We would like to understand the http request flow between Web(MVC UI) Layer and WebGateway.
From the microservice solution perspective, WebUI (I am assuming you mean public-web application) is not a layer but an application.
Can you please provide more details on communication between WebUI & WebGateway (for http requests) and relevant code which passes Barer token etc...
I think you want to learn generally how the proxying works; how an HTTP request is done, headers are set and forwarded; not just microservice specific. So I will try to explain better.
Your request is created by ClientProxyBase (or DynamicHttpProxyInterceptor if you are using dynamic proxying):
protected IRemoteServiceHttpClientAuthenticator ClientAuthenticator => LazyServiceProvider.LazyGetRequiredService<IRemoteServiceHttpClientAuthenticator>(); protected virtual async Task<HttpContent> RequestAsync(ClientProxyRequestContext requestContext) { ... // Gets the remote service configuration RemoteServiceConfigurationProvider.GetConfigurationOrDefaultAsync(clientConfig.RemoteServiceName); // Creates the HttpClient service configuration var client = HttpClientFactory.Create(clientConfig.RemoteServiceName); ... // Authentication headers are forwarded or set in here based on remoteServiceConfig if (requestContext.Action.AllowAnonymous != true) { await ClientAuthenticator.Authenticate( new RemoteServiceHttpClientAuthenticateContext( client, requestMessage, remoteServiceConfig, clientConfig.RemoteServiceName ) ); } ... }IRemoteServiceHttpClientAuthenticator is implemented by:
- IdentityModelRemoteServiceHttpClientAuthenticator under Volo.Abp.Http.Client.IdentityModel module:
await IdentityModelAuthenticationService.TryAuthenticateAsync( context.Client, context.RemoteService.GetIdentityClient() ?? context.RemoteServiceName );Uses IdentityModelAuthenticationService to authenticate the service as below:
public async Task<bool> TryAuthenticateAsync( [NotNull] HttpClient client, string identityClientName = null) { var accessToken = await GetAccessTokenOrNullAsync(identityClientName); if (accessToken == null) { return false; } SetAccessToken(client, accessToken); return true; } protected virtual void SetAccessToken(HttpClient client, string accessToken) { //TODO: "Bearer" should be configurable client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); }
- HttpContextIdentityModelRemoteServiceHttpClientAuthenticator under Volo.Abp.Http.Client.IdentityModel.Web module that extends
IdentityModelRemoteServiceHttpClientAuthenticatorand handles authentication when HTTP context is available (For UI based applications like Razor/MVC):public override async Task Authenticate(RemoteServiceHttpClientAuthenticateContext context) { if (context.RemoteService.GetUseCurrentAccessToken() != false) { var accessToken = await GetAccessTokenFromHttpContextOrNullAsync(); if (accessToken != null) { context.Request.SetBearerToken(accessToken); return; } } await base.Authenticate(context); } protected virtual async Task<string> GetAccessTokenFromHttpContextOrNullAsync() { var httpContext = HttpContextAccessor?.HttpContext; if (httpContext == null) { return null; } return await httpContext.GetTokenAsync("access_token"); }
- There is also AccessTokenProviderIdentityModelRemoteServiceHttpClientAuthenticator under Volo.Abp.Http.Client.IdentityModel.WebAssembly module that extends
IdentityModelRemoteServiceHttpClientAuthenticatorand usesIAccessTokenProviderfor getting/setting authorization headers for blazor applications.Basically, how to set the authorization header is based on application type;
- Server-to-server communication without HTTP context uses
Volo.Abp.Http.Client.IdentityModelmodule- MVC/Razor application uses
Volo.Abp.Http.Client.IdentityModel.Webmodule- Blazor application uses
Volo.Abp.Http.Client.IdentityModel.WebAssemblymodule
Thanks for the details, now we are able to over ride the specific method to add additional headers (in our sample solution) . Thanks for the support
After that work around, it worked fine. by the way the issue is because of PageResultDTO, when we are having that API definition with references is showing with List'[] and it violates Open API definition rules. So we had to restrict full path definitions in references.
The trick is to add below code
//options.CustomSchemaIds(type => type.FullName); (comment this)
options.UseAllOfToExtendReferenceSchemas(); (add this)
What error do you get when you use it in shared project?
