1、 We have a Microservices management terminal, log in with the admin account, and there are sub modules on the home page. Click to enter the subsystem, and the sub module will log in to the authorization center for authorization, and the authorization is successful. As shown in the following figure:
2、 Switch the account to test2 on the management end, and then click on the homepage sub module. At this time, the authorization information of the sub module has not been updated, and it is still the last time I logged in to the admin account information, as shown in the following figure:
Hi Support Team We are using the ABP commercial infrastructure in our project. ABP Commercial version: v7.1 UI Type: Blazor DB Provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
We are deploying with BlazorServer, Module, Microservice architecture and currently facing several issues.
Issue 1: When we deploy the system with Microservice mode, the main site (MainUI) integrates basic business function modules like Identity UI, Admin UI from ABP commercial microservice. We add our bussiness module like Order UI, EShop UI into one solution, the system can work properly in production environment. But the customer change their request frequently, mainly in blazor UI part, each release we should restart the host service . it will impact other working service. Is there a better way to handle that?
Hi Support Team We are using the ABP commercial infrastructure in our project. ABP Commercial version: v7.1 UI Type: Blazor DB Provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
When we deploy with the main site (MainHost) and multiple sub-sites (Module Host), how should the system solve the problem of unified permission management? For example,when a user logs into the MainHost system and then accesses the Order Host sub-site in an SSO manner, the Order Host cannot get the user's permissions and menu .
Hi,
After authorized login, a new user was indeed created again
Now the subsystem wants to retrieve user permissions, roles, and other information directly from the authorization center
Rebuilding seems to violate single sign on
Is there any way
hi Why is the permission policy empty after authorized login?
"auth": {
"grantedPolicies": {}
},
"setting": {
"values": {
"Abp.Localization.DefaultLanguage": "en",
"Abp.Timing.TimeZone": "UTC",
"Abp.Identity.Password.RequiredLength": "6",
"Abp.Identity.Password.RequiredUniqueChars": "1",
"Abp.Identity.Password.RequireNonAlphanumeric": "True",
"Abp.Identity.Password.RequireLowercase": "True",
"Abp.Identity.Password.RequireUppercase": "True",
"Abp.Identity.Password.RequireDigit": "True",
"Abp.Identity.Lockout.AllowedForNewUsers": "True",
"Abp.Identity.Lockout.LockoutDuration": "300",
"Abp.Identity.Lockout.MaxFailedAccessAttempts": "5",
"Abp.Identity.SignIn.RequireConfirmedEmail": "False",
"Abp.Identity.SignIn.EnablePhoneNumberConfirmation": "True",
"Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "False",
"Abp.Identity.User.IsUserNameUpdateEnabled": "True",
"Abp.Identity.User.IsEmailUpdateEnabled": "True",
"Abp.Identity.OrganizationUnit.MaxUserMembershipCount": "2147483647",
"Abp.Identity.TwoFactor.Behaviour": "Optional",
"Abp.Identity.TwoFactor.UsersCanChange": "True",
"Abp.Account.EnableLdapLogin": "false",
"Abp.Identity.EnableOAuthLogin": "false",
"Abp.Identity.OAuthLogin.Authority": null,
"Abp.Identity.OAuthLogin.ClientId": null,
"Abp.Identity.OAuthLogin.ClientSecret": null,
"Abp.Identity.OAuthLogin.Scope": null,
"Abp.Identity.OAuthLogin.RequireHttpsMetadata": "false",
"Abp.Identity.OAuthLogin.ValidateEndpoints": "false",
"Abp.Identity.OAuthLogin.ValidateIssuerName": "false",
