Hi,
Already sent the log file. Pls check.
You only need the log of AuthServer, right?
Hi,
Tks for your suggestion, It fixes my issue. conn.SearchAsync
is very slow.
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OpenLdapManager), typeof(ILdapManager), typeof(LdapManager), typeof(MZHOpenLdapManager))]
public class MZHOpenLdapManager : OpenLdapManager
{
public MZHOpenLdapManager(ILdapSettingProvider ldapSettingProvider) : base(ldapSettingProvider)
{
}
public override async Task<bool> AuthenticateAsync(string username, string password)
{
using (var conn = await CreateLdapConnectionAsync())
{
try
{
Logger.LogInformation("Login with admin account.");
await AuthenticateLdapConnectionAsync(conn, await NormalizeUserNameAsync(await LdapSettingProvider.GetUserNameAsync()), await LdapSettingProvider.GetPasswordAsync());
Logger.LogInformation("Search username");
//conn.SetOption(LdapForNet.Native.Native.LdapOption.LDAP_OPT_REFERRALS, "ignore");
SearchRequest request = new SearchRequest(await GetBaseDnAsync(), await GetUserFilterAsync(username), LdapForNet.Native.Native.LdapSearchScope.LDAP_SCOPE_SUBTREE);
request.SizeLimit = 1;
SearchOptionsControl SuppressReferrals = new SearchOptionsControl(SearchOption.DomainScope);
request.Controls.Add(SuppressReferrals);
//var searchResults = await conn.SearchAsync(await GetBaseDnAsync(), await GetUserFilterAsync(username));
SearchResponse response = conn.SendRequest(request) as SearchResponse;
Logger.LogInformation("Get first item searched");
var userEntry = response.Entries.First();
Logger.LogInformation("Login with username");
await AuthenticateLdapConnectionAsync(conn, userEntry.Dn, password);
Logger.LogInformation("Login LDAP done");
return true;
}
catch (Exception e)
{
Logger.LogException(e);
}
return false;
}
}
protected override async Task<string> NormalizeUserNameAsync(string userName)
{
return $"cn={userName},{await LdapSettingProvider.GetBaseDcAsync()}";
}
protected override Task<string> GetUserFilterAsync(string userName)
{
return Task.FromResult($"(&(objectClass=user)(sAMAccountName={userName}))");
}
protected override Task<string> GetBaseDnAsync()
{
return LdapSettingProvider.GetDomainAsync();
}
protected override Task<string> GetUserEmailAsync(LdapEntry ldapEntry)
{
Logger.LogInformation("Try to get email infor - start");
string email = ldapEntry.ToDirectoryEntry().GetAttribute("mail")?.GetValue<string>();
if (string.IsNullOrWhiteSpace(email))
email = ldapEntry.ToDirectoryEntry().GetAttribute("userPrincipalName")?.GetValue<string>();
Logger.LogInformation("Try to get email infor - end");
return Task.FromResult(email);
}
Login with LDAP successfully, but very slowly. I check logs see below:
In the red area, it takes 10 second after LDAP login done and continue get email infor. Could you pls show me what Abp was doing during that time?
But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.
I already applied this one for Web project, and I've just applied for AuthServer project, but still get the error:
public override void ConfigureServices(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
if (!Convert.ToBoolean(configuration["App:DisablePII"]))
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
}
if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))//false in appsettings.json
{
Configure<OpenIddictServerAspNetCoreOptions>(options =>
{
options.DisableTransportSecurityRequirement = true;// Already had from old version
});
}
context.Services.AddSameSiteCookiePolicy(); // just added this line
...
}
And as I said above, everything's still OK before upgrading
No, I am using OpenIdDict, but I already applied that solution and it worked fine before upgrading
Hi,
Changing to https
is taking time, is there any way to use http
. Everything's still OK before upgrading.