Activities of "prachi@urvin.finance"
I have shared the file on google chat. Please check Thanks!
Let me know how can we start a private chat?
You're right.
In IdentityService,
AbpClaimTypes.Role = "role"
CurrentUser.Roles is empty
But in AdministrationService,
AbpClaimTypes.Role = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
CurrentUser.Roles has data
Is there some reference missing which needs to be added in identity service? Kindly help.
bearer token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IkNBMUNENEZCMjc5RTNGQTkxRjNFM0FBM0VGREM0REEyMEYxNUY1QzhSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6InloelUteWVlUDZrZlBqcWo3OXhOb2c4VjljZyJ9.eyJuYmYiOjE3MzE1Njg0NzIsImV4cCI6MTc2MzEwNDQ3MiwiaXNzIjoiaHR0cHM6Ly9hdXRoLXNlcnZlcjo0NDMyMiIsImF1ZCI6WyJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiR2VuZXJhbFNlcnZpY2UiLCJJZGVudGl0eVNlcnZpY2UiLCJJbWFnZVNlcnZpY2UiLCJJbmRpY2F0b3JTZXJ2aWNlIiwiTmV3c1NlcnZpY2UiLCJOb3RpZmljYXRpb25TZXJ2aWNlIiwiUGF5bWVudFNlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIl0sImNsaWVudF9pZCI6IlVydmluRmluYW5jZV9CbGF6b3JTZXJ2ZXIiLCJzdWIiOiIzYTEyZmU0MC01ZTA4LTk0ODUtOTYzMS1lMzM0MzA1NDBkOWUiLCJhdXRoX3RpbWUiOjE3MzE1Njg0NzIsImlkcCI6ImxvY2FsIiwiZW1haWwiOiJlbWFpbEBmYWtlLmRvbWFpbiIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5Qb3JyYSIsIm5hbWUiOiJhZG1pblBvcnJhIiwiZ2l2ZW5fbmFtZSI6ImFkbWluUG9ycmEiLCJmYW1pbHlfbmFtZSI6IiIsInNlY3VyaXR5LXN0YW1wIjoiTVhUT083SUhVUFA0Nkk0NFVFUEFYUklPT0ZEM1I0REkiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MzE1Njg0NzIsInNjb3BlIjpbImFkZHJlc3MiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJBdXRoU2VydmVyIiwiQ29tbXVuaXR5U2VydmljZSIsIkRhdGFTZXJ2aWNlIiwiZW1haWwiLCJHZW5lcmFsU2VydmljZSIsIklkZW50aXR5U2VydmljZSIsIkltYWdlU2VydmljZSIsIkluZGljYXRvclNlcnZpY2UiLCJOZXdzU2VydmljZSIsIk5vdGlmaWNhdGlvblNlcnZpY2UiLCJvcGVuaWQiLCJQYXltZW50U2VydmljZSIsInBob25lIiwiUHJvZHVjdFNlcnZpY2UiLCJwcm9maWxlIiwicm9sZSIsIlNhYXNTZXJ2aWNlIiwiU2VhcmNoU2VydmljZSIsIlNlY3VyaXR5U2VydmljZSIsIlNwYWNrVHJhY2tTZXJ2aWNlIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.kgSXpQqgJ-fUCsKsSdbZtrmvE\_R\_utayMPYEEKmeA7qseqOkiuFl2tAWaS9MfLhyhox8a) full logs of Identity service:
{"Timestamp":"2024-11-14T08:24:28.9368522+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44388""""/api/identity-service/user-account/GetPAuth""" - null null","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44388","PathBase":"","Path":"/api/identity-service/user-account/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3484416+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)"'","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"EndpointName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:24:30.3806442+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"IdentityService\\", action = \\"GetPAuth\\", controller = \\"UserAccount\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.IdentityService.User.UserAccountController\" (\"UrvinFinance.IdentityService.HttpApi\").","TraceId":"540079ae59218f99a94716d5dde3b40e","SpanId":"40214419ac8ff144","Properties":{"RouteData":"{area = \"IdentityService\", action = \"GetPAuth\", controller = \"UserAccount\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.IdentityService.User.UserAccountController","AssemblyName":"UrvinFinance.IdentityService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"bb170843-9eb1-4d97-83e5-b5e8f74b610f","ActionName":"UrvinFinance.IdentityService.User.UserAccountController.GetPAuth (UrvinFinance.IdentityService.HttpApi)","RequestId":"0HN84GN10HLUN:00000001","RequestPath":"/api/identity-service/user-account/GetPAuth","ConnectionId":"0HN84GN10HLUN","CorrelationId":"9c3c7dc1bda64215a8927e8612ff9bdc","ClientId":"UrvinFinance\_BlazorServer","Application":"UrvinFinance.IdentityService.HttpApi.Host"}}
b) full logs of Administration service
