ABP Framework version: v7.0.2
UI type: Blazor Server
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Exception message and stack trace:
Blazor logs:
2023-02-27 17:50:24.528 +00:00 [INF] Received HTTP response headers after 118.4314ms - 200
2023-02-27 17:50:24.528 +00:00 [INF] End processing HTTP request after 118.6985ms - 200
2023-02-27 17:50:24.538 +00:00 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: SettingManagement.Emailing
HttpApi.Host logs:
2023-02-27 17:50:24.169 +00:00 [INF] Request starting HTTP/1.1 GET https://localhost:44397/api/abp/application-configuration?IncludeLocalizationResources=False&api-version=1.0 - -
2023-02-27 17:50:24.178 +00:00 [INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: IDX10223: Lifetime validation failed. The token is expired. ValidTo: '2/24/2023 11:31:19 PM', Current time: '2/27/2023 5:50:24 PM'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime(Nullable1 notBefore, Nullable
1 expires, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime(Nullable1 notBefore, Nullable
1 expires, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
--- End of stack trace from previous location ---
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
2023-02-27 17:50:24.178 +00:00 [INF] Bearer was not authenticated. Failure message: IDX10223: Lifetime validation failed. The token is expired. ValidTo: '2/24/2023 11:31:19 PM', Current time: '2/27/2023 5:50:24 PM'.
Steps to reproduce the issue: Generate a tiered solution with LeptonX theme with ABP Suite
Some time (let's say an hour) after signing in users can't access protected pages, and menu items are missing.
I updated Volo.Abp.AspNetCore.Components.Server.LeptonXTheme and Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX to 2.2.0-preview20230224, and the rest of Volo packages to 7.1.0-rc.2 and the issue is still there.
The only thing that temporarily makes permissions work again is clearing cookies and flushing Redis cache.
The issue is similar to these: https://github.com/abpframework/abp/issues/14068 https://support.abp.io/QA/Questions/4348/Permission-get-lost-during-application-running https://support.abp.io/QA/Questions/4561/Strange-ConnectionCaching-Behavior