Activities of "viswajwalith"

hi

I think you should replace all AccountService with AuthServer

We tried this, We replaced AccountService with AuthServer and logged in with User A. We try to Impersonate user B, it taking us to Authserver login page(https://localhost:44322/Account/Login), there are no errors in log file.

hi

You need to use a existing scope eg AuthServer

context.Services.AddAuthentication()  
    .AddJwtBearer(options =>  
    {  
        options.Authority = configuration["AuthServer:Authority"];  
        options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);  
        options.Audience = "AuthServer";  
    });  

Thanks for the quick response, below is our Auth server Audiance, do we need to replace 'AccountService' with 'AuthServer' or we need to add new Audiance 'AuthServer'?

hi

Your JwtBearer requires an AccountService audience.

context.Services.AddAuthentication() 
    .AddJwtBearer(options => 
    { 
        options.Authority = configuration["AuthServer:Authority"]; 
        options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); 
        options.Audience = "AccountService"; 
    }); 

but your access token doesn't have this audience.

By the way, does AccountService exist in your identity server?

AccountService does not exist in our identity server, We upgraded our Application from Version 5.1.3 to 7.3.2 and there was no AccountService in 5.1.3, Can you please what will be the best possiblesolution

https://identityserver4.readthedocs.io/en/docs-preview/search.html?q=audience&check_keywords=yes&area=default

Thanks for the inputs, We will check and update accordingly

Hi Sry for delay,

I sahred the code to your email liming.ma@volosoft.com (via WeTransfer)

hi

You can try to add AccountService here

If we add 'AccountService', we are getting this error: 2024-01-25 11:56:57.402 +05:30 [ERR] Scope AccountService not found in store. 2024-01-25 11:56:57.402 +05:30 [ERR] Request validation failed

Without 'AccountService', we are getting this error: 2024-01-25 12:01:34.565 +05:30 [INF] Executing endpoint '/Account/ImpersonateUser' 2024-01-25 12:01:34.567 +05:30 [INF] Route matched with {page = "/Account/ImpersonateUser", action = "", controller = "", area = ""}. Executing page /Account/ImpersonateUser 2024-01-25 12:01:34.567 +05:30 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2024-01-25 12:01:34.582 +05:30 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.ImpersonateUserModel.OnGetAsync - ModelState is "Valid" 2024-01-25 12:01:34.586 +05:30 [INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'. Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'. at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateAudience(IEnumerable1 audiences, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown) --- End of stack trace from previous location --- at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() 2024-01-25 12:01:34.586 +05:30 [INF] Bearer was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'. Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'. 2024-01-25 12:01:34.600 +05:30 [WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Account:RequirePermissionToImpersonateUser", "message": "Require AbpIdentity.Users.Impersonation permission to impersonate user!", "details": null, "data": { "PermissionName": "AbpIdentity.Users.Impersonation" }, "validationErrors": null }

2024-01-25 12:01:34.600 +05:30 [WRN] Exception of type 'Volo.Abp.BusinessException' was thrown. Volo.Abp.BusinessException: Exception of type 'Volo.Abp.BusinessException' was thrown. at Volo.Abp.Account.Web.Pages.Account.IdentityServerImpersonateUserModel.OnGetAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) 2024-01-25 12:01:34.658 +05:30 [WRN] Code:Volo.Account:RequirePermissionToImpersonateUser 2024-01-25 12:01:34.658 +05:30 [WRN] Details: 2024-01-25 12:01:34.660 +05:30 [WRN] ---------- Exception Data ---------- PermissionName = AbpIdentity.Users.Impersonation

We Upgraded our application from 5.1.3 to 7.3.2 and We are using 'AuthServer' not using 'AccountService' in Scopes

hi

Your problem is not related to the permissions but access_token

Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'.

Audience validation failed. Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'.

Hi didnt get what exactly you mean too, can you please explain in much detail and let us know the probable fix./change

hi

Please share the HTTP request info of this error, then I will send your source code.

{ 
"code": "Volo.Account:RequirePermissionToImpersonateUser", 
"message": "Require AbpIdentity.Users permission to impersonate user!" 
} 

Please find the further details shared over ur email, due to length constraint I shared over email

hi

I can share the source code of the Impersonate classes.

You can debug it in your local.

Send the class name to liming.ma@volosoft.com

I just emailed

hi

Can you share a project?

liming.ma@volosoft.com

do u want just Auth server one or entire, becoz our is very big one with mutiple micro services so sharing may not be possible.