Activities of "prachi@urvin.finance"

Could you please confirm if you received my email?

I couldn't find anything AbpClaimTypes.Role in the code.

I can't share the full source code as it's an enterprise application. I can provide the remote access. Thanks

I have shared the file on google chat. Please check Thanks!

Let me know how can we start a private chat?

You're right. In IdentityService, AbpClaimTypes.Role = "role" CurrentUser.Roles is empty

But in AdministrationService, AbpClaimTypes.Role = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" CurrentUser.Roles has data

Is there some reference missing which needs to be added in identity service? Kindly help.

1. bearer token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkNBMUNENEZCMjc5RTNGQTkxRjNFM0FBM0VGREM0REEyMEYxNUY1QzhSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6InloelUteWVlUDZrZlBqcWo3OXhOb2c4VjljZyJ9.eyJuYmYiOjE3MzE1Njg0NzIsImV4cCI6MTc2MzEwNDQ3MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLXNlcnZlcjo0NDMyMiIsImF1ZCI6WyJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiR2VuZXJhbFNlcnZpY2UiLCJJZGVudGl0eVNlcnZpY2UiLCJJbWFnZVNlcnZpY2UiLCJJbmRpY2F0b3JTZXJ2aWNlIiwiTmV3c1NlcnZpY2UiLCJOb3RpZmljYXRpb25TZXJ2aWNlIiwiUGF5bWVudFNlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIl0sImNsaWVudF9pZCI6IlVydmluRmluYW5jZV9CbGF6b3JTZXJ2ZXIiLCJzdWIiOiIzYTEyZmU0MC01ZTA4LTk0ODUtOTYzMS1lMzM0MzA1NDBkOWUiLCJhdXRoX3RpbWUiOjE3MzE1Njg0NzIsImlkcCI6ImxvY2FsIiwiZW1haWwiOiJlbWFpbEBmYWtlLmRvbWFpbiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Qb3JyYSIsIm5hbWUiOiJhZG1pblBvcnJhIiwiZ2l2ZW5fbmFtZSI6ImFkbWluUG9ycmEiLCJmYW1pbHlfbmFtZSI6IiIsInNlY3VyaXR5LXN0YW1wIjoiTVhUT083SUhVUFA0Nkk0NFVFUEFYUklPT0ZEM1I0REkiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MzE1Njg0NzIsInNjb3BlIjpbImFkZHJlc3MiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiZW1haWwiLCJHZW5lcmFsU2VydmljZSIsIklkZW50aXR5U2VydmljZSIsIkltYWdlU2VydmljZSIsIkluZGljYXRvclNlcnZpY2UiLCJOZXdzU2VydmljZSIsIk5vdGlmaWNhdGlvblNlcnZpY2UiLCJvcGVuaWQiLCJQYXltZW50U2VydmljZSIsInBob25lIiwiUHJvZHVjdFNlcnZpY2UiLCJwcm9maWxlIiwicm9sZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.kgSXpQqgJ-fUCsKsSdbZtrmvE\_R\_utayMPYEEKmeA7qseqOkiuFl2tAWaS9MfLhyhox8

2. a) full logs of Identity service:

{"Timestamp":"2024-11-14T08:24:28.9368522+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44388""""/api/identity-service/user-account/GetPAuth""" - null null","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44388","PathBase":"","Path":"/api/identity-service/user-account/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3484416+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)"'","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"EndpointName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3806442+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"IdentityService\\", action = \\"GetPAuth\\", controller = \\"UserAccount\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.IdentityService.User.UserAccountController\" (\"UrvinFinance.IdentityService.HttpApi\").","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"RouteData":"{area = \"IdentityService\", action = \"GetPAuth\", controller = \"UserAccount\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.IdentityService.User.UserAccountController","AssemblyName":"UrvinFinance.IdentityService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"bb170843-9eb1-4d97-83e5-b5e8f74b610f","ActionName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}

b) full logs of Administration service

{"Timestamp":"2024-11-14T08:26:55.6814108+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44367""""/api/permission-service/permission/GetPAuth""" - null null","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44367","PathBase":"","Path":"/api/permission-service/permission/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8101460+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)"'","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"EndpointName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8344923+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"AdministrationService\\", controller = \\"Permission\\", action = \\"GetPAuth\\", page = \\"\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.AdministrationService.Permissions.PermissionController\" (\"UrvinFinance.AdministrationService.HttpApi\").","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"RouteData":"{area = \"AdministrationService\", controller = \"Permission\", action = \"GetPAuth\", page = \"\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.AdministrationService.Permissions.PermissionController","AssemblyName":"UrvinFinance.AdministrationService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"87349f99-8ce5-4ee5-823a-5cdca8724e11","ActionName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}

