Activities of "rogercprops"

• Template: microservice
• Created ABP Studio Version: 1.0.2
• Current ABP Studio Version: 2.1.6
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

• Exception message and full stack trace:

When creating a new Tenant in our Production environment, the Identity admin role and user are not being created. We last created a new tenant in December with no problems. We are not having this issue in our development environment.

This is all that's showing in the Saas service pod log:

[20:46:25 INF] Request starting HTTP/1.1 POST http://cloverleafcms-pr-apps-saas/api/saas/tenants?api-version=1.0 - application/json; charset=utf-8 221 [20:46:25 INF] Executing endpoint 'Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Route matched with {area = "saas", controller = "Tenant", action = "Create"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Saas.Host.Dtos.SaasTenantDto] CreateAsync(Volo.Saas.Host.Dtos.SaasTenantCreateDto) on controller Volo.Saas.Host.TenantController (Volo.Saas.Host.HttpApi). [20:46:25 INF] Executing ObjectResult, writing value of type 'Volo.Saas.Host.Dtos.SaasTenantDto'. [20:46:25 INF] Executed action Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi) in 23.8808ms [20:46:25 INF] Executed endpoint 'Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Request finished HTTP/1.1 POST http://cloverleafcms-pr-apps-saas/api/saas/tenants?api-version=1.0 - 200 null application/json; charset=utf-8 81.0558ms [20:46:25 INF] Request starting HTTP/1.1 GET http://cloverleafcms-pr-apps-saas/api/saas/tenants?GetEditionNames=True&SkipCount=0&MaxResultCount=10&api-version=1.0 - null null [20:46:25 INF] Executing endpoint 'Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Route matched with {area = "saas", controller = "Tenant", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Saas.Host.Dtos.SaasTenantDto]] GetListAsync(Volo.Saas.Host.Dtos.GetTenantsInput) on controller Volo.Saas.Host.TenantController (Volo.Saas.Host.HttpApi). [20:46:25 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Saas.Host.Dtos.SaasTenantDto, Volo.Saas.Host.Application.Contracts, Version=9.2.0.0, Culture=neutral, PublicKeyToken=null]]'. [20:46:25 INF] Executed action Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi) in 32.3796ms [20:46:25 INF] Executed endpoint 'Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Request finished HTTP/1.1 GET http://cloverleafcms-pr-apps-saas/api/saas/tenants?GetEditionNames=True&SkipCount=0&MaxResultCount=10&api-version=1.0 - 200 null application/json; charset=utf-8 38.8072ms [20:46:26 INF] Found 1 events in the outbox. [20:46:26 INF] Sent 1 events to message broker

Steps to reproduce the issue:

1. Using the MVC web app, log into the host tenant
2. Navigate to Saas -> Tenants
3. Click Create button
4. Fill in required fields and click Save button
5. Notification at the bottom of the page indicating the Tenant was created successfully
6. Using SQL
   1. get the Id for the new Tenant
   2. Run queries on the Identity service databases to select roles and users with the new TenantId

SELECT *
FROM [CloverleafCMS_PR_Identity].[dbo].[AbpRoles]
-- WHERE [TenantId] is not null
WHERE
[TenantId] = '994e1b70-468f-84c4-987f-3a1f324821cd' -- New tenant Id
ORDER BY [TenantId], [Name]

SELECT 
       [Id]
      ,[UserName]
      ,[NormalizedUserName]
      ,[Name]
      ,[Surname]
      ,[Email]
  FROM [CloverleafCMS_PR_Identity].[dbo].[AbpUsers]
  WHERE [TenantId] = '994e1b70-468f-84c4-987f-3a1f324821cd'

The queries don't return the admin user or admin role (or any user/role).

• Template: microservice
• Created ABP Studio Version: 1.0.2
• Current ABP Studio Version: 2.1.6
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

• Exception message and full stack trace:

