Activities of "cfd000"

I am now getting what I THINK are all of the correct cookies, but still no access.

When I go to the /swagger URL I am able to successfully retrieve data, so I know the problem is on the MVC side.

Is there any documentation that details what needs to be configured when deployed behind a load balancer?

I think the problem could be related to the cookies, but I haven't been able to figure out where to set the PATH so that all cookies are set to the root.

From the Http-API:

10/28/2021, 4:04:17 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:17 INF] Request starting HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json - 10/28/2021, 4:04:17 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:17 INF] Executing endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)' 10/28/2021, 4:04:17 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:17 INF] Route matched with {area = "auditLogging", controller = "AuditLogs", action = "GetList", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.AuditLogging.AuditLogDto]] GetListAsync(Volo.Abp.AuditLogging.GetAuditLogListDto) on controller Volo.Abp.AuditLogging.AuditLogsController (Volo.Abp.AuditLogging.HttpApi). 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Executing action method Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) - Validation state: Valid 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 PermissionRequirement: AuditLogging.AuditLogs 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 WRN] ---------- RemoteServiceErrorInfo ---------- 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 { 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 "code": "Volo.Authorization:010001", 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 "message": "Authorization failed! Given policy has not granted.", 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 "details": null, 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 "data": {}, 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 "validationErrors": null 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 } 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) in /src/ABP/framework/src/Volo.Abp.Authorization/Microsoft/AspNetCore/Authorization/AbpAuthorizationServiceExtensions.cs:line 142 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs:line 40 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 24 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AuthorizationInterceptor.cs:line 18 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.GlobalFeatures/Volo/Abp/GlobalFeatures/GlobalFeatureInterceptor.cs:line 26 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Features.FeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Features/Volo/Abp/Features/FeatureInterceptor.cs:line 28 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Validation/Volo/Abp/Validation/ValidationInterceptor.cs:line 20 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAbpMethodInvocationAdapterWithReturnValue.cs:line 25 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) in /src/ABP/framework/src/Volo.Abp.Uow/Volo/Abp/Uow/UnitOfWorkInterceptor.cs:line 47 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) in /src/ABP/framework/src/Volo.Abp.Castle.Core/Volo/Abp/Castle/DynamicProxy/CastleAsyncAbpInterceptorAdapter.cs:line 34 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Volo.Abp.AuditLogging.AuditLogsController.GetListAsync(GetAuditLogListDto input) in /src/ABP-Pro-Modules/audit-logging/src/Volo.Abp.AuditLogging.HttpApi/Volo/Abp/AuditLogging/AuditLogsController.cs:line 30 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at lambda_method2784(Closure , Object ) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 WRN] Code:Volo.Authorization:010001 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'. 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Executed action Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi) in 2063.4997ms 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Executed endpoint 'Volo.Abp.AuditLogging.AuditLogsController.GetListAsync (Volo.Abp.AuditLogging.HttpApi)' 10/28/2021, 4:04:19 PM http-api-797c979446-d4jhx 14ac9ad788e9ef14106fa1f88e1987eb34c5dfec6ca5386131d8c7ac060f0135 [20:04:19 INF] Request finished HTTP/1.1 GET http://somedomain.com/api/audit-logging/audit-logs?startTime=2021-10-21&endTime=&url=&userName=&applicationName=&correlationId=&httpMethod=&httpStatusCode=&maxExecutionDuration=&minExecutionDuration=&hasException=&sorting=executionTime%20desc&skipCount=0&maxResultCount=10 application/json - - 401 - application/json;+charset=utf-8 2066.8335ms

From the MVC Web pod:

10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] Received HTTP response headers after 998.7507ms - 200 10/28/2021, 4:03:07 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:07 INF] End processing HTTP request after 998.8642ms - 200 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:08 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:08 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: SettingManagement.Emailing 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpAccount.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: AbpIdentity.SettingManagement 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:09 INF] Authorization failed. These requirements were not met: 10/28/2021, 4:03:09 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 PermissionRequirement: LeptonThemeManagement.Settings 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4323.8182ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4345.5647ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed page /Index in 4160.1205ms 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Executed endpoint '/Index' 10/28/2021, 4:03:10 PM web-mvc-74cd795647-vtvfv a501ad9903ebcf015f869a39f5c3a8a24237c9db0b9f3c3296b4dd791674d8f7 [20:03:10 INF] Request finished HTTP/1.1 GET http://localhost/ - - - 200 - text/html;+charset=utf-8 4171.5145ms

• ABP Framework version: v4.4.3
• UI type: MVC
• DB provider: EF Core (PostgreSQL)
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

We have a tiered application which is setup as 4 web endpoints: HttpApi, Identity, Web(MVC), and Web(Public). All works correctly in Visual Studio when running under IIS.

We have deployed this application to Azure Kubernetes (AKS), and are running behind a reverse proxy (Azure Application Gateway), which is doing SSL offload and routing.

In order to route appropriately, the MVC Web app was set to a BasePath of /MVC, and Identity was set to a BasePath of /IdentityServer (HttpApi calls are routed by configuring /api and /swagger)

Each project has ForwardedHeaders configured in their respective module under OnApplicationInitialization, and Cookie.Path is set to "/" in ConfigureServices of the module.

Login works, and Identity pages are accessible, but pages that require a background API call fail with "Authorization failed! Given policy has not granted.". I can go to the /swagger page and I am able to authenticate and successfully return results from these same API calls.

We would prefer not to go to a full microservice setup, what else needs to be configured for the tiered application to work when containerized? Could this be related to the cookie paths that are set to /IdentityServer and /MVC - how do I fix those?

It turns out that the problem was that it is necessary to put the ForwardedHeadersOptions code into EACH PROJECT, simply adding it to IdentityServer is not enough. In hindisght this makes sense, as the MVC project is what generates the headers with the redirect URL in them.

UPDATE

I was able to get Idenity Server working better by modifying the Startup.cs: public void Configure(IApplicationBuilder app) { app.UseStaticFiles("/IdentityServer"); app.UsePathBase("/IdentityServer"); app.InitializeApplication(); }

and modifying the ...Module.cs to include (ABOVE the app.UseIdentityServer(); line!):

            var forwardOptions = new ForwardedHeadersOptions
            {
                ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor | Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto,
                RequireHeaderSymmetry = false
            };

            forwardOptions.KnownNetworks.Clear();
            forwardOptions.KnownProxies.Clear();

            // ref: https://github.com/aspnet/Docs/issues/2384
            app.UseForwardedHeaders(forwardOptions);

This allows the LOGIN button to redirect to the Identity login page. Now if I go directly to the /IdentityServer/ URL (which redirects me to /IdentityServer/Account/Login), I can login successfully. The problem is:

If I go to the MVC Index page and click the Login button the Request URL header has this:

https://url.com/IdentityServer/connect/authorize?client_id=ABPWeb_Web&redirect_uri=http://url.com/signin-oidc&response_type=code id_token&scope=openid

When this happens, the /IdentityServer/Account/Login page redirects to a 500 error page with a message "Invalid redirect_uri"

Where does the redirect_uri come from? I am running HTTPS up to the load balancer, and HTTP behind it.

To clarify, do you want to deploy all your applications (Http.Api.Host, Web and IdentityServer) to same domain with sub folders? Web is running on: mydomain Http.Api.Host on: mydomain.com/api IdentityServer on: mydomain.com/account

If so, you will need to write Rewrite rule in load balancer (nginx i suppose) to redirect to /account

You can check deployment configurations docs. Also official identityserver4 deployment docs.

If you have already deployed identityserver, you can also share its link.

Correct. I have the rules configured and working, but the interactions aren't correct.

For RemoteServices__Default__BaseUrl I am using the internal name of the HTTP-API service. For AuthServer__Authority I cannot use the internal name because the redirect to the login page does not work externally. When I put the FQDN of the Identity-Server (with /Account at the end), and click the Login button, I am redirected to my url.com/?handler=Login which does not load.

1. Should the Identity server external URL be configured for AuthServer__Authority?
2. How do I get the Login button to redirect to url.com/Account/Login (or, is there another way to get that redirection to work properly behind the load balancer?)

• ABP Framework version: v4.4.3
• UI type: MVC / Blazor
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

When deploying a tiered application in containers behind an application gateway, what is the recommended configuration? The main web interface and API Host seem to work fine by configuring the "/" path to reoute to the "Web" and "/swagger" and "/api" to route to the HTTPAPI server, but routing "/Account" to the identity server causes problems (such as resources not being found).

• Should it be configured similar to a virtual directory, where all URLs have a specific path (something like "/Identity/Account/Login" instead of the current behavior of just "/Account/Login")?
• • If so, how do I configure JUST the IdentityServer project to expect a path beyond the base URL (trying to put http://localhost/Identity" in the appsettings.json seems to ignore the "/Identity" part)
• Is there a different way to make the 3 separate containers work properly? We do not want to go to the full microservice template if possible.

The best practice is creating your folder structure same as ABP is,

• YourCompany's Project folder
• • abp contains abp github repository
• • abp-pro contains abp-pro modules
• • • naming the pro modules with same as abp (attached img) When using --local-framework-ref --abp-path target --abp-path to abp
      After this you need just few minutes of manual working Replace all \abp\abp\ with \abp-pro\

Thanks for the suggestions. I was able to come up with a script that got it all working (prior to seeing your posts). My folder structure put "abp" in the same directory as the pro modules (basically those folders all all moved up 1 level from where you put them), and I was able to replace SuiteTemplate with a reference in the same way as "Commercial.Core".

Any idea if that matters? Everything seems to be compiling, the only problem I have now is the CLI project creation with local references creates a project that will also need some references "fixed".