Activities of "merdan"

Hi @maliming! sent you an email with url and credentials.Thanks

I have checked all of this, and everything seems to be configured correctly, but still not working. You can give url of the application to the support team if needed.

Description

Authentication state is lost when Blazor Web App transitions from Server-side rendering to WebAssembly (Interactive Auto render mode) in production environment with Docker + nginx reverse proxy. The issue does NOT occur in development environment.

Environment

• ABP Framework Version: 9.x (Commercial)
• .NET Version: 9.0
• UI Framework: Blazor Web App
• Render Mode: Interactive Auto (@rendermode="InteractiveAuto")
• Authentication: OpenIdConnect + Cookie Authentication
• Deployment: Docker containers behind nginx reverse proxy
• Data Protection: Redis (shared across containers)
• Database: PostgreSQL

Project Structure

• Auth Server: Separate container running OpenIddict
• Blazor App: Main application with Interactive Auto render mode
• API: Separate API container
• All containers use Redis for Data Protection keys
• nginx reverse proxy handles SSL termination and routing

Steps to Reproduce

1. Deploy Blazor Web App with Interactive Auto render mode to Docker with nginx reverse proxy
2. Configure ForwardedHeaders, cookie settings as per ABP documentation
3. Login successfully (first visit - Server-side rendering works)
4. Navigate between pages (subsequent visits switch to WebAssembly)
5. Result: User appears authenticated on first page load, but loses authentication after WebAssembly hydration

Expected Behavior

• User remains authenticated when transitioning from Server to WebAssembly render mode
• Authentication state should persist across render mode switches
• Works correctly in development (IIS Express) Actual Behavior
• Authentication works on first visit (Server-side)
• After transition to WebAssembly (on subsequent navigations), authentication is lost
• User is redirected to login page
• Cookies appear to be present in browser but not recognized by WebAssembly side

Configuration Details

App.razor

<Routes @rendermode="InteractiveAuto" />
<HeadOutlet @rendermode="InteractiveAuto" />

XxxBlazorModule.cs (Server)

// ConfigureServices
context.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | 
                              ForwardedHeaders.XForwardedProto | 
                              ForwardedHeaders.XForwardedHost;
    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

context.Services.AddRazorComponents()
    .AddInteractiveServerComponents()
    .AddInteractiveWebAssemblyComponents();

// Cookie configuration
.AddCookie("Cookies", options =>
{
    options.ExpireTimeSpan = TimeSpan.FromDays(365);
    options.IntrospectAccessToken();
    
    if (!hostingEnvironment.IsDevelopment())
    {
        options.Cookie.SameSite = SameSiteMode.Lax;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.Cookie.HttpOnly = true;
    }
})

// OnApplicationInitialization
if (!env.IsDevelopment())
{
    app.UseForwardedHeaders();
}

XxxBlazorClientModule.cs (WebAssembly)

private static void ConfigureAuthentication(WebAssemblyHostBuilder builder)
{
    builder.Services.AddBlazorWebAppServices();
}

nginx Configuration

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;

What We've Tried

1. ✅ Added AddAuthenticationStateSerialization() on server (didn't help)
2. ✅ Configured ForwardedHeaders properly
3. ✅ Set cookie SameSite=Lax and SecurePolicy=Always
4. ✅ Verified Redis Data Protection is working (keys are shared)
5. ✅ Configured nginx to forward all required headers
6. ✅ Set OIDC correlation and nonce cookies to Lax/Always
7. ✅ Verified cookies are present in browser DevTools
8. ✅ Cleared browser cache/cookies multiple times

Questions

1. Does ABP's Interactive Auto mode require additional configuration for production beyond what's documented?
2. Is there a special authentication state provider needed for Docker + nginx scenarios?
3. Should AddAuthenticationStateSerialization() be used for ABP's OpenIdConnect setup?
4. Are there any known issues with cookie-based authentication in Interactive Auto mode behind reverse proxy?

Additional Context

• The exact same code works perfectly in development (localhost with IIS Express)
• Issue only occurs in production with Docker + nginx
• ABP Framework's template uses AddBlazorWebAppServices() on client side
• Server uses standard ABP OpenIdConnect configuration with cookie authentication Related Documentation
• ABP Blazor Web App Documentation
• Microsoft: Blazor Web App Authentication

Request

Please provide guidance on:

1. Proper authentication state management for Interactive Auto mode in production
2. Any ABP-specific configuration required for Docker + nginx deployments
3. Whether authentication state serialization is needed/recommended for ABP's OpenIdConnect setup
4. Any known workarounds or best practices for this scenario

Ok, thanks for the clarification. Am I right to think that startup templates don't change on patch releases (like in my case, between 9.1.1 and 9.1.3), so I can just update ABP packages and keep other files as is?

I have a strange problem, when I try to create a new project, it always uses version 9.1.1, but the current latest version is 9.1.3 Also tried to specify version with -v 9.1.3 and --version 9.1.3 with no luck. Also tried to uninstall and reinstall cli, still the same result. Also tried to create a project with ABP Studio, still the same result.

Is there an option to specify a version? Or how to force CLI/Studio to use the latest template version?

