Activities of "duyan11110"

• ABP Framework version: v7.3.0

• UI Type: MVC

• Database System: EF Core (SQL Server)

• Tiered (for MVC) or Auth Server Separated (for Angular): yes

• Exception message and full stack trace:

• Steps to reproduce the issue: I tried to increase HttpClient timeout but failed. The long running task is in ReportModule which is used in AMLReportService, so I tried to increase HttpClient like this:

  AMLReportServiceHttpApiClientModule

  ReportHttpApiClientModule

  MHIBSWebGatewayModule

  MHIBSWebModule

Error logs: In Gateway: In Web:

Hi,

Already sent the log file. Pls check.

You only need the log of AuthServer, right?

Hi,

Added as your suggestion, but the debug logs are all about OpenIddict logs

I don't know why it takes about 6s to redirect to the home page?

Hi,

I have one more question.

As you can see in the red are, after login with LDAP successfully (very fast now), which actions happened during that time (6 seconds), and how can I improve it?

Hi,

Tks for your suggestion, It fixes my issue. conn.SearchAsync is very slow.

• ABP Framework version: v7.3.0
• UI Type: MVC
• Database System: EF Core (SQL Server)
• Tiered (for MVC) or Auth Server Separated (for Angular): yes
• Exception message and full stack trace:
• Steps to reproduce the issue: I already customize LDAPManager like this:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OpenLdapManager), typeof(ILdapManager), typeof(LdapManager), typeof(MZHOpenLdapManager))]
public class MZHOpenLdapManager : OpenLdapManager
{
    public MZHOpenLdapManager(ILdapSettingProvider ldapSettingProvider) : base(ldapSettingProvider)
    {
    }

    public override async Task<bool> AuthenticateAsync(string username, string password)
    {
        using (var conn = await CreateLdapConnectionAsync())
        {                
            try
            {
                Logger.LogInformation("Login with admin account.");
                await AuthenticateLdapConnectionAsync(conn, await NormalizeUserNameAsync(await LdapSettingProvider.GetUserNameAsync()), await LdapSettingProvider.GetPasswordAsync());
                Logger.LogInformation("Search username");
                //conn.SetOption(LdapForNet.Native.Native.LdapOption.LDAP_OPT_REFERRALS, "ignore");
                SearchRequest request = new SearchRequest(await GetBaseDnAsync(), await GetUserFilterAsync(username), LdapForNet.Native.Native.LdapSearchScope.LDAP_SCOPE_SUBTREE);
                request.SizeLimit = 1;
                SearchOptionsControl SuppressReferrals = new SearchOptionsControl(SearchOption.DomainScope);
                request.Controls.Add(SuppressReferrals);
                //var searchResults = await conn.SearchAsync(await GetBaseDnAsync(), await GetUserFilterAsync(username));
                SearchResponse response = conn.SendRequest(request) as SearchResponse;
                Logger.LogInformation("Get first item searched");
                var userEntry = response.Entries.First();
                Logger.LogInformation("Login with username");
                await AuthenticateLdapConnectionAsync(conn, userEntry.Dn, password);
                Logger.LogInformation("Login LDAP done");
                return true;
            }
            catch (Exception e)
            {
                Logger.LogException(e);
            }

            return false;
        }
    }

    protected override async Task<string> NormalizeUserNameAsync(string userName)
    {
        return $"cn={userName},{await LdapSettingProvider.GetBaseDcAsync()}";
    }

    protected override Task<string> GetUserFilterAsync(string userName)
    {
        return Task.FromResult($"(&(objectClass=user)(sAMAccountName={userName}))");
    }

    protected override Task<string> GetBaseDnAsync()
    {
        return LdapSettingProvider.GetDomainAsync();
    }

    protected override Task<string> GetUserEmailAsync(LdapEntry ldapEntry)
    {
        Logger.LogInformation("Try to get email infor - start");
        string email = ldapEntry.ToDirectoryEntry().GetAttribute("mail")?.GetValue<string>();            
        if (string.IsNullOrWhiteSpace(email))
            email = ldapEntry.ToDirectoryEntry().GetAttribute("userPrincipalName")?.GetValue<string>();
        Logger.LogInformation("Try to get email infor - end");
        return Task.FromResult(email);
    }

Login with LDAP successfully, but very slowly. I check logs see below:

In the red area, it takes 10 second after LDAP login done and continue get email infor. Could you pls show me what Abp was doing during that time?

• ABP Framework version: v8.0.0
• UI Type: MVC
• Database System: EF Core (SQL Server)
• Tiered (for MVC) or Auth Server Separated (for Angular): yes
• Exception message and full stack trace:
• Steps to reproduce the issue: How to fix this error? Thank you.

But if you want to keep using http, you should apply AddSameSiteCookiePolicy to all your websites.

I already applied this one for Web project, and I've just applied for AuthServer project, but still get the error:

public override void ConfigureServices(ServiceConfigurationContext context)
{
    var hostingEnvironment = context.Services.GetHostingEnvironment();
    var configuration = context.Services.GetConfiguration();

    if (!Convert.ToBoolean(configuration["App:DisablePII"]))
    {
        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
    }
    
    if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))//false in appsettings.json
    {
        Configure<OpenIddictServerAspNetCoreOptions>(options =>
        {
            options.DisableTransportSecurityRequirement = true;// Already had from old version
        }); 
    }

    context.Services.AddSameSiteCookiePolicy(); // just added this line
    ...
  }

And as I said above, everything's still OK before upgrading

No, I am using OpenIdDict, but I already applied that solution and it worked fine before upgrading