We can close this for now. I ran the queries above and saw that the authserver had suspended transactions. I restarted the pod and the problem went away.
[20:28:35 INF] Request starting HTTP/1.1 POST http://cloverleafcms-pr-apps-identity/api/identity/users - application/json 519
[20:28:35 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.CreateAsync (Volo.Abp.Identity.Pro.HttpApi)'
[20:28:35 INF] Route matched with {area = "identity", controller = "User", action = "Create"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Identity.IdentityUserDto] CreateAsync(Volo.Abp.Identity.IdentityUserCreateDto) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
[20:29:05 ERR] Failed executing DbCommand (30,010ms) [Parameters=[@p2='?' (DbType = Guid), @p0='?' (Size = 40), @p3='?' (Size = 40), @p1='?' (DbType = Int32), @p6='?' (DbType = Guid), @p4='?' (Size = 40), @p7='?' (Size = 40), @p5='?' (DbType = Int32), @p8='?' (DbType = Guid), @p9='?' (DbType = Guid), @p10='?' (DbType = Guid), @p11='?' (DbType = Guid), @p12='?' (DbType = Guid), @p13='?' (DbType = Guid), @p18='?' (DbType = Guid), @p14='?' (Size = 40), @p19='?' (Size = 40), @p15='?' (DbType = Int32), @p16='?' (DbType = DateTime2), @p17='?' (DbType = Guid)], CommandType='Text', CommandTimeout='30']
SET NOCOUNT ON;
UPDATE [AbpRoles] SET [ConcurrencyStamp] = @p0, [EntityVersion] = @p1
OUTPUT 1
WHERE [Id] = @p2 AND [ConcurrencyStamp] = @p3;
UPDATE [AbpRoles] SET [ConcurrencyStamp] = @p4, [EntityVersion] = @p5
OUTPUT 1
WHERE [Id] = @p6 AND [ConcurrencyStamp] = @p7;
INSERT INTO [AbpUserRoles] ([RoleId], [UserId], [TenantId])
VALUES (@p8, @p9, @p10),
(@p11, @p12, @p13);
UPDATE [AbpUsers] SET [ConcurrencyStamp] = @p14, [EntityVersion] = @p15, [LastModificationTime] = @p16, [LastModifierId] = @p17
OUTPUT 1
WHERE [Id] = @p18 AND [ConcurrencyStamp] = @p19;
[20:29:05 ERR] An exception occurred in the database while saving changes for context type 'CloverleafCMS.IdentityService.Data.IdentityServiceDbContext'.
Microsoft.EntityFrameworkCore.DbUpdateException: An error occurred while saving the entity changes. See the inner exception for details.
---> Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
---> System.ComponentModel.Win32Exception (258): Unknown error 258
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.Update.ReaderModificationCommandBatch.ExecuteAsync(IRelationalConnection connection, CancellationToken cancellationToken)
ClientConnectionId:25031d3f-7e9e-4a45-b673-e954e0acbcfd
Error Number:-2,State:0,Class:11
--- End of inner exception stack trace ---
This seems to be the only service that's having the issue.
This is impacting our production users so immediate attention would be appreciated.
Thank you
We're considering deploying our microservices solution to Azure Container Apps vs Kubernetes. Has anyone done this before and if so, are there documents / templates to follow?
Hi,
In the Identity service OpenIddictDataSeeder on this block of code:
if (!Uri.TryCreate(redirectUri, UriKind.Absolute, out var uri) || !uri.IsWellFormedOriginalString())
{
throw new ApplicationException("Invalid redirect URI: " + redirectUri);
}
We get:
Exception has occurred: CLR/System.ApplicationException
An exception of type 'System.ApplicationException' occurred in System.Private.CoreLib.dll but was not handled in user code: 'Invalid redirect URI: https://{0}.mydomain.dev/signin-oidc'
at CloverleafCMS.IdentityService.Data.OpenIddictDataSeeder.<CreateOrUpdateApplicationAsync>d__15.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/OpenIddictDataSeeder.cs:line 627
at CloverleafCMS.IdentityService.Data.OpenIddictDataSeeder.<CreateClientsAsync>d__14.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/OpenIddictDataSeeder.cs:line 354
at CloverleafCMS.IdentityService.Data.OpenIddictDataSeeder.<SeedAsync>d__9.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/OpenIddictDataSeeder.cs:line 57
at Castle.DynamicProxy.AsyncInterceptorBase.<ProceedAsynchronous>d__13.MoveNext()
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapter.<ProceedAsync>d__7.MoveNext()
at Volo.Abp.Uow.UnitOfWorkInterceptor.<InterceptAsync>d__2.MoveNext()
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.<InterceptAsync>d__2.MoveNext()
at CloverleafCMS.IdentityService.Data.IdentityServiceDataSeeder.<SeedOpenIddictAsync>d__12.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/IdentityServiceDataSeeder.cs:line 105
at CloverleafCMS.IdentityService.Data.IdentityServiceDataSeeder.<SeedAsync>d__9.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/IdentityServiceDataSeeder.cs:line 52
at CloverleafCMS.IdentityService.Data.IdentityServiceRuntimeDatabaseMigrator.<SeedAsync>d__2.MoveNext() in /Users/rogerhopkins/App_Development/CodeRepositories/CloverleafCMS-Microservices/services/identity/CloverleafCMS.IdentityService/Data/IdentityServiceRuntimeDatabaseMigrator.cs:line 35
at Volo.Abp.EntityFrameworkCore.Migrations.EfCoreRuntimeDatabaseMigratorBase`1.<LockAndApplyDatabaseMigrationsAsync>d__35.MoveNext()
We've already done the above. We added "https://{0}.mydomain.dev/" to the appsettings in the Identity service and it threw an error that it's a malformed url in the CreateOrUpdateApplicationAsync of OpenIddictDataSeeder.cs.
We have a Saas web application written in Vue JS that uses our Abp Microservice solution for the backend. Each tenant will have their own domain like https://client1.mydomain, https://client2.mydomain.dev, etc.
We added this to the auth server module PreconfigureServices PreConfigure(options => { options.EnableWildcardDomainSupport = true; // Development environment domains options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/signin-oidc"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/silent-refresh"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/auth/login"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/auth/signout-callback-oidc"); });
In the Identity database OpenIddictApplications table we manually updated the RedirectUris and PostLogoutRedirectUris with the wildcard character '*'
[
{
"id": "9335f213-8a0d-7ce3-f069-3a1b786183db",
"ClientId": "CloverleafCMS",
"RedirectUris": "["https://*.mydomain.dev/signin-oidc","https://*.mydomain.dev/auth/silent-refresh"]",
"PostLogoutRedirectUris": "["https://.cloverleafcms.us/auth/login"]"
}
]
The issue is that the OpenIddictApplications table is reseeded every time the Identity service is restarted. So we have to manually update the redirect Uris with the wildcard manually
I tried adding the wildcard in the Identity data seeder but it through a malformed url error.
I read this article https://abp.io/docs/latest/guides/ms-multi-tenant-domain-resolving but not sure that will fix our problem since our client application is written in Vue.
How do we get around this? <br>
I think this fixed it.
Thank you.
I just granted you access to the Token service and auth-server GitHub repositories
I made the change to the token service passing var policy = new DiscoveryPolicy
{
RequireHttps = false
};
and am now getting this error
{
"error": {
"code": null,
"message": "Error retrieving discovery document: Invalid base address for endpoint http://authserver.mydomain.dev/connect/authorize. Valid base addresses: https://authserver.mydomain.dev.",
"details": null,
"data": {},
"validationErrors": null
}
}
This answer still doesn't make sense. We have not touched the Token service since 8/27. But I just made a change to the authserver and redeployed. It's now working again (not throwing a http error and successfully returning a token).
So something else must be happening.