"Abp.Account.IsSelfRegistrationEnabled": "False",
"Abp.Account.EnableLocalLogin": "False",
"Abp.Account.TwoFactorLogin.IsRememberBrowserEnabled": "true",
"Abp.Account.Captcha.UseCaptchaOnLogin": "false",
"Abp.Account.Captcha.UseCaptchaOnRegistration": "false",
"Abp.Account.Captcha.VerifyBaseUrl": "https://www.google.com/",
"Abp.Account.Captcha.SiteKey": null,
"Abp.Account.Captcha.Version": "3",
"Abp.Account.Captcha.Score": "0.5",
"Abp.Account.ProfilePictureSource": "False",
"Volo.Abp.LeptonTheme.Layout.Boxed": "False",
"Volo.Abp.LeptonTheme.Layout.MenuPlacement": "Left",
"Volo.Abp.LeptonTheme.Layout.MenuStatus": "AlwaysOpened",
"Volo.Abp.LeptonTheme.Style": "Style6",
"Volo.Abp.LeptonTheme.Style.PublicLayout": "Style1"
}
},
"currentUser": {
"isAuthenticated": true,
"id": "0d08f47e-23b7-b89c-45bd-3a0ab4f41e11",
"tenantId": null,
"impersonatorUserId": null,
"impersonatorTenantId": null,
"impersonatorUserName": null,
"impersonatorTenantName": null,
"userName": "test@qq.com",
"name": "test",
"surName": "test",
"email": "test@qq.com",
"emailVerified": false,
"phoneNumber": null,
"phoneNumberVerified": false,
"roles": []
},
hi
My email: 276389409@qq.com, thank you
hi Can you send me your demo? I'll compare it
Hi, Following your instructions, the same error occurred. The page that was redirected back is/Account/Register http://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc
the configuration as follow:
.AddAbpOpenIdConnect("oidc", options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("roles");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("AccountService");
options.Scope.Add("IdentityService");
options.Scope.Add("AdministrationService");
options.Scope.Add("SaasService");
//options.Scope.Add("ProductService");
//options.Scope.Add("ElsaService");
var tokenValidated = options.Events.OnTokenValidated;
options.Events.OnTokenValidated = validatedContext =>
{
tokenValidated.Invoke(validatedContext);
validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
return Task.CompletedTask;
};
});
.AddOpenIdConnect(Azure...,options => { var tokenValidated = options.Events.OnTokenValidated; options.Events.OnTokenValidated = validatedContext => { tokenValidated.Invoke(validatedContext); validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email)); return Task.CompletedTask; }; })
Hi Why is external authorization login? The page will be called back to the registration page, not the login page of the authorization center
Modified local configuration appsettings.json
"Settings": { "Abp.Account.IsSelfRegistrationEnabled": false, "Abp.Account.EnableLocalLogin": false }
Click the login button to adjust to the authorization center page
http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http://172.16.10.53:44338/signin-oidc&response_type=code id_token&scope=openid profile roles email phone AccountService IdentityService AdministrationService SaasService&response_mode=form_post&nonce=638175511421012693.MjllNTM0MjItM2I4OC00YTQxLTkxMjYtZjA3OGJkMTZiYzVkMzMzMTJjZDAtZWI5YS00NWU1LTgwYzEtNDUyYzEzMzJjNDk5&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkUiAQ-qr26COAb3ZpYXfIqrhRENdHI3s0mNNF3oYFM42Fx-QSyj0E0E-3ksNYFFMna34WePuihsjAsn-CXAj4iuwH9sMHf6_QWZXtN5WRX8FYwUF3KYavo0ScSRcg9Za0MafqLM53zJbQndSBzbJd-MMNyIfGq1aRiy3mOPQ6XtdDeE1gvz1FFzlVO7k-sl0J2uI-hBaLBYE26eEy9KwjI6bFXjsM_Y7WhbcdAZRYCPMQ27hi1HBafp9EAZLiPFpiLnrUFxGe4lH2VKUTABD0ipzw_rdYEYlmNL61nYIUH_uCFaxj3aIZGQzoWIqCGPf9K6arD7oekcZaBPEqZQE8rFyMOo-Oe486hWjQx83cylEwldG-cE25zdx47SBct5Mg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0
And immediately adjust tohttp://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc