Thanks,
Sorry for late reply. Don’t know what the problem is. However, I was restoring the database back in time and then it worked.
The browser hangs during this URL:
https://myproject.io/authentication/login-callback?code=dRaPkBDLoVlStStG3swES4WTWzePnTrfuOLz4iRH7Yo&state=98c45b8f76234a2a8a7c50f90ee98d8b&iss=https%3A%2F%2Fauth.myproject.io%2F&culture=sv&ui-culture=sv
Thanks, I’ve made some progress. After rearranging the static client proxies as follows:
MyProject.InvoiceService/MyProjectInvoiceServiceModule.cs
// Prepare for static client proxy generation
context.Services.AddStaticHttpClientProxies(
typeof(DocumentServiceContractsModule).Assembly,
remoteServiceConfigurationName: "Default"
);
// Include the generated app-generate-proxy.json in the virtual file system
Configure<AbpVirtualFileSystemOptions>(options =>
{
options.FileSets.AddEmbedded<InvoiceServiceModule>();
});
it works better. I’ve also added values in appsettings.json (as well as in the Helm charts) as follows:
"IdentityClients": {
"Default": {
"GrantType": "client_credentials",
"ClientId": "_InvoiceService",
"ClientSecret": "1q2w3e*",
"Authority": "http://myproject-authserver",
"Scope": "DocumentService",
"RequireHttps": "false"
}
},
Gives:
[19:25:49 ERR] Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Issuer name does not match authority: https://auth.staging.myproject.io/
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Issuer name does not match authority: https://auth.staging.myproject.io/
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at DocumentService.Documents.DocumentsClientProxy.UploadAsync(DocumentUploadDto input) in /app/InvoiceService/ClientProxies//DocumentService/Documents/DocumentsClientProxy.Generated.cs:line 55
at InvoiceService.InvoiceAttestedAckEventHandler.HandleEventAsync(InvoiceAttestedAckEto eventData) in /app/InvoiceService/Services/Invoices/InvoiceAttestedAckEventHandler.cs:line 38
at Volo.Abp.EventBus.EventHandlerInvoker.InvokeAsync(IEventHandler eventHandler, Object eventData, Type eventType)
at Volo.Abp.EventBus.EventBusBase.TriggerHandlerAsync(IEventHandlerFactory asyncHandlerFactory, Type eventType, Object eventData, List`1 exceptions, InboxConfig inboxConfig)
at System.AbpExceptionExtensions.ReThrow(Exception exception)
at Volo.Abp.EventBus.EventBusBase.ThrowOriginalExceptions(Type eventType, List`1 exceptions)
at Volo.Abp.EventBus.RabbitMq.RabbitMqDistributedEventBus.ProcessFromInboxAsync(IncomingEventInfo incomingEvent, InboxConfig inboxConfig)
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.TimerOnElapsed(AbpAsyncTimer arg)
at Volo.Abp.Threading.AbpAsyncTimer.Timer_Elapsed()
Trying to use external DNS instead:
"IdentityClients": {
"Default": {
"GrantType": "client_credentials",
"ClientId": "_InvoiceService",
"ClientSecret": "1q2w3e*",
"Authority": "https://auth.staging.myproject.io",
"Scope": "DocumentService",
"RequireHttps": "true"
}
},
Gives:
[19:31:44 ERR] The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
---> System.TimeoutException: A task was canceled.
