Hello @hungvt,
It is related with your access token lifetime. Access Tokens used in frontend should have short life span and your application should be silently renewing it when required.
What is the point of using tokens instead of username/password if you'll keep it valid for 3 years, right?
Hello, There is an article about that could help: https://community.abp.io/articles/how-to-customize-the-login-page-for-mvc-razor-page-applications-9a40f3cd
Hello,
Page not found error is related with your azure settings. Meaning, Azure couldn't find related application to redirect to. Double check your ClientId and TenantId in appsettings.json are same with the ones on AzureAd.
Hello, I think you checked the article about it already and understand why it can't be done directly by design.
However you can act like it by overriding the default Login Page and add a trigger method to javascript on window load to trigger that Azure Ad OpenId button whenever the page loading is done. Or Customize default Login Page and override login method to redirect to external signin.
Hello @gvnuysal,
Can you double check the Azure steps about registering the application? Selecting ID tokens, adding certificate and the azure client/tenant ids?
Also when you are switching between apps/azure etc; make sure clearing the browser storage (cookies). It may be related with it.
@vishalnikam,
Hello, can you share related logs about identityserver? What is the exact problem do you come across?
Hello @fish,
Can you be more specific about making AuthServer highly available?
Hello Mike,
Roles, permissions, operations; generally whole authorization aspect varies according to the context it is used and in the business rules it is dealth with. In some application you can see users logging to that system with different roles they have (mostly in legacy RBAC systems); in some other systems they login with same account and authorization is handled by operations, permissions, claims etc.
If I understand your idea correctly, you want to distinguish user roles and organization roles. So that organization unit roles can be extended from user roles. However this will only complicate the authorization even more.
How about moving the "Restricted Access" logic to claims and build around it? May I suggest you to check out role claims if it can suit your purpose?
Hello @nhontran,
the login option is shown in Identity Server B login page:
Can you check if you have returnUrl parameter on your address bar after navigated to Application A Login Page?
the page had navigated to the Identity Server A login page, I logged in successfully, however, it keeps navigate back to the Identity Server B login page, it should redirect me to application page or registration page if user is new.
User will already be registered with external provider, this is some different page for business rule i assume.
Either return url is not set or getting lost at the flow. Need more info to check it. But you can also modify the flow as you like with overriding the LoginPage of Application B like explained in this article.
For example, you can override this method below and check or manipulate to redirect to your dashboard whichever page you like.
public override Task<IActionResult> OnGetExternalLoginCallbackAsync(string returnUrl = "", string returnUrlHash = "", string remoteError = null) { return base.OnGetExternalLoginCallbackAsync(returnUrl, returnUrlHash, remoteError); }
Hello @vishalnikam,
It seems your application can not reach to IdentityServer4. Can you check your identityserver .well-known/openid-configuration that it is reachable and authority matches with your application configuration; especially both are running on https?
