Activities of "gabriel.pedroso"

I figured it out by checking other tickets with this validation issue. I've added this code to the services, adding the auth server on the list of valid issuers:

    context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddAbpJwtBearer(options =>
        {
            //...
            
            // IDX10204: Unable to validate issuer on K8s if not set
            options.TokenValidationParameters = new TokenValidationParameters()
            {
                ValidIssuers = new[] { configuration["AuthServer:Authority"].EnsureEndsWith('/') },
                // IDX10500: Signature validation failed. No security keys were provided to validate the signature on K8s
                SignatureValidator = delegate (string token, TokenValidationParameters parameters)
                {
                    var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token);
                    return jwt;
                }
            }; 
        }

All logs sent to https://we.tl/t-S8wM5riUdV

I'm preparing the logs here, but I think we found the issue:

2024-10-24 11:04:03.410 +00:00 [INF] Request origin https://klir-sandbox-microservices-angular.klir.com does not have permission to access the resource. 2024-10-24 11:04:03.442 +00:00 [INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable1 notBefore, Nullable1 expires, IEnumerable1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) 2024-10-24 11:04:03.442 +00:00 [INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

Do you know how to solve this? After checking this configuration, it seems the issuer is matching.

Ok, debug logs shared on: https://we.tl/t-w2UsMedJ7E

[08:46:05 INF] Loaded ABP modules: [08:46:05 INF] - KlirMicroservices.WebGateway.KlirMicroservicesWebGatewayModule [08:46:05 INF] - Volo.Abp.Autofac.AbpAutofacModule [08:46:05 INF] - Volo.Abp.Castle.AbpCastleCoreModule [08:46:05 INF] - Volo.Abp.AspNetCore.Serilog.AbpAspNetCoreSerilogModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyModule [08:46:05 INF] - Volo.Abp.Data.AbpDataModule [08:46:05 INF] - Volo.Abp.ObjectExtending.AbpObjectExtendingModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationAbstractionsModule [08:46:05 INF] - Volo.Abp.Uow.AbpUnitOfWorkModule [08:46:05 INF] - Volo.Abp.EventBus.Abstractions.AbpEventBusAbstractionsModule [08:46:05 INF] - Volo.Abp.Security.AbpSecurityModule [08:46:05 INF] - Volo.Abp.Settings.AbpSettingsModule [08:46:05 INF] - Volo.Abp.MultiTenancy.AbpMultiTenancyAbstractionsModule [08:46:05 INF] - Volo.Abp.VirtualFileSystem.AbpVirtualFileSystemModule [08:46:05 INF] - Volo.Abp.Localization.AbpLocalizationModule [08:46:05 INF] - Volo.Abp.Threading.AbpThreadingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonModule [08:46:05 INF] - Volo.Abp.Json.SystemTextJson.AbpJsonSystemTextJsonModule [08:46:05 INF] - Volo.Abp.Json.AbpJsonAbstractionsModule [08:46:05 INF] - Volo.Abp.Timing.AbpTimingModule [08:46:05 INF] - Volo.Abp.Auditing.AbpAuditingContractsModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpModule [08:46:05 INF] - Volo.Abp.Http.AbpHttpAbstractionsModule [08:46:05 INF] - Volo.Abp.Minify.AbpMinifyModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationModule [08:46:05 INF] - Volo.Abp.Authorization.AbpAuthorizationAbstractionsModule [08:46:05 INF] - Volo.Abp.Validation.AbpValidationModule [08:46:05 INF] - Volo.Abp.ExceptionHandling.AbpExceptionHandlingModule [08:46:05 INF] - Volo.Abp.AspNetCore.AbpAspNetCoreAbstractionsModule [08:46:05 INF] - Volo.Abp.Swashbuckle.AbpSwashbuckleModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcModule [08:46:05 INF] - Volo.Abp.ApiVersioning.AbpApiVersioningAbstractionsModule [08:46:05 INF] - Volo.Abp.AspNetCore.Mvc.AbpAspNetCoreMvcContractsModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationContractsModule [08:46:05 INF] - Volo.Abp.UI.Navigation.AbpUiNavigationModule [08:46:05 INF] - Volo.Abp.UI.AbpUiModule [08:46:05 INF] - Volo.Abp.GlobalFeatures.AbpGlobalFeaturesModule [08:46:05 INF] - Volo.Abp.Application.AbpDddApplicationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainModule [08:46:05 INF] - Volo.Abp.EventBus.AbpEventBusModule [08:46:05 INF] - Volo.Abp.Guids.AbpGuidsModule [08:46:05 INF] - Volo.Abp.BackgroundWorkers.AbpBackgroundWorkersModule [08:46:05 INF] - Volo.Abp.DistributedLocking.AbpDistributedLockingAbstractionsModule [08:46:05 INF] - Volo.Abp.ObjectMapping.AbpObjectMappingModule [08:46:05 INF] - Volo.Abp.Specifications.AbpSpecificationsModule [08:46:05 INF] - Volo.Abp.Caching.AbpCachingModule [08:46:05 INF] - Volo.Abp.Serialization.AbpSerializationModule [08:46:05 INF] - Volo.Abp.Domain.AbpDddDomainSharedModule [08:46:05 INF] - Volo.Abp.Features.AbpFeaturesModule [08:46:05 INF] - Volo.Abp.AspNetCore.MultiTenancy.AbpAspNetCoreMultiTenancyModule [08:46:05 INF] - Volo.Abp.Studio.Client.AspNetCore.AbpStudioClientAspNetCoreModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientModule [08:46:05 INF] - Volo.Abp.Studio.AbpStudioClientContractsModule [08:46:05 INF] Loading proxy data from config. [08:46:05 WRN] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning [08:46:05 INF] User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest. [08:46:05 INF] Initialized all ABP modules. [08:46:05 INF] Creating key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} with creation date 2024-10-23 08:46:05Z, activation date 2024-10-23 08:46:05Z, and expiration date 2025-01-21 08:46:05Z. [08:46:05 WRN] No XML encryptor configured. Key {a931d469-b9f2-44a4-8cf5-7f1b7f11f514} may be persisted to storage in unencrypted form. [08:46:05 INF] Writing data to file '/root/.aspnet/DataProtection-Keys/key-a931d469-b9f2-44a4-8cf5-7f1b7f11f514.xml'. [08:46:05 WRN] Overriding HTTP_PORTS '8080' and HTTPS_PORTS ''. Binding to values defined by URLS instead 'http://+:80'. [08:46:05 INF] Now listening on: http://[::]:80 [08:46:05 INF] Application started. Press Ctrl+C to shut down. [08:46:05 INF] Hosting environment: Staging [08:46:05 INF] Content root path: /app [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 54.6774ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:48:53 INF] Received HTTP/1.1 response 200. [08:48:53 INF] Executed endpoint 'AbpApi' [08:48:53 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 299.8215ms [08:48:53 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.793ms [08:48:53 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:48:53 INF] CORS policy execution successful. [08:48:53 INF] Executing endpoint 'AbpApi' [08:48:53 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:48:54 INF] Received HTTP/1.1 response 200. [08:48:54 INF] Executed endpoint 'AbpApi' [08:48:54 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 187.8107ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 204 null null 1.2681ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-configuration?includeLocalizationResources=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 157.7581ms [08:49:10 INF] Request starting HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Request finished HTTP/1.1 OPTIONS http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 204 null null 0.8468ms [08:49:10 INF] Request starting HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null [08:49:10 INF] CORS policy execution successful. [08:49:10 INF] Executing endpoint 'AbpApi' [08:49:10 INF] Proxying to http://klir-sandbox-microservices-administration/api/abp/application-localization?cultureName=en&onlyDynamics=false HTTP/2 RequestVersionOrLower no-streaming [08:49:10 INF] Received HTTP/1.1 response 200. [08:49:10 INF] Executed endpoint 'AbpApi' [08:49:10 INF] Request finished HTTP/1.1 GET http://klir-sandbox-microservices-webgateway.klir.com/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 40.9671ms

