Any update?
The issue is resolved - the cleanup process is now successful. Thanks again.
You have a point here, thank you - some of the projects were missing AbpOpenIddictEntityFrameworkCoreModule
dependency in their EntityFrameworkCoreModule
. Nevertheless, I am planning to leave the site running overnight and will check the log in the morning.
Unfortunately, we don't have a test project - our project is heavy and customized and it's not possible to create a test version of it. I cannot share an original project either.
I have truncated the log file of the project since it was huge. So I will run a UI now and leave it till the exception get raised again - then I'll send you a complete log. Do you need a log of OpenID server as well? Just in case: there was no exception there.
Hi. Thank you. I have the window load handler both in the OpenID server module added via AbpBundlingOptions
and the same logic added via app.component.ts
constructor like this (the load handler code DOES get triggered when I load Angular app pages):
this.document.defaultView.addEventListener('storage', event => {
if (event.key === 'access_token' && event.newValue === null) {
this.document.defaultView.location.reload();
}
});
const stateKey = 'authentication-state-id';
const onLoad = () => {
if (!this.currentUser.isAuthenticated) { // this.configStateService.getOne('currentUser')
localStorage.removeItem(stateKey);
}
else {
localStorage.setItem(stateKey, this.currentUser.id);
}
this.document.defaultView.addEventListener('storage', (event) => {
if (event.key !== stateKey || event.oldValue === event.newValue) {
return;
}
if (event.oldValue || !event.newValue) {
this.document.defaultView.location.reload();
}
else {
location.assign('/');
}
});
};
if (this.document.readyState === 'complete') {
onLoad();
}
else {
this.document.defaultView?.addEventListener('load', onLoad);
}
However, the error 400 is still there (with the same "The provided antiforgery token was meant for a different claims-based user than the current user." exception message): when I click "Login" button in OpenID server web page in the passive tab - neither code of authentication-state-listener.js
is invoked (I put the breakpoints everywhere).
What am I doing wrong?
I have already reported this bug before and you adviced me to replace some classes. I did this in the domain module (and closed the bug hoping it would help):
public static class IServiceCollectionExtension
{
public static void ConfigureStores(this IServiceCollection services)
{
services.AddOpenIddict()
.AddCore(builder =>
{
builder
.AddApplicationStore<AbxAbpOpenIddictApplicationStore>()
.AddAuthorizationStore<AbxAbpOpenIddictAuthorizationStore>()
.AddTokenStore<AbxAbpOpenIddictTokenStore>();
});
}
}
However I still get the same weird exception - but now with my class name:
[09:50:22 INF] Lock is acquired for TokenCleanupBackgroundWorker [09:50:22 ERR] An exception was thrown while activating Volo.Abp.OpenIddict.Tokens.TokenCleanupService -> ?:OpenIddict.Abstractions.IOpenIddictTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpOpenIddictTokenCache -> AbxEps.OpenIddict.Stores.AbxAbpOpenIddictTokenStore. Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.Abp.OpenIddict.Tokens.TokenCleanupService -> ?:OpenIddict.Abstractions.IOpenIddictTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpOpenIddictTokenCache -> AbxEps.OpenIddict.Stores.AbxAbpOpenIddictTokenStore. ---> Autofac.Core.DependencyResolutionException: None of the constructors found on type 'AbxEps.OpenIddict.Stores.AbxAbpOpenIddictTokenStore' can be invoked with the available services and parameters: Cannot resolve parameter 'Volo.Abp.OpenIddict.Tokens.IOpenIddictTokenRepository repository' of constructor 'Void .ctor(Volo.Abp.OpenIddict.Tokens.IOpenIddictTokenRepository, Volo.Abp.Uow.IUnitOfWorkManager, Volo.Abp.Guids.IGuidGenerator, Volo.Abp.OpenIddict.Applications.IOpenIddictApplicationRepository, Volo.Abp.OpenIddict.Authorizations.IOpenIddictAuthorizationRepository, Volo.Abp.OpenIddict.AbpOpenIddictIdentifierConverter, Volo.Abp.OpenIddict.IOpenIddictDbConcurrencyExceptionHandler)'.
