Activities of "guoanjin"
- ABP Framework version: v7.1.1& 7.2.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace: no
- Steps to reproduce the issue:"
1、 We have a Microservices management terminal, log in with the admin account, and there are sub modules on the home page. Click to enter the subsystem, and the sub module will log in to the authorization center for authorization, and the authorization is successful. As shown in the following figure:
2、 Switch the account to test2 on the management end, and then click on the homepage sub module. At this time, the authorization information of the sub module has not been updated, and it is still the last time I logged in to the admin account information, as shown in the following figure:
- ABP Framework version: v7.2.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes / no
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi Support Team We are using the ABP commercial infrastructure in our project. ABP Commercial version: v7.1 UI Type: Blazor DB Provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
We are deploying with BlazorServer, Module, Microservice architecture and currently facing several issues.
Issue 1: When we deploy the system with Microservice mode, the main site (MainUI) integrates basic business function modules like Identity UI, Admin UI from ABP commercial microservice. We add our bussiness module like Order UI, EShop UI into one solution, the system can work properly in production environment.
But the customer change their request frequently, mainly in blazor UI part, each release we should restart the host service . it will impact other working service.
Is there a better way to handle that?
- ABP Framework version: v7.2.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes / no
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi Support Team We are using the ABP commercial infrastructure in our project. ABP Commercial version: v7.1 UI Type: Blazor DB Provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes
When we deploy with the main site (MainHost) and multiple sub-sites (Module Host), how should the system solve the problem of unified permission management?
For example,when a user logs into the MainHost system and then accesses the Order Host sub-site in an SSO manner, the Order Host cannot get the user's permissions and menu .
- ABP Framework version: v7.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes / no
- Exception message and stack trace:
- Steps to reproduce the issue:"
- Hello, I have a question about login authorization. Our company has developed multiple business systems based on the modular ABP framework. These systems require unified permission management. Prior to using ABP, we developed our systems in a conventional front-end and back-end separation pattern. The front-end pages would call a unified interface of the authorization system for login, obtain the corresponding roles and permissions. We called this the Portal platform. After switching to the ABP framework, I am unsure how to modify my subsystems to call a common service for authorization during login, similar to our previously self-developed portal. Do you have any solutions or case studies for my situation of multiple subsystems with unified authorization management based on the ABP framework? Thank you.
Hi,
After authorized login, a new user was indeed created again
Now the subsystem wants to retrieve user permissions, roles, and other information directly from the authorization center
Rebuilding seems to violate single sign on
Is there any way
hi Why is the permission policy empty after authorized login?
"auth": {
"grantedPolicies": {}
},
"setting": {
"values": {
"Abp.Localization.DefaultLanguage": "en",
"Abp.Timing.TimeZone": "UTC",
"Abp.Identity.Password.RequiredLength": "6",
"Abp.Identity.Password.RequiredUniqueChars": "1",
"Abp.Identity.Password.RequireNonAlphanumeric": "True",
"Abp.Identity.Password.RequireLowercase": "True",
"Abp.Identity.Password.RequireUppercase": "True",
"Abp.Identity.Password.RequireDigit": "True",
"Abp.Identity.Lockout.AllowedForNewUsers": "True",
"Abp.Identity.Lockout.LockoutDuration": "300",
"Abp.Identity.Lockout.MaxFailedAccessAttempts": "5",
"Abp.Identity.SignIn.RequireConfirmedEmail": "False",
"Abp.Identity.SignIn.EnablePhoneNumberConfirmation": "True",
"Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "False",
"Abp.Identity.User.IsUserNameUpdateEnabled": "True",
"Abp.Identity.User.IsEmailUpdateEnabled": "True",
"Abp.Identity.OrganizationUnit.MaxUserMembershipCount": "2147483647",
"Abp.Identity.TwoFactor.Behaviour": "Optional",
"Abp.Identity.TwoFactor.UsersCanChange": "True",
"Abp.Account.EnableLdapLogin": "false",
"Abp.Identity.EnableOAuthLogin": "false",
"Abp.Identity.OAuthLogin.Authority": null,
"Abp.Identity.OAuthLogin.ClientId": null,
"Abp.Identity.OAuthLogin.ClientSecret": null,
"Abp.Identity.OAuthLogin.Scope": null,
"Abp.Identity.OAuthLogin.RequireHttpsMetadata": "false",
"Abp.Identity.OAuthLogin.ValidateEndpoints": "false",
"Abp.Identity.OAuthLogin.ValidateIssuerName": "false",
"Abp.Account.IsSelfRegistrationEnabled": "False",
"Abp.Account.EnableLocalLogin": "False",
"Abp.Account.TwoFactorLogin.IsRememberBrowserEnabled": "true",
"Abp.Account.Captcha.UseCaptchaOnLogin": "false",
"Abp.Account.Captcha.UseCaptchaOnRegistration": "false",
"Abp.Account.Captcha.VerifyBaseUrl": "https://www.google.com/",
"Abp.Account.Captcha.SiteKey": null,
"Abp.Account.Captcha.Version": "3",
"Abp.Account.Captcha.Score": "0.5",
"Abp.Account.ProfilePictureSource": "False",
"Volo.Abp.LeptonTheme.Layout.Boxed": "False",
"Volo.Abp.LeptonTheme.Layout.MenuPlacement": "Left",
"Volo.Abp.LeptonTheme.Layout.MenuStatus": "AlwaysOpened",
"Volo.Abp.LeptonTheme.Style": "Style6",
"Volo.Abp.LeptonTheme.Style.PublicLayout": "Style1"
}
},
"currentUser": {
"isAuthenticated": true,
"id": "0d08f47e-23b7-b89c-45bd-3a0ab4f41e11",
"tenantId": null,
"impersonatorUserId": null,
"impersonatorTenantId": null,
"impersonatorUserName": null,
"impersonatorTenantName": null,
"userName": "test@qq.com",
"name": "test",
"surName": "test",
"email": "test@qq.com",
"emailVerified": false,
"phoneNumber": null,
"phoneNumberVerified": false,
"roles": []
},
hi
My email: 276389409@qq.com, thank you
hi Can you send me your demo? I'll compare it
Hi, Following your instructions, the same error occurred. The page that was redirected back is/Account/Register http://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc
the configuration as follow:
.AddAbpOpenIdConnect("oidc", options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("roles");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("AccountService");
options.Scope.Add("IdentityService");
options.Scope.Add("AdministrationService");
options.Scope.Add("SaasService");
//options.Scope.Add("ProductService");
//options.Scope.Add("ElsaService");
var tokenValidated = options.Events.OnTokenValidated;
options.Events.OnTokenValidated = validatedContext =>
{
tokenValidated.Invoke(validatedContext);
validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
return Task.CompletedTask;
};
});
.AddOpenIdConnect(Azure...,options => { var tokenValidated = options.Events.OnTokenValidated; options.Events.OnTokenValidated = validatedContext => { tokenValidated.Invoke(validatedContext); validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email)); return Task.CompletedTask; }; })
Hi Why is external authorization login? The page will be called back to the registration page, not the login page of the authorization center
Modified local configuration appsettings.json
"Settings": { "Abp.Account.IsSelfRegistrationEnabled": false, "Abp.Account.EnableLocalLogin": false }
Click the login button to adjust to the authorization center page
http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http://172.16.10.53:44338/signin-oidc&response_type=code id_token&scope=openid profile roles email phone AccountService IdentityService AdministrationService SaasService&response_mode=form_post&nonce=638175511421012693.MjllNTM0MjItM2I4OC00YTQxLTkxMjYtZjA3OGJkMTZiYzVkMzMzMTJjZDAtZWI5YS00NWU1LTgwYzEtNDUyYzEzMzJjNDk5&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkUiAQ-qr26COAb3ZpYXfIqrhRENdHI3s0mNNF3oYFM42Fx-QSyj0E0E-3ksNYFFMna34WePuihsjAsn-CXAj4iuwH9sMHf6_QWZXtN5WRX8FYwUF3KYavo0ScSRcg9Za0MafqLM53zJbQndSBzbJd-MMNyIfGq1aRiy3mOPQ6XtdDeE1gvz1FFzlVO7k-sl0J2uI-hBaLBYE26eEy9KwjI6bFXjsM_Y7WhbcdAZRYCPMQ27hi1HBafp9EAZLiPFpiLnrUFxGe4lH2VKUTABD0ipzw_rdYEYlmNL61nYIUH_uCFaxj3aIZGQzoWIqCGPf9K6arD7oekcZaBPEqZQE8rFyMOo-Oe486hWjQx83cylEwldG-cE25zdx47SBct5Mg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0
And immediately adjust tohttp://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc
