BackgroundEmailSendingJob.ExecuteAsync(BackgroundEmailSendingJobArgs args) at Volo.Abp.BackgroundJobs.BackgroundJobExecuter.ExecuteAsync(JobExecutionContext context)
We didn't add any custom code to the Authserver project, Also SMPT client is not used inside AuthServer project
Hi, Thank you. It's clear now
Hi, I managed to make it work without any customization. The issue was that I defined my custom permission provider in another microservice, and the configuration request was redirected to administration service. When I moved the permission provider to administration service, it worked. Now I have a question related to some code that I needed to write:
To add my provider I needed to write this code
public override void ConfigureServices(ServiceConfigurationContext context)
{
// Other codes
Configure<PermissionManagementOptions>(options =>
{
options.ManagementProviders.Add<DynamicPermissionManagementProvider>();
options.ProviderPolicies[DynamicPermissionValueProvider.ProviderName] = AdministrationServicePermissions.Dashboard.Host;
});
Configure<AbpPermissionOptions>(options =>
{
options.ValueProviders.Add<DynamicPermissionValueProvider>();
});
}
My question is about this line
options.ProviderPolicies[DynamicPermissionValueProvider.ProviderName] = AdministrationServicePermissions.Dashboard.Host;
Why is this needed? and does it matter what permission I provide for it?
Hi,
I resovled package and module dependency, and was able to use IPermissionManager in my service, but faced another issue.
I defined new DynamicPermissionManagementProvider extends PermissionManagementProvider and DynamicPermissionValueProvider extends PermissionValueProvider to grant some users some dynamic permissions.
I was able to use the new provider and could see the granted permissions in the table AbpPermissionGrants in database. Also logged the result of getting the permission using this line of code:
var granted = await _permissionManager.GetAsync(RisksManagementServicePermissions.Risks.Default, DynamicPermissionValueProvider.ProviderName, CurrentUser.Id.Value.ToString());
And found that the permission is actually granted to the user using my provider. But from angular side, when sending application-configuration request (which includes in its response auth -> grantedPolicies to tell angular app current users' permissions, I don't see my permission granted!
Any idea?
I checked it and it works fine in the Api.Host project. How can I use it in the application layer? try to use IPermissionManager in the ProductService.Application project, it will not work directly. There is some dependency I need to add, can you tell what dependency or projects I need to add to make it work?
Hi,
I checked it and couldn't figure out how to get the provider that is granting the required permission, it can only tell if the permission is granted or not. Also the methods are not defined virtual so couldn't override them
Continue of Dynamic permissions question but with more complex scenario.
I have the entities Risk, Plan, and Task with 1-n relation between them (Risk 1-n Plan) and (Plan 1-n Task). each entity has a property OwnerId which is related to users entity. Now regarding permission: if I assign the RisksPermission to some user, he should see all risks, but if another user is assigned as owner for a task or plan, he should see the related risks only (not the ones he is not part of). I managed to make this work in a monolith project as follows:
DynamicPermissionValueProvider with ProviderName = "D"RisksPermission using this dynamic provider (using IPermissionManager.SetAsync method)RolePermissionValueProvider or UserPermissionValueProvider return all risks, if the permission is granted with DynamicPermissionValueProvider, filter the risks.Now this approach is good for frontend (angular) when using requiredPolicy for RoutesService (if the user has the permission with any provider, he can see the risks menu item).
The problem of this approach with microservice project is that IPermissionManager is only provided in administration service and can't be used in other services.
How can I achieve this scenario in a microservice project.
Thanks in advance