Hello,

I've sent the logs to your e-mail. Thanks

Hi, yes, you can use the same URL from the logs: https://klir-sandbox-microservices-angular.klir.com/

  • Template: microservice
  • Created ABP Studio Version: 0.8.2
  • UI Framework: angular
  • Theme: leptonx
  • Theme Style: system
  • Database Provider: ef
  • Database Management System: sqlserver
  • Mobile Framework: none
  • Public Website: No
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: There are no exceptions. The cookie is just not being saved, and because of that, we can't log in to the application. The solution works fine locally; it just doesn't work when deployed to the Kubernetes environment.
  • Steps to reproduce the issue:
  • Go to the Angular application, ex: https://angular.yourwebsite.com
  • Click on the logging button
  • You will be redirected to https://auth.yourwebsite.com
  • Input a valid user and password and click on the Login button
  • You should be authenticated and redirected to the https://angular.yourwebsite.com URL
  • Then in here, ideally you should be authenticated and able to navigate to the authenticated pages, but it's not
  • Checking the cookies on the locally run application, I can see that the .AspNetCore.Identity.Application cookie is being saved, but I can't see that on the published website at https://angular.yourwebsite.com, even though it's saving the cookie on https://auth.yourwebsite.com so if you click on the Log in button again it will detect that you are authenticated and redirect you back
Showing 1 to 8 of 8 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09