[20:28:35 INF] Request starting HTTP/1.1 POST http://cloverleafcms-pr-apps-identity/api/identity/users - application/json 519
[20:28:35 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.CreateAsync (Volo.Abp.Identity.Pro.HttpApi)'
[20:28:35 INF] Route matched with {area = "identity", controller = "User", action = "Create"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Identity.IdentityUserDto] CreateAsync(Volo.Abp.Identity.IdentityUserCreateDto) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
[20:29:05 ERR] Failed executing DbCommand (30,010ms) [Parameters=[@p2='?' (DbType = Guid), @p0='?' (Size = 40), @p3='?' (Size = 40), @p1='?' (DbType = Int32), @p6='?' (DbType = Guid), @p4='?' (Size = 40), @p7='?' (Size = 40), @p5='?' (DbType = Int32), @p8='?' (DbType = Guid), @p9='?' (DbType = Guid), @p10='?' (DbType = Guid), @p11='?' (DbType = Guid), @p12='?' (DbType = Guid), @p13='?' (DbType = Guid), @p18='?' (DbType = Guid), @p14='?' (Size = 40), @p19='?' (Size = 40), @p15='?' (DbType = Int32), @p16='?' (DbType = DateTime2), @p17='?' (DbType = Guid)], CommandType='Text', CommandTimeout='30']
SET NOCOUNT ON;
UPDATE [AbpRoles] SET [ConcurrencyStamp] = @p0, [EntityVersion] = @p1
OUTPUT 1
WHERE [Id] = @p2 AND [ConcurrencyStamp] = @p3;
UPDATE [AbpRoles] SET [ConcurrencyStamp] = @p4, [EntityVersion] = @p5
OUTPUT 1
WHERE [Id] = @p6 AND [ConcurrencyStamp] = @p7;
INSERT INTO [AbpUserRoles] ([RoleId], [UserId], [TenantId])
VALUES (@p8, @p9, @p10),
(@p11, @p12, @p13);
UPDATE [AbpUsers] SET [ConcurrencyStamp] = @p14, [EntityVersion] = @p15, [LastModificationTime] = @p16, [LastModifierId] = @p17
OUTPUT 1
WHERE [Id] = @p18 AND [ConcurrencyStamp] = @p19;
[20:29:05 ERR] An exception occurred in the database while saving changes for context type 'CloverleafCMS.IdentityService.Data.IdentityServiceDbContext'.
Microsoft.EntityFrameworkCore.DbUpdateException: An error occurred while saving the entity changes. See the inner exception for details.
 ---> Microsoft.Data.SqlClient.SqlException (0x80131904): Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.
 ---> System.ComponentModel.Win32Exception (258): Unknown error 258
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Update.ReaderModificationCommandBatch.ExecuteAsync(IRelationalConnection connection, CancellationToken cancellationToken)
ClientConnectionId:25031d3f-7e9e-4a45-b673-e954e0acbcfd
Error Number:-2,State:0,Class:11
   --- End of inner exception stack trace ---

• Steps to reproduce the issue:
• Either in the Web application or via Postman create a new user. This problem just started happening today in production. We don't have this issue in our dev environment where the Authserver, Identity and Administration docker images are identical.

This seems to be the only service that's having the issue.

This is impacting our production users so immediate attention would be appreciated.

Thank you

We're considering deploying our microservices solution to Azure Container Apps vs Kubernetes. Has anyone done this before and if so, are there documents / templates to follow?

We have a Saas web application written in Vue JS that uses our Abp Microservice solution for the backend. Each tenant will have their own domain like https://client1.mydomain, https://client2.mydomain.dev, etc.

We added this to the auth server module PreconfigureServices PreConfigure(options => { options.EnableWildcardDomainSupport = true; // Development environment domains options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/signin-oidc"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/silent-refresh"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/auth/login"); options.WildcardDomainsFormat.Add("https://{0}.mydomain.dev/auth/signout-callback-oidc"); });

In the Identity database OpenIddictApplications table we manually updated the RedirectUris and PostLogoutRedirectUris with the wildcard character '*'

[
{
"id": "9335f213-8a0d-7ce3-f069-3a1b786183db",
"ClientId": "CloverleafCMS",
"RedirectUris": "["https://*.mydomain.dev/signin-oidc","https://*.mydomain.dev/auth/silent-refresh"]",
"PostLogoutRedirectUris": "["https://.cloverleafcms.us/auth/login"]"

}

]

The issue is that the OpenIddictApplications table is reseeded every time the Identity service is restarted. So we have to manually update the redirect Uris with the wildcard manually

I tried adding the wildcard in the Identity data seeder but it through a malformed url error.

I read this article https://abp.io/docs/latest/guides/ms-multi-tenant-domain-resolving but not sure that will fix our problem since our client application is written in Vue.

How do we get around this? <br>

• Template: microservice
• Created ABP Studio Version: 1.0.2
• Current ABP Studio Version: 1.2.1
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Run Install Libs: Yes
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

• Exception message and full stack trace:

[13:23:05 INF] Request starting HTTP/1.1 POST http://cloverleafcms-dev-apps-token/api/token - application/json 661
[13:23:05 INF] Executing endpoint 'TokenService.Tokens.TokenController.GetAccessToken (CloverleafCMS.TokenService)'
[13:23:05 INF] Route matched with {area = "token", action = "GetAccessToken", controller = "Token", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[TokenService.Tokens.TokenResponseDto] GetAccessToken(TokenService.Tokens.TokenRequestDto) on controller TokenService.Tokens.TokenController (CloverleafCMS.TokenService).
Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize
[13:23:06 WRN] ---------- RemoteServiceErrorInfo ----------
{
  "code": null,
  "message": "Error retrieving discovery document: Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize",
  "details": null,
  "data": {},
  "validationErrors": null
}
[13:23:06 WRN] Error retrieving discovery document: Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize
Volo.Abp.UserFriendlyException: Error retrieving discovery document: Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize
   at CloverleafCMS.TokenService.TokenService.TokenAppService.GetAccessToken(String Tenant, String clientId, String clientSecret, String userName, String password, String[] scopes) in D:\CodeRepositories\CloverleafCMS-Microservices-Abp\services\token\CloverleafCMS.TokenService\Tokens\TokenAppService.cs:line 39
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.GlobalFeatures.GlobalFeatureInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Auditing.AuditingInterceptor.ProceedByLoggingAsync(IAbpMethodInvocation invocation, AbpAuditingOptions options, IAuditingHelper auditingHelper, IAuditLogScope auditLogScope)
   at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
   at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
   at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
   at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
   at TokenService.Tokens.TokenController.GetAccessToken(TokenRequestDto input) in D:\CodeRepositories\CloverleafCMS-Microservices-Abp\services\token\CloverleafCMS.TokenService\Controllers\TokenController.cs:line 25
   at lambda_method2378(Closure, Object)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
[13:23:06 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Http.RemoteServiceErrorResponse'.
[13:23:06 INF] Executed action TokenService.Tokens.TokenController.GetAccessToken (CloverleafCMS.TokenService) in 984.4926ms
[13:23:06 INF] Executed endpoint 'TokenService.Tokens.TokenController.GetAccessToken (CloverleafCMS.TokenService)'
[13:23:06 INF] Request finished HTTP/1.1 POST http://cloverleafcms-dev-apps-token/api/token - 403 null application/json; charset=utf-8 1042.2538ms

• Steps to reproduce the issue: We're using the authserver application from the Microservice template and have a micro service to retrieve a token. Both are running as pods in AKS and we have the web gateway routing to the authserver service via ingress-nginx.

Following is the code in the token app service

using Duende.IdentityModel.Client;
using Volo.Abp;
using TokenService.Tokens;
using Volo.Abp.Application.Services;

namespace CloverleafCMS.TokenService.TokenService;

public class TokenAppService : ApplicationService, ITokenAppService
{
    private readonly IConfiguration _configuration;

    public TokenAppService(IConfiguration configuration)
    {
        _configuration = configuration;
    }

    public async Task<TokenResponseDto> GetAccessToken(
        string? Tenant,
        string clientId,
        string clientSecret,
        string userName,
        string password,
        string[] scopes
    )
    {
        Check.NotNull(clientId, nameof(clientId));
        Check.NotNull(clientSecret, nameof(clientSecret));
        Check.NotNull(userName, nameof(userName));
        Check.NotNull(password, nameof(password));

        var apiEndpoint = _configuration.GetValue<string>("AuthServer:Authority");
        var scope = string.Join(" ", scopes);
        var discoveryCache = new DiscoveryCache(apiEndpoint);
        var disco = await discoveryCache.GetAsync();

        if (disco.IsError)
        {
            Console.WriteLine(disco.Error);
            throw new UserFriendlyException($"Error retrieving discovery document: {disco.Error}");
        }

        var client = new HttpClient();

        var passwordTokenRequest = new PasswordTokenRequest
        {
            Address = disco.TokenEndpoint,
            ClientId = clientId,
            ClientSecret = clientSecret,
            UserName = userName,
            Password = password,
            Scope = scope
        };

        if (Tenant != null) passwordTokenRequest.Headers.Add("tenant", Tenant);
        var tokenResponse = await client.RequestPasswordTokenAsync(passwordTokenRequest);

        TokenResponseDto tokenRequestResponse = new();

        if (tokenResponse.IsError)
        {
            Console.WriteLine("error", tokenResponse);
            throw new UserFriendlyException($"Error retrieving token: {tokenResponse.ErrorDescription}");
        }
        else
        {
            tokenRequestResponse.AccessToken = tokenResponse.AccessToken;
            tokenRequestResponse.RefreshToken = tokenResponse.RefreshToken;
            tokenRequestResponse.ExpiresIn = tokenResponse.ExpiresIn;
        }

        return tokenRequestResponse;
    }

}

When I call the token I get the error.

curl --location 'https://webgateway.mydomain.dev/api/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "clientId": "CloverleafAPI",
    "clientSecret": "*****",
    "userName": "****",
    "password": "****",
    "scopes": ["address","email","phone","profile","roles","ActionItemService","AdministrationService","AIService","AuditLoggingService","AuthServer","ClientService","ClientServicesQuery","CommunicationsTemplateService","ContactService","DocTemplateService","DocumentService","EngagementLogService","FinancialService","GdprService","GuardianshipService","HousingService","HudService","IdentityService","LanguageService","MemberConfigService","NoteService","SaasService","ServicesService","StaffService","TokenService","WorkshopService"]
}'
{"error":{"code":null,"message":"Error retrieving discovery document: Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize","details":null,"data":{},"validationErrors":null}}%   ```


When I examine the authserver pod log it appears the configuration was created successfully but that's where it ends

```cs
[13:23:05 INF] Request starting HTTP/1.1 GET http://authserver.mydomain.dev/.well-known/openid-configuration - null null
[13:23:05 WRN] Unknown proxy: [::ffff:10.244.2.61]:41130
[13:23:05 INF] The request URI matched a server endpoint: Configuration.
[13:23:05 INF] The configuration request was successfully extracted: {}.
[13:23:05 INF] The configuration request was successfully validated.
[13:23:06 INF] The response was successfully returned as a JSON document: {
  "issuer": "https://authserver.mydomain.dev/",
  "authorization_endpoint": "http://authserver.mydomain.dev/connect/authorize",
  "token_endpoint": "http://authserver.mydomain.dev/connect/token",
  "introspection_endpoint": "http://authserver.mydomain.dev/connect/introspect",
  "end_session_endpoint": "http://authserver.mydomain.dev/connect/endsession",
  "revocation_endpoint": "http://authserver.mydomain.dev/connect/revocat",
  "userinfo_endpoint": "http://authserver.mydomain.dev/connect/userinfo",
  "device_authorization_endpoint": "http://authserver.mydomain.dev/device",
  "pushed_authorization_request_endpoint": "http://authserver.mydomain.dev/connect/par",
  "jwks_uri": "http://authserver.mydomain.dev/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "password",
    "client_credentials",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:device_code",
    "LinkLogin",
    "Impersonation"
  ],
  "response_types_supported": [
    "code",
    "code id_token",
    "code id_token token",
    "code token",
    "id_token",
    "id_token token",
    "token",
    "none"
  ],
  "response_modes_supported": [
    "query",
    "form_post",
    "fragment"
  ],
  "scopes_supported": [
    "openid",
    "offline_access",
    "email",
    "profile",
    "phone",
    "roles",
    "address",
    "ActionItemService",
    "AdministrationService",
    "AIService",
    "AuditLoggingService",
    "AuthServer",
    "ClientService",
    "ClientServicesQuery",
    "CommunicationsTemplateService",
    "ContactService",
    "DocTemplateService",
    "DocumentService",
    "EngagementLogService",
    "FinancialService",
    "GdprService",
    "GuardianshipService",
    "HousingService",
    "HudService",
    "IdentityService",
    "LanguageService",
    "MemberConfigService",
    "NoteService",
    "SaasService",
    "ServicesService",
    "SMSService",
    "StaffService",
    "TokenService",
    "WorkshopService"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "prompt_values_supported": [
    "consent",
    "login",
    "none",
    "select_account"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt",
    "client_secret_basic"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt",
    "client_secret_basic"
  ],
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt",
    "client_secret_basic"
  ],
  "device_authorization_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt",
    "client_secret_basic"
  ],
  "pushed_authorization_request_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt",
    "client_secret_basic"
  ],
  "require_pushed_authorization_requests": false,
  "claims_parameter_supported": false,
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "tls_client_certificate_bound_access_tokens": false,
  "authorization_response_iss_parameter_supported": true
}.
[13:23:06 INF] Request finished HTTP/1.1 GET http://authserver.mydomain.dev/.well-known/openid-configuration - 200 3354 application/json;charset=UTF-8 900.7678ms

We have what I think is the exact same setup running in another cluster with no problem right now. However, this problem keeps popping up when we update the deployment. We use the same helm charts in both clusters and only change the values for the variables that are different between environments.

• Template: microservice
• Created ABP Studio Version: 1.0.2
• Current ABP Studio Version: 1.1.2
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Run Install Libs: Yes
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

We're running the micro service template solution in AKS. How do we turn off the health-check messages? They're writing every 10 seconds which makes it difficult to find other log messages for debugging purposes

• Exception message and full stack trace: [20:29:17 INF] Executing endpoint 'Health checks' [20:29:17 INF] Executed endpoint 'Health checks' [20:29:17 INF] Request finished HTTP/1.1 GET http://cloverleafcms-st-apps-webgateway/health-status - 200 null application/json; charset=utf-8 0.3839ms [20:29:17 INF] Received HTTP response headers after 0.685ms - 200 [20:29:17 INF] End processing HTTP request after 1.0742ms - 200 [20:29:27 INF] Start processing HTTP request GET http://cloverleafcms-st-apps-webgateway/health-status [20:29:27 INF] Sending HTTP request GET http://cloverleafcms-st-apps-webgateway/health-status [20:29:27 INF] Request starting HTTP/1.1 GET http://cloverleafcms-st-apps-webgateway/health-status - null null [20:29:27 INF] Executing endpoint 'Health checks' [20:29:27 INF] Received HTTP response headers after 1.1401ms - 200 [20:29:27 INF] End processing HTTP request after 2.1929ms - 200 [20:29:27 INF] Executed endpoint 'Health checks' [20:29:27 INF] Request finished HTTP/1.1 GET http://cloverleafcms-st-apps-webgateway/health-status - 200 null application/json; charset=utf-8 1.594ms [20:29:37 INF] Start processing HTTP request GET http://cloverleafcms-st-apps-webgateway/health-status [20:29:37 INF] Sending HTTP request GET http://cloverleafcms-st-apps-webgateway/health-status [20:29:37 INF] Request starting HTTP/1.1 GET http://cloverleafcms-st-apps-webgateway/health-status - null null [20:29:37 INF] Executing endpoint 'Health checks' [20:29:37 INF] Executed endpoint 'Health checks' [20:29:37 INF] Request finished HTTP/1.1 GET http://cloverleafcms-st-apps-webgateway/health-status - 200 null application/json; charset=utf-8 0.531ms [20:29:37 INF] Received HTTP response headers after 0.877ms - 200 [20:29:37 INF] End processing HTTP request after 1.2642ms - 200
• Steps to reproduce the issue:

Applications using HealthChecks.UI.Client; using Microsoft.AspNetCore.Diagnostics.HealthChecks;

Solution Configuration

• Template: microservice
• Created ABP Studio Version: 1.0.2
• Current ABP Studio Version: 1.1.0
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Run Install Libs: Yes
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

This just started happening, perhaps with my upgrade to Abp Studio Version 1.1.1.

If I create a new Microservice module in our existing solution created with the Micorservice Template, then use Abp Suite to generate the CRUD entities it isn't automatically seeding the permission grants database for the 'admin' role like it has in the past.

It is adding the permission group and permissions though.

Also, in the MVC web UI, the new permission group and permissions aren't showing so they can't be assigned to the manually.

Steps to reproduce:

Add a new Microservice module to an existing Microservice solution. Add a new entity and properties using Abp Suite. Generate the solution updates and migrations. Run the new microservice service on localhost Run a sql query to get the permission group, permissions and permission grants from the Administration database SELECT * FROM [CloverleafCMS__ST_Administration].[dbo].[AbpPermissionGroups] WHERE [DisplayName] LIKE '%TestS%' ORDER BY [Name]

SELECT * FROM [CloverleafCMS__ST_Administration].[dbo].[AbpPermissions] WHERE [Name] LIKE '%Items%' ORDER BY [GroupName], [Name]

SELECT * FROM [CloverleafCMS__ST_Administration].[dbo].[AbpPermissionGrants] -- WHERE [TenantId] IS NOT NULL -- AND [ProviderKey] != 'admin' WHERE [Name] LIKE '%.Items%' ORDER BY [TenantId], [ProviderKey], [Name]

However when I log in as admin in the host tenant the new permission group isn't available for assigning to a role.

I cleared my browser cache and it's still not showing.

• Template: microservice
• Created ABP Studio Version: 1.0.1
• Current ABP Studio Version: 1.0.1
• Multi-Tenancy: Yes
• UI Framework: mvc
• Theme: leptonx
• Theme Style: system
• Theme Menu Placement: side
• Run Install Libs: Yes
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: none
• Public Website: No
• Social Login: Yes
• Include Tests: Yes
• Dynamic Localization: Yes
• Kubernetes Configuration: Yes
• Grafana Dashboard: Yes
• Use Local References: No
• Optional Modules:
  • GDPR
  • TextTemplateManagement
  • AuditLogging
  • OpenIddictAdmin
• Selected Languages: English, English (United Kingdom), Español
• Default Language: English
• Create Command: abp new ClovlerleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

• Exception message and full stack trace:
• Unable to open Abp Suite
• Steps to reproduce the issue:
  • Upgraded to Abp Studio 1.0
  • Create new microservice solution
  • Add a microservice module
  • Right click on the new microservice and select ABP Suite
  • After a few seconds get an error message "Couldn't open ABP Suite"

• Exception message and full stack trace: 4/21/2025 8:31:05 PM [Information] Request starting "HTTP/1.1" "GET" "http"://"localhost:44378""""/api/identity/users""" - null null 4/21/2025 8:31:05 PM [Debug] Get dynamic claims cache for tenant: 6271b9cb-31a4-07e1-e895-3a18325419b0 4/21/2025 8:31:05 PM [Debug] Get dynamic claims cache for user: b7a3c0e6-0b62-1904-314a-3a196bd42430 4/21/2025 8:31:05 PM [Debug] SessionId(4803aa26-2539-4cc7-a833-b5c08567966e) found in cache, Updating hit count(2), last access time(4/21/2025 3:31:05 PM) and IP address(::1). 4/21/2025 8:31:05 PM [Information] Executing endpoint '"Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)"' 4/21/2025 8:31:05 PM [Information] Route matched with "{area = "identity", controller = "User", action = "GetList"}". Executing controller action with signature "System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput)" on controller "Volo.Abp.Identity.IdentityUserController" ("Volo.Abp.Identity.Pro.HttpApi"). 4/21/2025 8:31:05 PM [Debug] PermissionStore.GetCacheItemAsync: pn:U,pk:b7a3c0e6-0b62-1904-314a-3a196bd42430,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Debug] Found in the cache: pn:U,pk:b7a3c0e6-0b62-1904-314a-3a196bd42430,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Debug] PermissionStore.GetCacheItemAsync: pn:R,pk:identitytest,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Debug] Found in the cache: pn:R,pk:identitytest,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Debug] PermissionStore.GetCacheItemAsync: pn:C,pk:CloverleafApi,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Debug] Found in the cache: pn:C,pk:CloverleafApi,n:AbpIdentity.Users 4/21/2025 8:31:05 PM [Information] Authorization failed. "These requirements were not met: PermissionRequirement: AbpIdentity.Users" 4/21/2025 8:31:05 PM [Warning] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010001", "message": "Authorization failed! Given policy has not granted.", "details": null, "data": null, "validationErrors": null } 4/21/2025 8:31:05 PM [Warning] Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy) at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context) at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation) at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Auditing.AuditingInterceptor.ProceedByLoggingAsync(IAbpMethodInvocation invocation, AbpAuditingOptions options, IAuditingHelper auditingHelper, IAuditLogScope auditLogScope) at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at lambda_method5120(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 4/21/2025 8:31:05 PM [Warning] Code:Volo.Authorization:010001 4/21/2025 8:31:05 PM [Information] AuthenticationScheme: "Bearer" was forbidden.

