Activities of "holy-expertni-sluzby"

Hello,

we're using ABP with multiple microservices. Because we build our microservices for multiple use-cases we want to group controllers into groups (for different clients) by Area attribute. For example I have ServiceA where are some Controllers with [Area(nameof(ServiceA))] some with [Area(nameof(ServiceB))] and some with [Area(nameof(ServiceC))]. We're having:

[DependsOn(
    typeof(ServiceAApplicationContractsModule),
    typeof(AbpHttpClientModule))]
public class ServiceAHttpApiClientModule : AbpModule
{
    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        context.Services.AddStaticHttpClientProxies(
            typeof(ServiceAApplicationContractsModule).Assembly,
            "ServiceA");
    }
}

That's works pretty fine. When I generate proxies with: abp generate-proxy -m ServiceA -t csharp -url https://localhost:44444/ --without-contracts.

We have a problem when from ServiceB I want to use generated proxies because in this setting I'm getting (when I inject IApplicationService from ServiceA in ServiceB that: The API description of the ServiceB.IServiceBAppService method was not found!. After some investigation I found out that if I change ApiClientModule this way:

[DependsOn(
    typeof(ServiceAApplicationContractsModule),
    typeof(AbpHttpClientModule))]
public class ServiceAHttpApiClientModule : AbpModule
{
    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        context.Services.AddStaticHttpClientProxies(
            typeof(ServiceAApplicationContractsModule).Assembly,
            "ServiceA");
        context.Services.AddStaticHttpClientProxies(
            typeof(ServiceAApplicationContractsModule).Assembly,
            "ServiceB");
    }
}

and generate proxies for both services. Everything starts to work fine

But this setup causes that ServiceB in some scenarios throws Exception that it tries to find definition RemoteServices for communication with ServiceB in appsettings.json what don't make sense. If I remove context.Services.AddStaticHttpClientProxies(typeof(ServiceAApplicationContractsModule).Assembly, "ServiceB"); this works fine but there is again problem with Method was not found.

Can you please tell we how we should correctly implement multiple Areas on Controllers?

Thank you!

Hello, I found a problem what was in our shared project where was setting about AdministrationService etc. Sorry and thank you for your asistance! Everything works fine now.

I found out that if I call api/abp/application-configuration endpoint on my MediaService (with mentioned auth token) I get:

"auth": {
    "grantedPolicies": {

    }
  },

but if I call same endpoint (with same auth token) on DatabaseService I get:

"auth": {
  "grantedPolicies": {
    ...
    "FileManagement.DirectoryDescriptor": true,
    "FileManagement.DirectoryDescriptor.Create": true,
    "FileManagement.DirectoryDescriptor.Update": true,
    "FileManagement.DirectoryDescriptor.Delete": true,
    "FileManagement.FileDescriptor": true,
    "FileManagement.FileDescriptor.Create": true,
    "FileManagement.FileDescriptor.Update": true,
    "FileManagement.FileDescriptor.Delete": true
  }

so there must be problem that my MediaService cannot reach my AdministrationService what is handling permissions. But if I compare my appsettings.json in both services they looks similar (in auth parts). Can you please show me what part of code is telling microservice to use Administration service for Permissions handling?

1. I think I have correct DependsOn:

[DependsOn(
    typeof(MediaServiceDomainSharedModule),
    typeof(AbpDddApplicationContractsModule),
    typeof(AbpAuthorizationModule),
    typeof(FileManagementApplicationContractsModule)
)]
public class MediaServiceApplicationContractsModule : AbpModule
{
}

2. I'm not sure why should I do: AdministrationService Must Reference Application.Contracts because all other my services are not referenced as well and permissions on them works properly.
3. Correct Permission Assignment in OpenIddictDataSeeder is correct because I'm using same constants.
4. Can you please show me how should I MediaService should be configured to use the AdministrationService for permission management ? That's maybe point what I have not set up correctly but I cannot find documentation for that.
5. I restarted services many times
6. I cleared cache many times.

Thank you

Hello, I would like to ask for asistance with Authorization. I have microservice solution with many microservices. I have 1 microservice what stores files (named: MediaService) and using Volo.FileManagement version 9.2.0 and I have another microservice what handles business logic (named: DatabaseService). In Database service I'm using: Volo.FileManagement.Files.IFileDescriptorAppService _fileDescriptorAppService; to call to MediaService. In Database service I have (appsettings.json):

{
  "AuthServer": {
    "Authority": "https://localhost:44321"
  },
  "IdentityClients": {
    "FileManagement": {
      "GrantType": "client_credentials",
      "ClientId": "DatabaseService",
      "ClientSecret": "*****",
      "Authority": "https://localhost:44321",
      "Scope": "MediaService"
    }...
  },
    "RemoteServices": {
    "FileManagement": {
      "BaseUrl": "https://localhost:44455",
      "UseCurrentAccessToken": false
    },
    "MediaService": {
      "BaseUrl": "https://localhost:44455",
      "UseCurrentAccessToken": false
    }
  },

when I call method to create a file:

var uploadedFile = await _fileDescriptorAppService.CreateAsync(
    null,
    new()
    {
        Name = input.Name,
        File = new RemoteStreamContent(stream, input.Name, input.ContentType),
        OverrideExisting = true
    }
)

MediaService is called correctly but responses with:

Request starting "HTTP/1.1" "POST" "https"://"localhost:44455""""/api/file-management/file-descriptor/upload""?Name=file.png&OverrideExisting=True&ExtraProperties=Volo.Abp.Data.ExtraPropertyDictionary&api-version=1.0" - "multipart/form-data; boundary=\"e8316996-9abb-4eef-a33d-6805ca935199\"" 29509
Authorization failed. "These requirements were not met:
PermissionRequirement: FileManagement.FileDescriptor
PermissionRequirement: FileManagement.FileDescriptor.Create"
AuthenticationScheme: "Bearer" was forbidden.
Request finished "HTTP/1.1" "POST" "https"://"localhost:44455""""/api/file-management/file-descriptor/upload""?Name=file.png&OverrideExisting=True&ExtraProperties=Volo.Abp.Data.ExtraPropertyDictionary&api-version=1.0" - 403 0 null 111.7592ms

But my token in this request looks good:

{
  "iss": "https://localhost:44321/",
  "aud": "MediaService",
  "scope": "MediaService",
  "oi_prst": "DatabaseService",
  "client_id": "DatabaseService",
  ...
}

My OpenIddictDataSeeder on Identity service sets permissions correctly (UI shows permissions correctly set too):

await CreateApplicationAsync(
   name: "DatabaseService",
   type: OpenIddictConstants.ClientTypes.Confidential,
   consentType: OpenIddictConstants.ConsentTypes.Implicit,
   secret: "*****",
   grantTypes: [OpenIddictConstants.GrantTypes.ClientCredentials],
   scopes: [.. commonScopes.Union(["MediaServerService", "FileManagement"])],
   permissions: [
      FileManagementPermissions.FileDescriptor.Default,
      FileManagementPermissions.FileDescriptor.Create
   ]
);

My MediaService should be connected to AdministrationService (handling permissions) correctly but that's part where I'm not sure. My appsettings.json looks correctly:

{
  "AuthServer": {
    "Authority": "https://localhost:44321"
  },
    "ConnectionStrings": {
    "AbpBlobStoring": "xxx",
    "FileManagement": "xxx",
    "MediaService": "xxx",
    "AdministrationService": "xxx", // do I need?
    "SaasService": "xxx" // do I need?
  },

Can you point me what I'm missing and why do I get 403? I think that communication between Database and Media services works good. Thanks in advance! Martin