Activities of "hakan.kulcur@yddosoftware.com"

For first question (redirect loop) I sent a link (now deleted) for reproduce problem code. can ou suggest a solution?

IdentityCheck the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v5.3.3
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hello,

I have three questions regarding Identity Server authentication.

1. The ABP application I have developed can authenticate with IDS4 from a non-ABP ASP.NET Core application. When I click the "Login" button on the homepage in abp app, I can connect with OpenID Connect configuration. I have prepared an authorized Custom Page for testing purposes, and I can access it. However, when I try to access the CustomPage without logging in, IDS4 asks for the user's name and password from the Login screen. Then, I get stuck in an endless redirect loop. There are dozens of log entries in the log file. I can log in from the homepage without any issues and access the Custom Page. Why does it loop after login when I access it without authentication? I am attaching the IdentityServer QuickStart sample and ABP application as examples. Link DELETED

Log--
023-03-24 14:02:24.452 +03:00 [INF] Request starting HTTP/2 GET https://localhost:44313/CustomPage - -
2023-03-24 14:02:24.708 +03:00 [INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
2023-03-24 14:02:24.819 +03:00 [INF] AuthenticationScheme: oidc was challenged.
2023-03-24 14:02:24.822 +03:00 [INF] Request finished HTTP/2 GET https://localhost:44313/CustomPage - - - 302 - - 369.7578ms
2023-03-24 14:02:26.550 +03:00 [INF] Request starting HTTP/2 POST https://localhost:44313/signin-oidc application/x-www-form-urlencoded 589
2023-03-24 14:02:26.732 +03:00 [DBG] Executing HealthCheck collector HostedService.

2023-03-24 14:02:30.130 +03:00 [INF] AuthenticationScheme: oidc was challenged.
2023-03-24 14:02:30.131 +03:00 [INF] Request finished HTTP/2 GET https://localhost:44313/CustomPage - - - 302 - - 5.7295ms
2023-03-24 14:02:30.363 +03:00 [INF] Request starting HTTP/2 POST https://localhost:44313/signin-oidc application/x-www-form-urlencoded 589
2023-03-24 14:02:30.388 +03:00 [INF] AuthenticationScheme: Identity.External signed in.
2023-03-24 14:02:30.389 +03:00 [INF] Request finished HTTP/2 POST https://localhost:44313/signin-oidc application/x-www-form-urlencoded 589 - 302 - - 25.5136ms
2023-03-24 14:02:30.391 +03:00 [INF] Request starting HTTP/2 GET https://localhost:44313/CustomPage - -
2023-03-24 14:02:30.394 +03:00 [INF] Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.

2. After logging in to the non-ABP application in one browser tab, when I log in to the ABP application, the non-ABP application logs out. When I log in again to the non-ABP application, our ABP application logs out. The two applications cannot be logged in simultaneously, but both can log in with the same client configuration from the same IdentityServer. How is this possible?

This issue cannot be reproduced in the IDS4 Quickstart and MVC client example that I have sent. However, I can reproduce it in the non-ABP application, but I cannot send the code.

3. After logging in to the ABP application, the following warning appears in the IDS4 and application logs of the non-ABP application.

fail: Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery[7]
      An exception was thrown while deserializing the token.
      Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
       ---> System.Security.Cryptography.CryptographicException: The key {a040ee01-b8b0-4d88-ad71-b94da3cb80f9} was not found in the key ring.
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
         at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         --- End of inner exception stack trace ---
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
         at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)

4. Bonus Question !! Would you run our abp aplication in to non Abp Application Iframe Page with authantication?

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v6.0.0
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi all,

We want to use Abp Commercial App with authenticate with another non-Abp IdentityServer. We configure it from settings in abp app and its works. How then can a Non-Abp application call a Page from within Iframe the Abp application page with SSO from ? Where should we do settings about this, in Identityserver or abp client App?

Hi, My Setting has not Identity tab page Also no Enable OAuth and LDAP check box. I checked from abpsuite ,IdentityPro modue is installed.

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

• ABP Framework version: 5.3.3.
• UI type: MVC
• DB provider: EF Core /
• Tiered (MVC) or Identity Server Separated (Angular): not created yet. planning MVC tiered.
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi . How is it correct to create an MVC Abp Commercial v5.3.3 project to authorize with an External IdentityServer4 Provider? We want to use the Login screen of another non-ABP application for Login and save/update the user information from there to the Abp MVC application.

Should all existing Identityserver references be removed for a project not created as "Tiered"? Or should the Project be recreated as tiered?

Also, can the existing IdentityServer be disabled to open as required?

How should we configure our Abp Commercial application to access external APIs and authorize via External IdentityServer Provider (we have clientid, clientssecret, granttype information)?

I could not authorize external service by creating a tiered application. We are planning to receive data from Identity server external to our Abp Application with background jobs. Do you have a sample article and application? Thanks