Activities of "gterdem"

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

The client secret you provided is wrong.

I dont think so, because it is getting autenticated in the next attept. If CLient Secret is the proble how come it can be authenticated from next time. If you I can share the screen and show u.

Is the issue solved? IdentityServer doesn't throw random errors.

The logs below indicates that EmployeeManagement_Swagger client secret is wrong (probably doesn't exist).

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

Navigate to appsettings of your api gateway and check the IdentityServer section. There should be IdentityModel configuration like: <br>

"AuthServer": {
  "Authority": "https://localhost:44322",
  "RequireHttpsMetadata": "true",
  "SwaggerClientId": "EmployeeManagement_Swagger",
  "SwaggerClientSecret": "1q2w3e*"
},

This is the configuration of AddAbpSwaggerGenWithOAuth.

Please, share your appsettings identityserver configuration and swaggerAuth configuration located in module if the problem still persists.

2021-04-06 10:13:40.048 +00:00 [INF] {"ClientId":"EmployeeManagement_Swagger","Category":"Authentication","Name":"Client Authentication Failure","EventType":"Failure","Id":1011,"Message":"Invalid client secret","ActivityId":"8000000b-0003-ff00-b63f-84710c7967bb","TimeStamp":"2021-04-06T10:13:40.0000000Z","ProcessId":12824,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"ClientAuthenticationFailureEvent"} 2021-04-06 10:13:40.048 +00:00 [ERR] Client secret validation failed for client: EmployeeManagement_Swagger.

The client secret you provided is wrong.

do you want to use an entity from another microservice as a navigation property?

Yes, We would like to have the enity from another microservice/Standard modules like Locations as a navigation property. We are not not able to find a way to use that.

This is against the very nature of microservice architecture. Each microservice has its own data store (database). You can not expect efcore magically map a related entity to an other entity hosted in a different microservice using MongoDB. And you shouldn't. Even if you use the same db, you need to reference to Id only and map it yourself in repository layer. I would suggest reconsidering adding navigation property in your aggragate roots.

Sample:

If you have 1-1 relations between Order and OrderInfo, you need to create a repository method with implementation something like: <br>

var query = from orderInfo in await GetDbSetAsync()
    join order in (await GetDbContextAsync()).Set<Order>() on orderInfo.Id equals order.orderInfoId into
        orderWithInfo    from order in orderWithInfo.DefaultIfEmpty()
    select new
    {
        OrderInfo = orderInfo,
        Order = order
    };

Also, please refer to Domain Driven Implementation Guide for more information. It is a greate guide to learn and improve knowledge about DDD.

Also we would like to extend the User Module with additional/extra properties. This is working fine with Monolethic but not able to find a way to do this with MicroService template.

You need to update Identity.Service. Configure it at ModuleExtensionConfigurator under IdentityService.Domain.Shared project.

Your back-office application must reference to:

• MyMicroservice.Web (Referencing to MyMicroservice.HttpApi <- Application.Contracts)
• MyMicroservice.HttpApi.Client (Referencing to Application.Contracts)

You may have forgotton to add DependsOn in your application module like: Depends_On( typeof(MyMicroserviceWebModule), typeof(MyMicroserviceHttpApiClientModule), ... )

Since you have created CustomTenantResolver, you need to add it as tenant resolver also.

In your Web Module:

Configure<AbpTenantResolveOptions>(options =>
{
    options.TenantResolvers.Add(new MyCustomTenantResolveContributor());
});

You can also check custom tenant resolvers docs for more information.

To clarify:

1. In tenant1.mydomain.com hit login
2. Redirected to authserver.mydomain.com (identityserver), enter credentials for admin user and hit login
3. Successfuly signed in and I am now redirected back to tenant1.mydomain.com.
4. But logged in user is not tenant admin but the host admin?

But tenant is not getting changed , We are still logged in as admin.

I assume Host admin, not tenant admin.

It might be related with cookies and application cache. Does it the same behaviour when you cleared the cookies and browser cache or in incognito mode?

I have the following DB Setup

• 1 DB for all ABP commercial modules
• 1 DB for additional customisrd ABP modules

What do you mean by different db for commercial modules? Identity, Account, IdentityServer are commercial modules, how and why would you like to separate them?

If you want to enable/disable a pro module (like File Management) for a tenant please check this answer.

With version 4.3, we will have optional EntityFrameworkCore.SeparateDbMigrations project which will allow separate Migration DbContext's for tenants. With this, you can determine if an entity belongs to Host or Tenant or Both.

app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net, http://app-iwellportalapi-test.azurewebsites.net, https://app-iwellportalfe-test.azurewebsites.net"

Try adding the cors without empty space like: app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net,http://app-iwellportalapi-test.azurewebsites.net,https://app-iwellportalfe-test.azurewebsites.net"

Verify that you have allowed correct and trimmed values in IdentityServerClientCorsOrigins table.

We have tried to login as tenant, login is successfully done however we got an error of Invalid_scope.

This shows login happened for tenant6 admin user. Do you mean this doesn't work anymore either?

@MarekH

Can you give more information about the issue?

At which point do you get invalid_scope error?