---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<SendCoreAsync>g__Core|4_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<SendCoreAsync>g__Core|4_0(HttpRequestMessage request, Boolean useAsync, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Net.Http.HttpClient.HandleFailure(Exception e, Boolean telemetryStarted, HttpResponseMessage response, CancellationTokenSource cts, CancellationToken cancellationToken, CancellationTokenSource pendingRequestsCts)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at IdentityModel.Client.HttpClientDiscoveryExtensions.GetDiscoveryDocumentAsync(HttpMessageInvoker client, DiscoveryDocumentRequest request, CancellationToken cancellationToken)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at DocumentService.Documents.DocumentsClientProxy.UploadAsync(DocumentUploadDto input) in /app/InvoiceService/ClientProxies//DocumentService/Documents/DocumentsClientProxy.Generated.cs:line 55
at InvoiceService.InvoiceAttestedAckEventHandler.HandleEventAsync(InvoiceAttestedAckEto eventData) in /app/InvoiceService/Services/Invoices/InvoiceAttestedAckEventHandler.cs:line 38
at Volo.Abp.EventBus.EventHandlerInvoker.InvokeAsync(IEventHandler eventHandler, Object eventData, Type eventType)
at Volo.Abp.EventBus.EventBusBase.TriggerHandlerAsync(IEventHandlerFactory asyncHandlerFactory, Type eventType, Object eventData, List`1 exceptions, InboxConfig inboxConfig)
at System.AbpExceptionExtensions.ReThrow(Exception exception)
at Volo.Abp.EventBus.EventBusBase.ThrowOriginalExceptions(Type eventType, List`1 exceptions)
at Volo.Abp.EventBus.RabbitMq.RabbitMqDistributedEventBus.ProcessFromInboxAsync(IncomingEventInfo incomingEvent, InboxConfig inboxConfig)
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.TimerOnElapsed(AbpAsyncTimer arg)
at Volo.Abp.Threading.AbpAsyncTimer.Timer_Elapsed()
Thanks, one step in right direction I think. Got this now:
[18:48:59 INF] Found 1 events in the inbox.
[18:48:59 ERR] Could not get HttpClientProxyConfig for DocumentService.Documents.IDocumentsAppService.
Volo.Abp.AbpException: Could not get HttpClientProxyConfig for DocumentService.Documents.IDocumentsAppService.
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at DocumentService.Documents.DocumentsClientProxy.UploadAsync(DocumentUploadDto input) in /app/InvoiceService/ClientProxies/GeoTicket/DocumentService/Documents/DocumentsClientProxy.Generated.cs:line 55
at InvoiceService.InvoiceAttestedAckEventHandler.HandleEventAsync(InvoiceAttestedAckEto eventData) in /app/InvoiceService/Services/Invoices/InvoiceAttestedAckEventHandler.cs:line 38
at Volo.Abp.EventBus.EventHandlerInvoker.InvokeAsync(IEventHandler eventHandler, Object eventData, Type eventType)
at Volo.Abp.EventBus.EventBusBase.TriggerHandlerAsync(IEventHandlerFactory asyncHandlerFactory, Type eventType, Object eventData, List`1 exceptions, InboxConfig inboxConfig)
at Volo.Abp.EventBus.EventBusBase.ThrowOriginalExceptions(Type eventType, List`1 exceptions)
at Volo.Abp.EventBus.RabbitMq.RabbitMqDistributedEventBus.ProcessFromInboxAsync(IncomingEventInfo incomingEvent, InboxConfig inboxConfig)
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.RunAsync()
at Volo.Abp.EventBus.Distributed.InboxProcessor.TimerOnElapsed(AbpAsyncTimer arg)
at Volo.Abp.Threading.AbpAsyncTimer.Timer_Elapsed()
1
With pleasure! In this case, when an event is received, an invoice is generated that should be uploaded to the DocumentService. I’ve included the entire DocumentService.Contracts project in the InvoiceService.
using DocumentService.Documents;
using Volo.Abp.DependencyInjection;
using Volo.Abp.EventBus.Distributed;
using Volo.Abp.Uow;
namespace InvoiceService;
public class InvoiceAttestedAckEventHandler : IDistributedEventHandler<InvoiceAttestedAckEto>, ITransientDependency
{
protected InvoiceManager _invoiceManager;
protected IInvoiceRepository _invoiceRepository;
protected IDocumentsAppService _documentsAppService;
public InvoiceAttestedAckEventHandler(
InvoiceManager invoiceManager,
IInvoiceRepository invoiceRepository,
IDocumentsAppService documentsAppService
)
{
_invoiceManager = invoiceManager;
_invoiceRepository = invoiceRepository;
_documentsAppService = documentsAppService;
}
/// <summary>
/// As soon as an event arrives, a PDF invoice is generated and this invoice is uploaded to the DocumentService.
/// </summary>
/// <param name="eventData"></param>
[UnitOfWork]
public async Task HandleEventAsync(InvoiceAttestedAckEto eventData)
{
var invoice = await _invoiceManager.SetAttestedAckAsync(eventData.InvoiceId, eventData.CorrelationId);
byte[] pdfArray = await _invoiceManager.CreateInvoicePdf(eventData.InvoiceId, false);
// Upload to document service
await _documentsAppService.UploadAsync(new DocumentUploadDto
{
FileContent = pdfArray,
Filename = invoice.SequenceNumber + ".pdf"
});
// Create document in document service
var documentCreateDto = new DocumentCreateDto
{
Index = 0,
Description = invoice.Subject,
Collection = null
};
await _documentsAppService.CreateAsync(documentCreateDto);
}
}
I assume I might need to have client proxies as well?
Best regards
I dont have any DocumentService.HttpApi.Client project. Only DocumentService, and since we are using multiple repos (InvoiceService and DocumentService are separated in different Git repos), we would rather not include the DocuemntService code in the InvoiceSerivce repo.
Best regards,
But how do you handle different IP addresses, and what will it look like when deploying and running a real application on an iPhone/Android device?
Thanks! Once I added the redirect uri and in the openiddictseeder the problem with the X frame options was gone. So everything works very good now! Thank for good support!
Thanks,
I could just see 4 instances of app.UseAbpSecurityHeaders();, but in identity and administration it was already commented out (from the.ABP 9.2.3 generator).
However, I was commented public web and authserver, unfortunately with no success.
Looking in the logs for authserver and got this one:
"private_key_jwt",
"client_secret_basic"
],
"require_pushed_authorization_requests": false,
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"tls_client_certificate_bound_access_tokens": false,
"authorization_response_iss_parameter_supported": true
}.
[19:53:57 INF] Request finished HTTP/1.1 GET http://auth.staging.mydomain.com/.well-known/openid-configuration - 200 2942 application/json;charset=UTF-8 242.444ms
[19:53:57 INF] Request starting HTTP/1.1 GET http://auth.staging.mydomain.com/connect/authorize?client_id=Blazor&redirect_uri=https%3A%2F%2Flocalhost%3A44346%2Fauthentication%2Flogin-callback&response_type=code&scope=openid%20profile%20roles%20email%20phone%20AuthServer%20IdentityService%20AdministrationService%20CustomerService%20DocumentService%20TicketService%20InvoiceService%20SaasService%20AuditLoggingService%20GdprService%20ChatService&state=f324eee679f54369affac890a1d21fb2&code_challenge=0PcnlBsXiA2TI_vmnDrwGA-fAh35nP5irdgN_U2CnOY&code_challenge_method=S256&prompt=none&response_mode=query - null null
[19:53:57 WRN] Unknown proxy: [::ffff:10.244.1.23]:44548
[19:53:57 INF] The request URI matched a server endpoint: Authorization.
[19:53:57 INF] The authorization request was successfully extracted: {
"client_id": "Blazor",
"redirect_uri": "https://localhost:44346/authentication/login-callback",
"response_type": "code",
"scope": "openid profile roles email phone AuthServer IdentityService AdministrationService CustomerService DocumentService TicketService InvoiceService SaasService AuditLoggingService GdprService ChatService",
"state": "f324eee679f54369affac890a1d21fb2",
"code_challenge": "0PcnlBsXiA2TI_vmnDrwGA-fAh35nP5irdgN_U2CnOY",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}.
[19:53:57 INF] Client validation failed because 'https://localhost:44346/authentication/login-callback' was not a valid redirect_uri for Blazor.
[19:53:57 INF] The authorization request was rejected because the redirect_uri was invalid: 'https://localhost:44346/authentication/login-callback'.
Guess I have to append the redirectUris in services/identity/MyApplication.IdentityService/Data/OpenIddictDataSeeder.cs . But could that trigger the X-Frame-Options' to 'SAMEORIGIN'.?
Thanks for fast response :-)
I was disabling the security headers in the auth-server project.
However, I still get the same error in the browser console: Refused to display 'https://auth.staging.mydomain.com/Error?httpStatusCode=400' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
In which projects do I need disable the headers, I thought that auth-server is enough?
Thanks :-)