3. current claims for identity service

[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "[https://auth-server:44322"](https://auth-server:44322")
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "aud",
"Value": "AuthServer"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"),
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "[http://schemas.microsoft.com/identity/claims/identityprovider"](http://schemas.microsoft.com/identity/claims/identityprovider"),
"Value": "local"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
"Value": "[email@fake.domain](mailto:email@fake.domain)"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"),
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"),
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "[http://schemas.microsoft.com/ws/2008/06/identity/claims/role"](http://schemas.microsoft.com/ws/2008/06/identity/claims/role"),
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "address"
},

{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "[http://schemas.microsoft.com/claims/authnmethodsreferences"](http://schemas.microsoft.com/claims/authnmethodsreferences"),
"Value": "pwd"
},
{
"Type": "name",
"Value": "adminPorra"
}
]

4. current claims for administratotion service

[
 {
 "Type": "nbf",
 "Value": "1731568472"
 },
 {
 "Type": "exp",
 "Value": "1763104472"
 },
 {
 "Type": "iss",
 "Value": "https://auth-server:44322"
 },
 {
 "Type": "aud",
 "Value": "AdministrationService"
 },
 {
 "Type": "client\_id",
 "Value": "UrvinFinance\_BlazorServer"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
 "Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
 },
 {
 "Type": "auth\_time",
 "Value": "1731568472"
 },
 {
 "Type": "http://schemas.microsoft.com/identity/claims/identityprovider",
 "Value": "local"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
 "Value": "email@fake.domain"
 },
 {
 "Type": "phone\_number\_verified",
 "Value": "False"
 },
 {
 "Type": "email\_verified",
 "Value": "True"
 },
 {
 "Type": "preferred\_username",
 "Value": "adminPorra"
 },
 {
 "Type": "name",
 "Value": "adminPorra"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
 "Value": "adminPorra"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
 "Value": ""
 },
 {
 "Type": "security-stamp",
 "Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
 },
 {
 "Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
 "Value": "admin"
 },
 {
 "Type": "iat",
 "Value": "1731568472"
 },

 {
 "Type": "scope",
 "Value": "offline\_access"
 },
 {
 "Type": "http://schemas.microsoft.com/claims/authnmethodsreferences",
 "Value": "pwd"
 },
 {
 "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
 "Value": "adminPorra"
 }
]

Hi, I would like to open this ticket again.

I would like to give more context to this.

I created same endpoint GetPAuthWithPermissions in administration service and identity service. It is running fine in administration service after clearing cache from Redis.

But the same is not working in Identity service

Below are the logs

---------------------------------------------------Administration service logs -------------------------------------------------------------------------------------------

[13:06:39 INF] Request starting HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - null null [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: U,3a12fe40-5e08-9485-9631-e33430540d9e [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: R,admin [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 INF] Executing endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 INF] Route matched with {area = "AdministrationService", controller = "Permission", action = "GetPAuthWithPermission", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Boolean] GetPAuthWithPermission() on controller UrvinFinance.AdministrationService.Permissions.PermissionController (UrvinFinance.AdministrationService.HttpApi). [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 INF] Executing ObjectResult, writing value of type 'System.Boolean'. [13:06:42 INF] Executed action UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi) in 36.9788ms [13:06:42 INF] Executed endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 INF] Request finished HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - 200 null application/json; charset=utf-8 2833.4599ms

---------------------------------------------------Identity service logs ------------------------------------------------------------------------------------------- [13:09:03 INF] Request starting HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - null null [13:09:03 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:09:03 DBG] Setting the cache items. Count: 166 [13:09:03 DBG] Finished setting the cache items. Count: 166 [13:09:03 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.Roles [13:09:03 INF] AuthenticationScheme: Bearer was forbidden. [13:09:03 INF] Request finished HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - 403 0 null 25.4081ms

• ABP Framework version: v8.3.0* UI Type:Blazor Server
• Database System: EF Core (PostgreSQL)
• Exception message and full stack trace: 403 Forbidden
• Steps to reproduce the issue: Log in as an super-admin. Not able to access any identity-related pages such as /identity/organization-units, /identity/roles, etc

I am encountering an application-wide issue where I'm unable to authorize any action method or view based on user permissions. However, role-based authorization is functioning as expected. Upon inspecting the token, it includes the user's role, but ABP is not retrieving permissions associated with that role.

I've also verified the database, and all necessary permissions are correctly seeded to this role. However, ABP still isn't retrieving or recognizing these permissions for authorization, even though role-based checks are working.

I suspect this issue may have arisen due to a recent project upgrade.

Thanks! But how to add it to IdentityClients Scope?

FYI: This is a blazor server application

I tried this but it didn't work

In the same way, there is one "Default" remote service is added. How can I add one more service here?