I get an error when trying to open a Docs Project with a FileSystem document source

Volo.Abp.AbpException: Missing path parameter value for version (version)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyUrlBuilder.ReplacePathVariablesAsync(StringBuilder urlBuilder, ActionApiDescriptionModel action, IReadOnlyDictionary`2 methodArguments, ApiVersionInfo apiVersion)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyUrlBuilder.GenerateUrlWithParametersAsync(ActionApiDescriptionModel action, IReadOnlyDictionary`2 methodArguments, ApiVersionInfo apiVersion)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.GetUrlWithParametersAsync(ClientProxyRequestContext requestContext, ApiVersionInfo apiVersion)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
   at Volo.Docs.Projects.DocsProjectClientProxy.GetLanguageListAsync(String shortName, String version)
   at Volo.Docs.Pages.Documents.Project.IndexModel.SetLanguageList()
   at Volo.Docs.Pages.Documents.Project.IndexModel.SetPageAsync()
   at Volo.Docs.Pages.Documents.Project.IndexModel.OnGetAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|7_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Security.Claims.AbpDynamicClaimsMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.<Invoke>g__AwaitMatch|10_1(EndpointRoutingMiddleware middleware, HttpContext httpContext, Task matchTask)
   at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Volo.Abp.Studio.Client.AspNetCore.AbpStudioMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)

As I understand this happens because of the fact that project actually has no versions, so the call to Volo.Docs.Projects.DocsProjectClientProxy.GetLanguageListAsync(String shortName, String version) fails as no version is passed to this endpoint.

Steps to reproduce:

• Create a new project with the provided solution info configuration,
• and then import module Volo.Docs, install module, install Volo.Docs.Web package to Payhas.Billing.Web.Public
• configure menu, and add project to the database

Example Projects

| Id | Name | ShortName | Format | DefaultDocumentName | NavigationDocumentName | ParametersDocumentName | MinimumVersion | DocumentStoreType | MainWebsiteUrl | LatestVersionBranchName | ExtraProperties | ConcurrencyStamp | | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | | 3a19c703-4cbc-fee6-4dd3-694aeec0db13 | Management (Technical) | management | md | index | docs-nav.json | docs-params.json | 2.0 | FileSystem | /Documents | null | {"Path":"D:\\dev\\Payhas\\Billing-v2\\docs\\technical\\management"} | 28d64b1dfffb472ebd707a8d1f35a3b3 | | 3a19c703-4cbb-0e40-fd67-6c052e0d9de2 | Internet (Technical) | internet | md | index | docs-nav.json | docs-params.json | 2.0 | FileSystem | /Documents | null | {"Path":"D:\\dev\\Payhas\\Billing-v2\\docs\\technical\\internet"} | 1726fa5c79194a0bb6a8129fad683c2b | | 3a19c703-4ca8-2fe3-3d5d-146a989e60ab | Common (Technical) | common | md | index | docs-nav.json | docs-params.json | 2.0 | FileSystem | /Documents | null | {"Path":"D:\\dev\\Payhas\\Billing-v2\\docs\\technical\\common"} | 91fa0ff35d6b425dae701efd32ed6d87 |

Solution info:

• Template: app

• Created ABP Studio Version: 0.9.26

• Current ABP Studio Version: 0.9.26

• Tiered: Yes

• Multi-Tenancy: Yes

• UI Framework: blazor

• Theme: leptonx

• Theme Style: system

• Theme Menu Placement: side

• Run Install Libs: No

• Run Bundling: No

• Progressive Web App: Yes

• Run Progressive Web App Support: Yes

• Database Provider: ef

• Database Management System: postgresql

• Separate Tenant Schema: No

• Create Initial Migration: No

• Run Db Migrator: No

• Mobile Framework: maui

• Public Website: Yes

• Social Login: Yes

• Include Tests: Yes

• Kubernetes Configuration: Yes

• Distributed Event Bus: none

• Use Local References: No

• Optional Modules:

  • GDPR
  • TextTemplateManagement
  • LanguageManagement * LanguageManagement
  • AuditLogging
  • OpenIddictAdmin

• Create Command: abp new Payhas.Billing -t app --tiered --ui-framework blazor --mobile maui --database-provider ef --database-management-system postgresql --theme leptonx --skip-migration --skip-migrator --public-website --without-cms-kit --dont-run-install-libs --dont-run-bundling -no-file-management

Yes it was windows, updated to windows-arm, will let you know if it fixed the problem after updating.

Hi,

The problem was fixed, you can try again.

Should I do anything other than dotnet restore, cause just restoring didn't work. I still get the same error that the package was not found:

Unable to find package Volo.Abp.Account.Pro.Public.MauiBlazor. No packages exist with this id in source(s): C:\Program Files\dotnet\library-packs, Microsoft Visual Studio Offline Packages, nuget.abp.io, nuget.org

Automated update on Windows on Arm, brakes ABP Studio, so I have to uninstall it, and manually download and install the latest ARM version.

Automated update downloads and installs a wrong architecture (x64), which results in: Which is also reported here

before update:

after update:

Hi, I am trying to create a new blazor maui hybrid project with abpstudio v9 and get error at the bundle step. After many hours of digging this is what I concluded, it is an issue with the Volo.Abp.Account.Pro.Public.MauiBlazor package. Please see log from dotnet restore:
Unable to find package Volo.Abp.Account.Pro.Public.MauiBlazor. No packages exist with this id in source(s): nuget.abp.io, nuget.org. PackageSourceMapping is enabled, the following source(s) were not considered: C:\Program Files\dotnet\library-packs, Microsoft Visual Studio Offline Packages.

All other abpio packages seem to restore fine. This is preventing me from using the hybrid project type

Using abpstudio 0.9.15, Windows 11

Not sure if anyone else faces this issue?

Hi, I have the same problem, and this seems to be nuget issue

here are the results of browsing nuget directly: