Activities of "viswajwalith"

1. We did not find any ETOs for IdentityUserOrganizationUnit and IdentityUserRole to implement DistributedEventHandler.

2. We are using default ABP API for User creation and Edit. We are facing performance issue when we have hundreds of organization units. We've observed that LocalEventHandler is triggering for every organization unit assignment/removal in User create/edit. Is Default API using Batch Processing for organization unit assignment/removal or else need to inplement explicitly by overriding default API.

Any guidance or clarification on this would be greatly appreciated.

Some how we are able to make the things working with Idenity4 server after upgrade to ABP 9 .

We made changes in Auth server module file

and in JwtBearerConfigurationHelper.cs we have added additional options

After the above changes Login worked perfectly and things are perfect till Auth Server ad Web,

But we we are calling the API's from different services we observed that ICurrentUser object is coming but with null values for Id, Email etc, Also IsAuthenticated also coming as false so services are not respeoning as expected. Any idea what we might have missed?

We can find the Roles in Log, but when we inject CurrentUser in AppService, not able find the roles.

[liming.ma@volosoft.com] said: hi

The Microsoft logs level still not Debug

Please use the log configuration code below.

var loggerConfiguration = new LoggerConfiguration() 
    .MinimumLevel.Debug() 
    .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning) 
    .Enrich.FromLogContext() 
    .WriteTo.Async(c => c.File("Logs/logs.txt")) 

2025-06-30 19:52:16.805 +05:30 [INF] Request starting HTTP/1.1 GET http://localhost:44371/api/employee-service/dashboard-pages?PageId=HOMEDASHBOARD&SkipCount=0&MaxResultCount=20000&api-version=1.0 - null 0 
 
2025-06-30 19:52:17.252 +05:30 [INF] Executing endpoint 'Exceego.EHSWatch.AppV3.EmployeeService.Controllers.DashboardPages.DashboardPageController.GetListAsync (Exceego.EHSWatch.AppV3.EmployeeService.HttpApi)' 
 
2025-06-30 19:52:18.685 +05:30 [INF] Authorization failed. These requirements were not met: 
PermissionRequirement: EmployeeService.CustomReports 
 
2025-06-30 19:52:19.936 +05:30 [INF] Request finished HTTP/1.1 GET https://localhost:44371/api/employee-service/dashboard-pages?PageId=HOMEDASHBOARD&SkipCount=0&MaxResultCount=20000&api-version=1.0 - 403 0 null 3131.5555ms 

These requirements were not met: PermissionRequirement: EmployeeService.CustomReports

Does your current user have EmployeeService.CustomReports permission?

If the 403 error only happened on Exceego.EHSWatch.AppV3.EmployeeService.HttpApi.Host. website.

Please enable the Debug log level and share again.

Also output some info to the logs.

app.UseAuthentication(); 
 
app.Use(async (httpContext, next) => 
{ 
    var logger = httpContext.RequestServices.GetRequiredService<ILogger<EmployeeServiceHttpApiHostModule>>(); 
    var claims = httpContext.User.Claims.Select(x => new { x.Type, x.Value }).ToList(); 
    logger.LogError("HttpContext.User Claims:"); 
    logger.LogError(JsonSerializer.Serialize(claims)); 
 
    var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>().GetAllClaims().Select(x => new { x.Type, x.Value }).ToList(); 
    logger.LogError("Current User Claims:"); 
    logger.LogError(JsonSerializer.Serialize(currentUser)); 
 
 
    var userid = AbpClaimTypes.UserId; 
    var username = AbpClaimTypes.UserName; 
    var roleClaimType = AbpClaimTypes.Role; 
 
    logger.LogError($"UserId Claim Type: {userid}"); 
    logger.LogError($"UserName Claim Type: {username}"); 
    logger.LogError($"Role Claim Type: {roleClaimType}"); 
 
    var authorizationHeader = httpContext.Request.Headers["Authorization"]; 
    logger.LogError(!string.IsNullOrEmpty(authorizationHeader) 
        ? $"Authorization Header: {authorizationHeader}" 
        : "Authorization Header is missing or empty."); 
 
    await next(httpContext); 
}); 

Thanks.

sent the logs to ur email, Thanks

1. We have upgraded our application from 7.3.2 to 9.2.0
2. We are continue to use IdentityServer (we did not Migrated to OpenIddict).
3. We are not using any external login.
4. After upgrade from 7.3.2 to 9.2.0, we were missing the sub and role claims in Back Office Web. We have managed to get thsese claims by adding below code in Back Office Web in AddAbpOpenIdConnect configuration. options.ClaimActions.MapJsonKey("sub", AbpClaimTypes.UserId); options.ClaimActions.MapJsonKey("role", "role");
5. One of our Micro service called 'Employee Service' have 'EmployeeService.CustomReports' permission and this permission is given to a role and that role assigned to the logged in user. We are able to get that permission from JS, because in Back office web we mapped the roles. But when we check in Employee Service(Micro service), we are missing the roles in claims/CurrentUser, because of this we are not getting the permission.
6. After upgrade from 7.3.2 to 9.2.0, we are facing this in Employee Service.

Are we missing anything to get Roles claims/CurrentUser in Employee Service?

Hi,

Sent you email.

[liming.ma@volosoft.com] said: hi

Add it to the project that has forbidden erros And can you share the debug logs for forbidden erros?

https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

Thanks.

Hi We have added the code in both web and one of the service still getting the autorization error, I have emails the log files to ur email id

[liming.ma@volosoft.com] said:

If we check the permissions in JS we are able to see the proper permissions but not at backend so getting forbidden erros.

Sorry for that. I missed it.

Can you check the claims value and type by adding a custom middleware after UseAuthentication?

app.UseAuthentication(); 
 
app.Use(async (httpContext, next) => 
{ 
    var claims = httpContext.User.Claims; 
    var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>().GetAllClaims(); 
     
    var userid = AbpClaimTypes.UserId; 
    var username = AbpClaimTypes.UserName; 
    var roleClaimType = AbpClaimTypes.Role; 
     
    await next(httpContext); 
}); 
 

Thanks.

Thanks for the quick response, I belive this need to be added in Web Module file right. will give a try and update you back.

[liming.ma@volosoft.com] said: hi

Removing IdentityServer4 from the Back office Web project will fix this error.

As you can see. the IdentityServer4 is used in your Back office Web project

As I mentioned earlier, we have overcome this issue by assigning the claims again but now facing the permissions issue

[liming.ma@volosoft.com] said: hi

Please try to remove IdentityServer4 from Back office Web project first.

Then, the claims problem you can see https://abp.io/community/articles/how-claim-type-works-in-asp-net-core-and-abp-framework-km5dw6g1

Thanks.

Hi, Thanks for the response but I feel there is some miss-understanding, still we tried to find the reference for IdentityServer4 across our web project but no where we found that. If you can elobrate much more that might be useful.

Our Back Office Web Project has a reference to IdentityServer Web and Web dosent have reference to Identity4 and we checked over there as well but not able to find any clue

Also we are not in a plans to OpenIdDict and want to continue with IdentityServer4 for now. Do u think still IdentityServer4 need to be removed from web project?