As an example: When publishing our solution in Docker containers we had to establish routable URLs for the reverse proxy. This meant that https://www.somedomain.com/swagger and https://www.somedomain.com/api were routed to the Http-API container, https://www.somedomain.com/MVC was routed to the Web container, https://www.somedomain.com/Account , https://www.somedomain.com/connect , and https://www.somedomain.com/.well-known are routed to the Identity container, and everything else goes to Web.Public. The login process was working, but any pages requiring authorization would fail. The "Audit Logs" page, for example, would get an error on the call to https://www.somedomain.com/api/audit-logging/audit-logs?startTime=2021-11-02&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 even though we could execute the same URL from the Swagger page without an error. Once I realized that I could not just copy/paste the "Request URL" from the Headers (when viewing the Developer Tools in the browser), I tried adding the additional /MVC/ in the path and it worked. Once I modified the abp.js file to set abp.appPath to include this as part of the base URL everything worked.
It appears that the problem was because the HTTP-API server cannot handle most of the API calls from the MVC client directly - when these calls were routed through the MVC client they all succeeded. It looks like the reason it worked from the Swagger interface is that the Swagger interface passed a JWT token which was not used on the MVC client. Once we determined that the API calls worked properly when the MVC subfolder/virtual directory was inserted, then it became obvious that the problem was due to "abp.appPath" not returning the correct base path.
Is there any documentation you can refer us to?
Containerized deployment is pretty common, and we really don't need the added complexity of going full microservices.
Is there someone who is familiar we can consult?
Is there an alternate way to configure the 4 containers behind a load balancer? The subfolders aren't mandatory if there is a different way to setup the routing rules (we need to know which requests go to Public, Web, API, and Identity).
I am now getting what I THINK are all of the correct cookies, but still no access.
When I go to the /swagger URL I am able to successfully retrieve data, so I know the problem is on the MVC side.
Is there any documentation that details what needs to be configured when deployed behind a load balancer?
I think the problem could be related to the cookies, but I haven't been able to figure out where to set the PATH so that all cookies are set to the root.
From the Http-API:
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Request starting HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json -
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Executing endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
10/28/2021, 4:04:17 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:17 INF] Route matched with {area = "auditLogging", controller = "AuditLogs", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.AuditLogging.AuditLogDto]] GetListAsync(Volo.Abp.AuditLogging.GetAuditLogListDto) on controller Volo.Abp.AuditLogging.AuditLogsController (Volo.Abp.AuditLogging.HttpApi).
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executing action method Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) - Validation state: Valid
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Authorization failed. These requirements were not met:
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
PermissionRequirement: AuditLogging.AuditLogs
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] ---------- RemoteServiceErrorInfo ----------
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
{
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"code": "Volo.Authorization:010001",
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"message": "Authorization failed! Given policy has not granted.",
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"details": null,
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"data": {},
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
"validationErrors": null
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
}
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) in /src/ABP/framework/src/Volo.Abp.Authorization/Microsoft/AspNetCore/Authorization/AbpAuthorizationServiceExtensions.cs:line 142
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs:line 40
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 24
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 18
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.GlobalFeatures/Volo/Abp/GlobalFeatures/GlobalFeatureInterceptor.cs:line 26 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Features.FeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Features/Volo/Abp/Features/FeatureInterceptor.cs:line 28
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Validation/Volo/Abp/Validation/ValidationInterceptor.cs:line 20 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Uow/Volo/Abp/Uow/UnitOfWorkInterceptor.cs:line 47
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Volo.Abp.AuditLogging.AuditLogsController.GetListAsync(GetAuditLogListDto input) in /src/ABP-Pro-Modules/audit-logging/src/Volo.Abp.AuditLogging.HttpApi/Volo/Abp/AuditLogging/AuditLogsController.cs:line 30
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at lambda_method2784(Closure , Object )
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 WRN] Code:Volo.Authorization:010001
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'.
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executed action Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) in 2063.4997ms
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Executed endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)'
10/28/2021, 4:04:19 PM
http-api-797c979446-d4jhx
14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135
[20:04:19 INF] Request finished HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json - - 401 - application/json;+charset=utf-8 2066.8335ms
From the MVC Web pod:
10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] Received HTTP response headers after 998.7507ms - 200 10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] End processing HTTP request after 998.8642ms - 200 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4323.8182ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4345.5647ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4160.1205ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4171.5145ms
It turns out that the problem was that it is necessary to put the ForwardedHeadersOptions code into EACH PROJECT, simply adding it to IdentityServer is not enough. In hindisght this makes sense, as the MVC project is what generates the headers with the redirect URL in them.
UPDATE
I was able to get Idenity Server working better by modifying the Startup.cs:
public void Configure(IApplicationBuilder app) { app.UseStaticFiles("/IdentityServer"); app.UsePathBase("/IdentityServer"); app.InitializeApplication(); }
and modifying the ...Module.cs to include (ABOVE the app.UseIdentityServer(); line!):
var forwardOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor | Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto,
RequireHeaderSymmetry = false
};
forwardOptions.KnownNetworks.Clear();
forwardOptions.KnownProxies.Clear();
// ref: https://github.com/aspnet/Docs/issues/2384
app.UseForwardedHeaders(forwardOptions);
This allows the LOGIN button to redirect to the Identity login page. Now if I go directly to the /IdentityServer/ URL (which redirects me to /IdentityServer/Account/Login), I can login successfully. The problem is:
If I go to the MVC Index page and click the Login button the Request URL header has this:
https://url.com/IdentityServer/connect/authorize?client_id=ABPWeb_Web&redirect_uri=http://url.com/signin-oidc&response_type=code id_token&scope=openid
When this happens, the /IdentityServer/Account/Login page redirects to a 500 error page with a message "Invalid redirect_uri"
Where does the redirect_uri come from? I am running HTTPS up to the load balancer, and HTTP behind it.