I've already this row
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(builder =>
{
builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
}
If I use
"AuthServer": {
"Authority": "https://auth.mysite.it",
"RequireHttpsMetadata": "false",
"SwaggerClientId": "WebGateway_Swagger"
}
It works but angular not work and way in 9,1,3 works in https?
in Angular I've this issue
main.e261e1928bc16e78.js:1 error validating authorization_endpoint in discovery document (2) ['https for all urls required. Also for urls received by discovery.', 'Every url in discovery document has to start with âĻo see property strictDiscoveryDocumentValidation.']
With false flag
{
"issuer": "https://auth.mysite.it/",
"authorization_endpoint": "http://auth.mysite.it/connect/authorize",
"token_endpoint": "http://auth.mysite.it/connect/token",
"introspection_endpoint": "http://auth.mysite.it/connect/introspect",
"end_session_endpoint": "http://auth.mysite.it/connect/logout",
"revocation_endpoint": "http://auth.mysite.it/connect/revocat",
"userinfo_endpoint": "http://auth.mysite.it/connect/userinfo",
"device_authorization_endpoint": "http://auth.mysite.it/device",
"jwks_uri": "http://auth.mysite.it/.well-known/jwks",
...
I've publish a Auth server for a microservice with abp 7.4.5 on linux but I get this error
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as rejected by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachErrorParameters. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachCustomErrorParameters. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyCryptographyResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyCryptographyResponseContext, OpenIddict.Server, Version=4.8.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyCryptographyResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachWwwAuthenticateHeader`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyCryptographyResponseContext, OpenIddict.Server, Version=4.8.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. <s:OpenIddict.Server.OpenIddictServerDispatcher>
[10:38:13 INF] The response was successfully returned as a JSON document: {
"error": "invalid_request",
"error_description": "This server only accepts HTTPS requests.",
"error_uri": "https://documentation.openiddict.com/errors/ID2083"
}. <s:OpenIddict.Server.OpenIddictServerDispatcher>
My configuration is linux ubuntu with Nginx work as reverse proxy, linux machine work as application machine. On application I've a process with auth
/var/www/auth-service/myapp.AuthServer --urls=http://0.0.0.0:5007
If I try to access to auth server all works fine, I'm able to login an get user and log data but if I try to open https://auth.mysite.it/.well-known/jwks or http://lnx-app:5007/.well-known/jwks
I get
{
"error": "invalid_request",
"error_description": "This server only accepts HTTPS requests.",
"error_uri": "https://documentation.openiddict.com/errors/ID2083"
}
If I change my app settings with true to false but I've Issuer in https and other in http
"AuthServer": {
"Authority": "https://auth.mysite.it",
"RequireHttpsMetadata": "false", <--- works bat angular get error
"SwaggerClientId": "WebGateway_Swagger"
},
I've the same schema on abp 9.1.3 and works fine, also same build in 7.4.5. work fine in IIS on windows server
Ok.
I understand that version must be the same but about auth server I need to create a separate server? Are there other operation to do do?
And about auth server I need to have one ore more auth server?
I've a microservice application (7.4.5) with:
Now I want to add a new application ERP (abp 9.1.3). If I create a new solution
My customer start using Crm application and now ask to add ERP service. Erp and Crm are complete different application with separate UI, differente permissione and other stuff the only connection is single user and tenant.
I need to use same ABP version I suppose. I create a path to upgrade current module from 7.4.5 to 9.1.3 but how can I get a single user and tenant but different permission, localize data and logs?
Is it possible?
Sovled!
https://abp.io/docs/9.1/framework/architecture/multi-tenancy#multi-tenancy-middleware
In IdentityService
...
