Activities of "balessi75"

Hi @maliming ,

Ok, so something is accessing the token URL more than once when deployed, but not in local development?

In an attempt to help you be able to replicate the problem, I created a new blazor server project at verison 7.0.1 using the abp cli. I figured this would eliminate any of our code/or overrides from being the issue.

The only change I made was to allow the application to startup in an azure app service when abp is using openiddict (this was not a problem, or required when we used identityserver). The solution for using openiddict in an azure app servicce is documented here. https://codejack.com/2022/12/deploying-abp-io-to-an-azure-appservice/

The only other change I made was to implement an email sender (sendgrid) so that we can receive the confirmation email. context.Services.Replace(ServiceDescriptor.Singleton<IEmailSender, SendGridEmailSender>());

The newly created ABP starts up in azure app service and a confirmation email is successfully sent. When we click the confirmation link, however, we still receive the 'Invalid Token' error.

I hope this helps, Please advise as we need a solution or workaround asap.

Thanks

Hi @maliming ,

I confirmed that when running locally with ASPNETCORE_ENVIRONMENT set to either Development or Production mode, everything works correctly. The problem only occurs once the application is deployed.

Any ideas, why the user still ends up having their email flagged as confirmed even though they get the invalid token message?

Thanks @maliming ,

I emailed you a log from startup to the error occurring with the data protection logging turned on.

Hi @maliming ,

The full log with debug info was sent to your email.

Hi,

Sorry, I wasn't clear. There is no error in the logs and no exception occurs. The front-end UI simply shows the end user the message "Invalid Token"

ABP Commercial 7.0.1 / Blazor Server / EF / Non tiered / Separate Host DB, Separate Tenant DBs / Lepton Theme

Hi, we are receiving the error "Volo.Abp.Identity:InvalidToken": "Invalid token.", whenever an email confirmation link is clicked.

The error doesn't occur in local development, it only occurs when the app is deployed (Azure App Service).

I've included logging from Azure below. The log indicates Volo.Abp.Account.Public.Web.Pages.Account.EmailConfirmationModel.OnGetAsync - ModelState is "Valid"

However, Model.InvalidToken appears to be true in EmailConfirmation.cshtml.cs

Also, in the database, the user gets flagged as having their email confirmed when clicking the confirmation link, even though they received the invalid token error.

Any ideas on what could be happening here? Any help is greatly appreciated...

Hi @maliming

Thank you. This looks good and is tremendously helpful. I will continue to test...

Thanks @maliming

That looks good as far as the correct tenant data is shown in each page, but I noticed that the tenant name next to the user name on the upper right of the screen still doesn't show (Lepton theme - tenant\user).

Any thoughts on that?

Hi @maliming

I was able to recreate the problem with a brand new templated ABP project at version 7.0.1 (Blazor Server).

Steps to reproduce;

1. Add the following to appsettings.json

"Azure": {
    "SignalR": {
      "ConnectionString": "connection string I emailed you yesterday"
    }
  }

2. Add the latest Microsoft.Azure.SignalR package reference to the Blazor project
3. Add the following to the end of ConfigureServices

public override void ConfigureServices(ServiceConfigurationContext context)
{
    ...
    context.Services.AddSignalR().AddAzureSignalR();
}

4. Login as the host and create a role called "Host Role"
5. When logged in as the host, create a tenant
6. Login as the tenant and go to the role page and you'll see that your logging into the host's data (seeing the "Host Role")
7. Comment out context.Services.AddSignalR().AddAzureSignalR(); and then login as the tenant and you'll now be properly logged into the tenant

Logged in as Host

Logging in as Tenant

Logged in as Tenant - seeing host data and no tenant indicator on upper right of screen

I found this from 4 months ago https://support.abp.io/QA/Questions/4376/Permissions-not-working-with-Azure-SignalR-Service

Was there ever a resolution to this issue?

This appears to be the same kind of issue. We see the azure signalr connection taking place, but the abp menu/permission is all pointing to the host , even though we are logging into a particular tenant.

Also, the app doesn't need to be deployed to Azure to see the issue. The issue happens in local development when we have the signalR connection string defined in secrets.json.