We got below error when paring the swagger json file (definition)
Parsing error(s): The key 'Volo.Abp.Application.Dtos.ListResultDto1[[Volo.Abp.Account.LinkUserDto, Volo.Abp.Account.Pro.Public.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.ListResultDto1[[Volo.Abp.Identity.IdentityRoleDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.ListResultDto1[[Volo.Abp.Identity.OrganizationUnitWithDetailsDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.ListResultDto1[[Volo.Abp.LanguageManagement.Dto.LanguageDto, Volo.Abp.LanguageManagement.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.ListResultDto1[[Volo.Abp.Users.UserData, Volo.Abp.Users.Abstractions, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[TestURI.Employees.EmployeeDto, TestURI.Application.Contracts, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.AuditLogging.AuditLogDto, Volo.Abp.AuditLogging.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.AuditLogging.EntityChangeDto, Volo.Abp.AuditLogging.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.ClaimTypeDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.IdentityRoleDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.IdentitySecurityLogDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.OrganizationUnitWithDetailsDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.IdentityServer.ApiResource.Dtos.ApiResourceWithDetailsDto, Volo.Abp.IdentityServer.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.IdentityServer.ApiScope.Dtos.ApiScopeWithDetailsDto, Volo.Abp.IdentityServer.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.IdentityServer.Client.Dtos.ClientWithDetailsDto, Volo.Abp.IdentityServer.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.IdentityServer.IdentityResource.Dtos.IdentityResourceWithDetailsDto, Volo.Abp.IdentityServer.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.LanguageManagement.Dto.LanguageDto, Volo.Abp.LanguageManagement.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.LanguageManagement.Dto.LanguageTextDto, Volo.Abp.LanguageManagement.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.TextTemplateManagement.TextTemplates.TemplateDefinitionDto, Volo.Abp.TextTemplateManagement.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Saas.Host.Dtos.EditionDto, Volo.Saas.Host.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9\.\-_]+$'. [#/components] The key 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Saas.Host.Dtos.SaasTenantDto, Volo.Saas.Host.Application.Contracts, Version=5.1.4.0, Culture=neutral, PublicKeyToken=null]]' in 'schemas' of components MUST match the regular expression '^[a-zA-Z0-9.-_]+$'. [#/components]
Parsing error(s): The input OpenAPI file is not valid for the OpenAPI specification https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md (schema https://github.com/OAI/OpenAPI-Specification/blob/master/schemas/v3.0/schema.yaml).
We handled this by adding below code
private static void ConfigureSwagger(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAbpSwaggerGenWithOAuth(
configuration["AuthServer:Authority"],
new Dictionary<string, string>
{
{"HeadersSample", "HeadersSample API"}
},
options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "HeadersSample API", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
//options.CustomSchemaIds(type => type.FullName);
options.UseAllOfToExtendReferenceSchemas();
});
}
Volo.Abp.Http.Client.IdentityModel
Thanks for the detailed explanation, Yes this is what we expected. I am going through the details will let you know in case of any queries
You may want to check these framework modules:
Can you please validate our understanding which I mentioned in my Question Posting.
I found one work around. If we use the below option then it is getting sorted
but in our microservice template if we do the same in SwaggerConfigurationHelper.cs this is not working out, we had to define the same in every micro service. are we missing anything?
hi
Is there any possibility to refresh user to update claims in CurrentUser
This seems impossible, you can consider accessing these dynamic values in the cache
Thanks for the update.
I have no experience nor knowledge about Azure APIM. Token is sent on the header automatically when you start the request from the application. If gateway doesn't manipulate the request headers and just redirects; there shouldn't be any problem.
Ok, can you refer a code or sample if we would like to pass additional headers while redirecting to webapi
HI
Can you check the
web.config?https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments?view=aspnetcore-6.0#windows---use-webconfig
By default we don't have any value for "environment" defined in web.config. If we add the below additional settings in web.config the environment is picking as defined in the file
Setting the deployment environment in a web.config is one of the option but ideally it should pick from Environment Variable right? also for us defining in every microservice is bit lengthy process. can u check the same at ur end and let me know the possible fix for the same.
Hi I found the issue, I made a silly mistake. created the user environment variable insisted of system environment variable. Once I created the ASPNETCORE_ENVIRONMENT under system environment variable it worked perfectly.
Thanks for the support.
HI
Can you check the
web.config?https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments?view=aspnetcore-6.0#windows---use-webconfig
By default we don't have any value for "environment" defined in web.config. If we add the below additional settings in web.config the environment is picking as defined in the file
Setting the deployment environment in a web.config is one of the option but ideally it should pick from Environment Variable right? also for us defining in every microservice is bit lengthy process. can u check the same at ur end and let me know the possible fix for the same.