app.UseCors();
app.UseRouting();
app.UseMultiTenancy();
app.UseHttpMetrics();
app.UseAuthentication();
app.UseAuthorization();
In SaasService
app.UseAbpStudioLink();
app.UseCors();
app.UseRouting();
app.UseMultiTenancy();
app.UseHttpMetrics();
app.UseAuthentication();
app.UseAuthorization();
I move the app.UseMultiTenancy(); after app.UseAuthentication(); and now works has expected
This service template came from studio on startup init
Yes I've UseMultiTenancy in all services
The new log is
2025-07-08 10:40:12.684 +02:00 [ERR] HttpContext.User Claims:
2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
2025-07-08 10:40:12.684 +02:00 [ERR] Current User Claims:
2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
2025-07-08 10:40:12.684 +02:00 [ERR] Current TenantId:,name:
2025-07-08 10:40:12.684 +02:00 [ERR] UserId Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
2025-07-08 10:40:12.684 +02:00 [ERR] UserName Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
2025-07-08 10:40:12.684 +02:00 [ERR] Role Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
2025-07-08 10:40:12.684 +02:00 [ERR] Authorization Header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjI5MzBDQUQ1REEyNTQ2N0U2NkZFQTgxOEVBNDU0NzhBNDBEMTM5RTciLCJ4NXQiOiJLVERLMWRvbFJuNW1fcWdZNmtWSGlrRFJPZWMiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3VhdC5hdXRoLnJvdXRpbGlhLmNvbS8iLCJleHAiOjE3NTE5Njc2MDYsImlhdCI6MTc1MTk2NDAwNiwiYXVkIjpbIkF1dGhTZXJ2ZXIiLCJJZGVudGl0eVNlcnZpY2UiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJTYWFzU2VydmljZSIsIkF1ZGl0TG9nZ2luZ1NlcnZpY2UiLCJHZHByU2VydmljZSIsIkxhbmd1YWdlU2VydmljZSIsIk9mZmljZVNlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBhZGRyZXNzIHJvbGVzIG9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIEF1dGhTZXJ2ZXIgSWRlbnRpdHlTZXJ2aWNlIEFkbWluaXN0cmF0aW9uU2VydmljZSBBdWRpdExvZ2dpbmdTZXJ2aWNlIEdkcHJTZXJ2aWNlIFNhYXNTZXJ2aWNlIExhbmd1YWdlU2VydmljZSBPZmZpY2VTZXJ2aWNlIiwianRpIjoiZjdkNzIzOTctMmZiZS00ZjQwLTk4NTYtYTdiYTllMzNkMGMwIiwic3ViIjoiM2ExYTk0OWUtYTQ3Ni1kYmEzLTJiMDctZDdjNDU1YTg1NGU3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImNsaWVudGUxQHJ0bC5sb2NhbCIsInJvbGUiOiJhZG1pbiIsInRlbmFudGlkIjoiM2ExYTk0OWUtYTAzMS0wMzBkLWM1MWYtMzUyMTQwZGE0Yjg5IiwiZ2l2ZW5fbmFtZSI6ImFkbWluIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjoiRmFsc2UiLCJlbWFpbF92ZXJpZmllZCI6IkZhbHNlIiwiZWRpdGlvbmlkIjoiM2ExYTk0YTEtYzc2NS05ZGVlLWExZTItM2ZjYjIwYjM4ZDBhIiwic2Vzc2lvbl9pZCI6IjIwMjZjNDg0LWI3MGEtNDMzMS1iODIyLTRiNjcyYjNkZTdiMiIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExYWZiNWUtMTBiZi04OTA2LTBiM2UtMWUxYTdjMWI4NWNjIiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMWFmYjVlLTEwZDgtY2Q3Mi04YTk1LTVkNTJlODMwNmQ3NSJ9.joXzDGIJuhzhqbzUp8RqyZpZI2ujrxuw5jtFIKwtDhqw1OMExh99ivoySZbyvlm46PayP-PJUIfCJAnw45E2g7ybBl3As_udX7ChnisxTjk7pU3q4UxjntC88kE_RhXlnaPUzGLvw4apWu208LDUQuIxtjL2S2-5Z7j94Q7aunk2YU47JdDAv6DfFWEC1-3HcwNK2iL5SJv3qe-KcT_MKDOOmNT0J4_SxdNE7Hs1iKXtkCyUFJIU1nNoyX-cUin15DXozQNgYQIcuvuEbBeG9O3PbS13JALf_3O9QPSuof2O46UWC5KTYnNPpNi_EAF_KaetHjT90TycFcsg3AYImQ
2025-07-08 10:40:12.687 +02:00 [INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
2025-07-08 10:40:12.687 +02:00 [INF] Route matched with {area = "identity", controller = "User", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
2025-07-08 10:40:12.697 +02:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto`1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=9.1.1.0, Culture=neutral, PublicKeyToken=null]]'.
2025-07-08 10:40:12.697 +02:00 [INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 9.8272ms
2025-07-08 10:40:12.697 +02:00 [INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
2025-07-08 10:40:12.698 +02:00 [INF] Request finished HTTP/1.1 GET http://localhost/api/identity/users?skipCount=0&maxResultCount=10 - 200 null application/json; charset=utf-8 14.6775ms
Yes I do now