See https://autofac.rtfd.io/help/no-constructors-bindable for more info. at Autofac.Core.Activators.Reflection.ReflectionActivator.<>c__DisplayClass14_0.<UseSingleConstructorActivation>b__0(ResolveRequestContext context, Action
1 next) at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action
1 next) at Autofac.Builder.RegistrationBuilder3.<>c__DisplayClass39_0.<OnActivated>b__0(ResolveRequestContext context, Action
1 next) at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action1 next) --- End of inner exception stack trace --- at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action
1 next) at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action
1 next) at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest& request) at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest& request) at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable1 parameters, Object& instance) at Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable
1 parameters) at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType) at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider) at Volo.Abp.OpenIddict.Tokens.TokenCleanupBackgroundWorker.DoWorkAsync(PeriodicBackgroundWorkerContext workerContext) at Volo.Abp.OpenIddict.Tokens.TokenCleanupBackgroundWorker.DoWorkAsync(PeriodicBackgroundWorkerContext workerContext) at Volo.Abp.BackgroundWorkers.AsyncPeriodicBackgroundWorkerBase.DoWorkAsync(CancellationToken cancellationToken) [09:50:22 ERR] ---------- Exception Data ---------- ActivatorChain = Volo.Abp.OpenIddict.Tokens.TokenCleanupService -> ?:OpenIddict.Abstractions.IOpenIddictTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpTokenManager -> Volo.Abp.OpenIddict.Tokens.AbpOpenIddictTokenCache -> AbxEps.OpenIddict.Stores.AbxAbpOpenIddictTokenStore
I can see this exception after I leave my site unattented overnight (I hibernate my computer at night). Please try to reproduce this bug or at least analyze the exception and offer me the solution. Thank you.
We have added a new js to refresh the page if authentication changes. You can add this js file to your 8.1.3 version.
I've tried this file and made sure that it has been added to the markup. The following piece of code has been added to OpenID AbpModule
:
Configure<AbpBundlingOptions>(options =>
{
...
options.ScriptBundles.Configure(
StandardBundles.Scripts.Global,
bundle =>
{
bundle.AddFiles("/libs/abp/aspnetcore-mvc-ui-theme-shared/authentication-state/authentication-state-listener.js");
}
);
});
But it did not affect the issue in any way.
I've placed the breakpoints inside authentication-state-listener.js
and its code has not been invoked during the login process in the passive tab (after a user has already logged-in in the active tab). I think this code is not relevant - instead, there has to be reaction on "Login" button click (i.e. redirect a user to Home page instead of trying to authenticate him), etc.
Please be noted that I had to retain the code you suggested in the very beginning to automatically redirect user to Login box in the passive tab (this is placed in the constructor of app.component.ts
:
this.window.addEventListener('storage', event => {
if (event.key === 'access_token' && event.newValue === null) {
this.window.location.reload();
}
});
https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-8.0#multiple-browser-tabs-and-the-synchronizer-token-pattern
Ok - thank you for this link.
In our case the message is different - "Antiforgery token validation failed. The provided antiforgery token was meant for a different claims-based user than the current user. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user." - but I think it's due to the same issue.
So the site tells "Consider alternative CSRF protection patterns if this poses an issue." - but nothing specific.
I think in the given situation I could just redirect a user (already authenticated in the first tab) to the initial (home) page in the second tab, if such situation takes place instead of trying to log him in again. I just need the hint where I should place the corresponding check, please.
hi
You can try to configure the
AbpSystemTextJsonSerializerOptions
to set theJsonSerializerSettings
https://abp.io/docs/latest/framework/infrastructure/json#abpsystemtextjsonserializeroptions
Are you sure it's JsonSerializerSettings
, not JsonSerializerOptions
? Because as far as I understand, JsonSerializerSettings
is related to Newtonsoft.Json
, not System.Text.Json
from Microsoft
. And the exception is related to the latter.
Besides, where do you suggest to place it?
public class MyHttpApiModule : AbpModule
{
public override void ConfigureServices(ServiceConfigurationContext context)
{
...
Configure<JsonOptions>(options =>
{
options.JsonSerializerOptions.Converters.Add(context.Services.GetRequiredService<IStringToNullableIntConverter>() as JsonConverter);
options.JsonSerializerOptions.Converters.Add(context.Services.GetRequiredService<IStringToNullableLongConverter>() as JsonConverter);
options.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles; //Maybe this will help?
});
Configure<AbpSystemTextJsonSerializerOptions>(options =>
{
//The change is here?
});
}
}
Any update here?