{"Timestamp":"2024-11-14T08:26:55.6814108+00:00","Level":"Information","MessageTemplate":"Request starting {Protocol} {Method} {Scheme}://{Host}{PathBase}{Path}{QueryString} - {ContentType} {ContentLength}","RenderedMessage":"Request starting "HTTP/1.1" "GET" "http"://"localhost:44367""""/api/permission-service/permission/GetPAuth""" - null null","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"localhost:44367","PathBase":"","Path":"/api/permission-service/permission/GetPAuth","QueryString":"","EventId":{"Id":1},"SourceContext":"Microsoft.AspNetCore.Hosting.Diagnostics","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8101460+00:00","Level":"Information","MessageTemplate":"Executing endpoint '{EndpointName}'","RenderedMessage":"Executing endpoint '"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)"'","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"EndpointName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","EventId":{"Name":"ExecutingEndpoint"},"SourceContext":"Microsoft.AspNetCore.Routing.EndpointMiddleware","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
{"Timestamp":"2024-11-14T08:26:56.8344923+00:00","Level":"Information","MessageTemplate":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName}).","RenderedMessage":"Route matched with "{area = \\"AdministrationService\\", controller = \\"Permission\\", action = \\"GetPAuth\\", page = \\"\\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()\" on controller \"UrvinFinance.AdministrationService.Permissions.PermissionController\" (\"UrvinFinance.AdministrationService.HttpApi\").","TraceId":"0d356ca8c5b7bbf01ddf802e0d9b6b43","SpanId":"afc92631a2937775","Properties":{"RouteData":"{area = \"AdministrationService\", controller = \"Permission\", action = \"GetPAuth\", page = \"\"}","MethodInfo":"System.Threading.Tasks.Task`1[System.Boolean] GetPAuth()","Controller":"UrvinFinance.AdministrationService.Permissions.PermissionController","AssemblyName":"UrvinFinance.AdministrationService.HttpApi","EventId":{"Id":102,"Name":"ControllerActionExecuting"},"SourceContext":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","ActionId":"87349f99-8ce5-4ee5-823a-5cdca8724e11","ActionName":"UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuth (UrvinFinance.AdministrationService.HttpApi)","RequestId":"0HN84GOCO2JQL:00000001","RequestPath":"/api/permission-service/permission/GetPAuth","ConnectionId":"0HN84GOCO2JQL","CorrelationId":"ae3154296cd742c6931a543d9c84df81","ClientId":"UrvinFinance\_BlazorServer","UserId":"3a12fe40-5e08-9485-9631-e33430540d9e","Application":"UrvinFinance.AdministrationService.HttpApi.Host"}}
- current claims for identity service
[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "[https://auth-server:44322"](https://auth-server:44322")
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "aud",
"Value": "AuthServer"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"),
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "[http://schemas.microsoft.com/identity/claims/identityprovider"](http://schemas.microsoft.com/identity/claims/identityprovider"),
"Value": "local"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
"Value": "[email@fake.domain](mailto:email@fake.domain)"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"),
"Value": "adminPorra"
},
{
"Type": "[http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"),
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "[http://schemas.microsoft.com/ws/2008/06/identity/claims/role"](http://schemas.microsoft.com/ws/2008/06/identity/claims/role"),
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "address"
},
{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "[http://schemas.microsoft.com/claims/authnmethodsreferences"](http://schemas.microsoft.com/claims/authnmethodsreferences"),
"Value": "pwd"
},
{
"Type": "name",
"Value": "adminPorra"
}
]
- current claims for administratotion service
[
{
"Type": "nbf",
"Value": "1731568472"
},
{
"Type": "exp",
"Value": "1763104472"
},
{
"Type": "iss",
"Value": "https://auth-server:44322"
},
{
"Type": "aud",
"Value": "AdministrationService"
},
{
"Type": "client\_id",
"Value": "UrvinFinance\_BlazorServer"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"Value": "3a12fe40-5e08-9485-9631-e33430540d9e"
},
{
"Type": "auth\_time",
"Value": "1731568472"
},
{
"Type": "http://schemas.microsoft.com/identity/claims/identityprovider",
"Value": "local"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"Value": "email@fake.domain"
},
{
"Type": "phone\_number\_verified",
"Value": "False"
},
{
"Type": "email\_verified",
"Value": "True"
},
{
"Type": "preferred\_username",
"Value": "adminPorra"
},
{
"Type": "name",
"Value": "adminPorra"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"Value": "adminPorra"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"Value": ""
},
{
"Type": "security-stamp",
"Value": "MXTOO7IHUPP46I44UEPAXRIOOFD3R4DI"
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
"Value": "admin"
},
{
"Type": "iat",
"Value": "1731568472"
},
{
"Type": "scope",
"Value": "offline\_access"
},
{
"Type": "http://schemas.microsoft.com/claims/authnmethodsreferences",
"Value": "pwd"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"Value": "adminPorra"
}
]
Hi, I would like to open this ticket again.
I would like to give more context to this.
I created same endpoint GetPAuthWithPermissions in administration service and identity service. It is running fine in administration service after clearing cache from Redis.
But the same is not working in Identity service
Below are the logs
---------------------------------------------------Administration service logs -------------------------------------------------------------------------------------------
[13:06:39 INF] Request starting HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - null null [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: U,3a12fe40-5e08-9485-9631-e33430540d9e [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: R,admin [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:06:42 DBG] Setting the cache items. Count: 185 [13:06:42 DBG] Finished setting the cache items. Count: 185 [13:06:42 INF] Executing endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 INF] Route matched with {area = "AdministrationService", controller = "Permission", action = "GetPAuthWithPermission", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Boolean] GetPAuthWithPermission() on controller UrvinFinance.AdministrationService.Permissions.PermissionController (UrvinFinance.AdministrationService.HttpApi). [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:U,pk:3a12fe40-5e08-9485-9631-e33430540d9e,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:R,pk:admin,n:AbpIdentity.Roles [13:06:42 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 DBG] Found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:06:42 INF] Executing ObjectResult, writing value of type 'System.Boolean'. [13:06:42 INF] Executed action UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi) in 36.9788ms [13:06:42 INF] Executed endpoint 'UrvinFinance.AdministrationService.Permissions.PermissionController.GetPAuthWithPermission (UrvinFinance.AdministrationService.HttpApi)' [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 DBG] Added 0 entity changes to the current audit log [13:06:42 INF] Request finished HTTP/1.1 GET http://localhost:44367/api/permission-service/permission/GetPAuthWithPermission - 200 null application/json; charset=utf-8 2833.4599ms
---------------------------------------------------Identity service logs ------------------------------------------------------------------------------------------- [13:09:03 INF] Request starting HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - null null [13:09:03 DBG] PermissionStore.GetCacheItemAsync: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Not found in the cache: pn:C,pk:UrvinFinance_BlazorServer,n:AbpIdentity.Roles [13:09:03 DBG] Getting all granted permissions from the repository for this provider name,key: C,UrvinFinance_BlazorServer [13:09:03 DBG] Setting the cache items. Count: 166 [13:09:03 DBG] Finished setting the cache items. Count: 166 [13:09:03 INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.Roles [13:09:03 INF] AuthenticationScheme: Bearer was forbidden. [13:09:03 INF] Request finished HTTP/1.1 GET http://localhost:44388/api/identity-service/user-account/GetPAuthWithPermission - 403 0 null 25.4081ms
Thanks! But how to add it to IdentityClients Scope?
FYI: This is a blazor server application
I tried this but it didn't work
