We created a project with microservice commercial template and deployed project to Azure Kubernetes Services. All applications, services and gateways running with no error stand-alone. At authserver ui, user can successfully sign in. But, when backoffice application (management application created with MVC razor UI) trying to access authserver for authentication, request forwarded to authserver successfully and then with correct cridentials, authhentication completed successfully but when returning back to the backoffice web application (signin-oidc) there is no action and no redirect to the Backoffice web application. We contolled OIDC urls many times, and at local development environment it works successfully. There is no such error on IIS deployment. We did the OnApplicationInitialization code updates at AuthServerModule described the documentation: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/applications#running-authserver-on-kubernates-pods Authserver and backoffice web application have SSL config.
How can we solve this problem?
Thanks for your help.
hi maliming,
Thank you for help, it worked perfectly.
I also strongly recommend that add all these information to the documentation for microservice inter-communication.
hi
I mean you can create a new microservice project and add some code to reproduce the problem.
abp new BookStoreMS -t microservice-pro
hi maliming,
i have created fresh microservice-pro project. The steps that followed: 1- Completed microservice solution settings for successful run and test. 2- Added new microservice (OrderService) to the solution, edited settings and controlled successful run 3- Added new entity (OrderInfo) to OrderService 4- Completed settings for accessing from OrderService to ProductService via InternalGateway (like described previuos answers) 5- Added required references to projects (like described previuos answers) 6- Added code to OrderService.OrderInfoAppService.GetListAsync() method for accessing ProductService.ProductAppService.GetListAsync() like below: var list = await _productAppService.GetListAsync(new GetProductsInput { }); 7- Run tye without AuthServer, InternalGateway, OrderService and ProductService 8- Run AuthServer, InternalGateway, OrderService and ProductService in debug mode 9- At web project, login and then clicked Order Infos menu item 10- Results were same ! .../api/product-service/products request sent from OrderService to InternalGateway InternalGateway logs: first: No authorization required for .../api/product-service/products, then: 401 unauthorized
I shared wetransfer link for solution zipFile to you via mail.
Thanks
hi,
i did not understand what you mean for "use the template ms project to reproduce this" ?
Project/solution structure is too big, min. 14 .sln file, I have shared part of realated documents (code, setting, debug logs,...) and steps at previus answers for this ticket. Is there any other solution than sharing all project structure?
Thanks
hi maliming,
Checked Authserver logs, no request sent to Authserver.
Detailed check for InternalGateway logs, there seem to be some inconsistencies: First "no authentication needed for /api/content-service/categories" and "/api/content-service/{everything} route does not require user to be authorized" then "401 (Unauthorized) status code, request uri: https://localhost:44341/api/content-service/categories?SkipCount=0&MaxResultCount=10&api-version=1.0" Marked below:
[11:55:29 INF] Request starting HTTP/1.1 GET https://localhost:44211/api/content-service/categories?SkipCount=0&MaxResultCount=10&api-version=1.0 - -
[11:55:29 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: ocelot pipeline started
[11:55:29 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: Upstream url path is /api/content-service/categories
[11:55:29 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: downstream templates are /api/content-service/{everything}
[11:55:29 INF] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/content-service/{everything}
> **[11:55:29 INF] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: No authentication needed for /api/content-service/categories**
> **[11:55:29 INF] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: /api/content-service/{everything} route does not require user to be authorized**
[11:55:29 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: Downstream url is https://localhost:44341/api/content-service/categories?SkipCount=0&MaxResultCount=10&api-version=1.0
> **[11:55:54 WRN] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: 401 (Unauthorized) status code, request uri: https://localhost:44341/api/content-service/categories?SkipCount=0&MaxResultCount=10&api-version=1.0**
[11:55:54 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: setting http response message
[11:55:54 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: no pipeline errors, setting and returning completed response
[11:55:54 DBG] requestId: 0HMB24LT00SJK:00000003, previousRequestId: no previous request id, message: ocelot pipeline finished
[11:55:54 INF] Request finished HTTP/1.1 GET https://localhost:44211/api/content-service/categories?SkipCount=0&MaxResultCount=10&api-version=1.0 - - - 401 159 application/json;+charset=utf-8 25041.3619ms
All steps have been done as gterdem explained but, Is there a missing or error in the appsettings files?
Thanks
Hi maliming,
For testing purpose, all permission have been granted for related client, screen shot below:
For detailed debug, i have excluded Authserver, FinanceService, ContentService and InternalGateway projects from tye and ran all the projects. Below i am sharing some screen shots for debug logs
FinanceService (calling service) logs
ContentService (called service) logs
Thanks
It worked thank you. But one fresh error like, Authorization failed for RemoteService. Screen shot:
I have created the client for FinanceService at IdentityServerDataSeeder like (also gave all permission to newly created client at backoffice application Identity Server screens) :
await CreateClientAsync(
name: "FinanceService_Internal",
scopes: commonScopes.Union(new[]
{
"ContentService"
}),
grantTypes: new[] { "client_credentials" },
secret: "secret".Sha256(),
permissions: new[] { ContentServicePermissions.Categories.Default }
);
And at FinanceService appsettings used like below:
"RemoteServices": {
"Default": {
"BaseUrl": "https://localhost:44211/",
"UseCurrentAccessToken": "false"
}
},
"IdentityClients": {
"Default": {
"GrantType": "client_credentials",
"ClientId": "FinanceService_Internal",
"ClientSecret": "secret",
"Authority": "https://localhost:44111", //auth server url
"Scope": "ContentService"
}
},
hi
1- Added ContentService.Application.Contracts reference to FinanceService.Application.Contracts project 2- Added ContentService.HttpApi.Client reference to FinanceService.HttpApi.host project
Are you add the module depend?
https://docs.abp.io/en/abp/latest/Module-Development-Basics#module-dependencies
Which module?
For testing, added typeof(ContentServiceApplicationContractsModule) dependency to FinanceServiceApplicationContractsModule but result is same, Autofac exception occured.
Is it required adding ContentServiceApplicationModule dependency to FinanceServiceServiceApplicationModule ? If it is, theese two microservices become tightly coupled to eachother, i think it is not suitable for microservice architecture.
We expected that, when requesting a ContentService's application service from FinanceService, FinanceService send http request to InternalGateway for accessing ContentService.
I think adding DLL or module referance is same as combining two microservice project in one project like monolith ?
Thanks
Note: Requirement is accessing from FinanceService to ContentService over internal gateway We produced the steps you described as below:
1- Added ContentService.Application.Contracts reference to FinanceService.Application.Contracts project
2- Added ContentService.HttpApi.Client reference to FinanceService.HttpApi.host project
3- Created "FinanceService_Internal" client at IdentityDataSeeder and ran DbMigrator project (client added to db with required scope and permission)
4- Added required settings to appsetting.json for FinanceService.HttpApi.host project
5- Changed [RemoteService(IsEnabled = true)] for CategoryAppService at ContentService.Application layer
6- Injected required service interface at FinanceService.Application layer and trying to use it
7- After theese modifications, ran solution with tye
8- When testing FinanceService.PackagePriceAppService, (remote service interface injected application service), errors occured with "Autofac exceptions"
Thanks for your response gterdem. We added required references which you described. Then, how can we use MicroserviceA.HttpApi.Client from MicroserviceB.Application layer (like MicroserviceB.Application.OrderAppService) for requesting MicroserviceA application service (like MicroserviceA.Application.ProductAppService)?
It would be great if you describe with some psuedo code. ScreenShot from code attached below:
Thanks.