• Steps to reproduce the issue:

  • Create a microservice solution using Abp Studio

  • Create a user with admin role assigned in SaaS tenant

  • Get a token for the user in a SaaS tenant This the decoded JwT { "header": { "alg": "RS256", "kid": "", "x5t": "", "typ": "at+jwt" }, "payload": { "iss": "http://localhost:44311/", "aud": [ "AuthServer", "IdentityService", "ServicesService", "SaasService", "AuditLoggingService", "GdprService", "LanguageService" ], "scope": "AdministrationService AuditLoggingService AuthServer ClientService GdprService IdentityService LanguageService SaasService", "jti": "", "sub": "", "preferred_username": "testuser", "email": "", "role": "admin", "tenantid": "6271b9cb-31a4-07e1-e895-3a18325419b0", "given_name": "", "family_name": "", "phone_number_verified": "False", "email_verified": "False", "session_id": "", "unique_name": "", "oi_prst": "", "client_id": "", "oi_tkn_id": "" } }

  • Use Postman to call any identity service api with the token. For example GET api/idenity/users

  • Call returns a 403 Forbidden error

  • Create a user with admin role assigned in host tenant

  • Get a token for a user in the host

This is the decoded JwT (note: no tenantid) { "header": { "alg": "RS256", "kid": "", "x5t": "", "typ": "at+jwt" }, "payload": { "iss": "http://localhost:44311/", "aud": [ "AuthServer", "IdentityService", "ServicesService", "SaasService", "AuditLoggingService", "GdprService", "LanguageService" ], "scope": "AdministrationService AuditLoggingService AuthServer ClientService GdprService IdentityService LanguageService SaasService", "jti": "", "sub": "", "preferred_username": "testadmin", "email": "", "role": "admin", "given_name": "", "family_name": "", "phone_number_verified": "False", "email_verified": "False", "session_id": "", "unique_name": "", "oi_prst": "", "client_id": "", "oi_tkn_id": "" } }

* Call the same identity api (GET api/idenity/users)
* Response returns the users in the host tenant

Here is the output from the Sql query on the Identity database SELECT * from [CloverleafCMSv2_Administration].[dbo].[AbpPermissionGrants] -- where (tenantId = 'dcb36c08-67ab-fa76-77dd-3a167cb44820' or tenantId = 'a3e9728b-d264-c114-b53c-3a13ab178ad2') where tenantId = '6271b9cb-31a4-07e1-e895-3a18325419b0' -- and ProviderName='R' and ProviderKey = 'admin' and Name like '%users%' order by tenantid, ProviderKey, Name

[ { "Id": "77a456bf-0e82-9808-104a-3a1832542987", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "0cfb4925-ce70-cabd-fa68-3a1832542989", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Create", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "f35e6343-104d-f03e-9d37-3a183254298d", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Delete", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "fdaf8b58-fcef-6eab-25c5-3a1832542993", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Export", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "e183ace3-8b4c-2cec-3446-3a1832542991", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Impersonation", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "38450b83-4e1e-1772-d0ce-3a1832542992", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Import", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "39fe41c3-daf4-cf05-a2a8-3a183254298f", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.ManagePermissions", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "032aaafe-0dce-42c9-4a04-3a183254298a", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Update", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "c1894400-a3b2-826e-0937-3a183254298c", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Update.ManageOU", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "5e5f7716-49ee-a8e9-06eb-3a183254298b", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.Update.ManageRoles", "ProviderName": "R", "ProviderKey": "admin" }, { "Id": "4fcd8817-8f4f-0d7b-dea3-3a1832542995", "TenantId": "6271b9cb-31a4-07e1-e895-3a18325419b0", "Name": "AbpIdentity.Users.ViewDetails", "ProviderName": "R", "ProviderKey": "admin" } ]

Provide us with the following info:

• Template: app-nolayers

• Created ABP Studio Version: 0.9.25

• Current ABP Studio Version: 0.9.25

• Multi-Tenancy: Yes

• UI Framework: mvc

• Theme: leptonx

• Theme Style: system

• Run Install Libs: Yes

• Database Provider: ef

• Database Management System: sqlserver

• Create Initial Migration: Yes

• Run Db Migrator: Yes

• Use Local References: No

• Optional Modules:

  • GDPR
  • TextTemplateManagement
  • LanguageManagement
  • AuditLogging
  • OpenIddictAdmin

• Exception message and full stack trace:

From Abp Suite Modules tab: Module management is not supported for the current solution's template type

• Steps to reproduce the issue:
• Created solution in Abp Studio using multiple layer template
• Opened Abp Suite
• Clicked on Modules tab