hi
I can share the source code of the
Impersonateclasses.You can debug it in your local.
Send the class name to liming.ma@volosoft.com
I just emailed
hi
Can you share a project?
liming.ma@volosoft.com
do u want just Auth server one or entire, becoz our is very big one with mutiple micro services so sharing may not be possible.
ok. thanks
This is what we are getting, let us know if u need any more info.
It's weird.
Can you debug the app and inject the
IOptions<AbpAccountOptionsto see its values?
ok will check and update u
hi
The log says : Require
AbpIdentity.Userspermission to impersonate user!",What's your
ImpersonationUserPermissionvalue?Eg:
context.Services.Configure<AbpAccountOptions>(options => { //For impersonation in Saas module options.TenantAdminUserName = "admin"; options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation; //For impersonation in Identity module options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation; });
we are using the below
and added below as well in auth server
hi
These are the roles of your access_token.
Do they have the correct permissions?
"role": [ "HSE Manager", "HSE Review", "HSE Team", "Super Administrator", "Vehicle Maintainance Team" ],
Yes those are having proper permissions and rest all functionalities are working fine
hi
Require AbpIdentity.Users permission to impersonate user! These requirements were not met:
Does the user have the related permissions?
Can you share a
access_tokento liming.ma@volosoft.com
Yes permission is provided
sharing the access-token over the email in few minutes
hi
IDX10214: Audience validation failed. A Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'.
Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'.
Your
access_tokenseems to be missing theAccountServiceaudience.
Aftering doing the suggisted change
we are getting the below issues for our services
PermissionRequirement: EmployeeService.Employees.Create
2024-01-22 12:58:41.151 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: EmployeeService.Employees.Create
2024-01-22 12:58:41.174 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.178 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: EmployeeService.Employees.Create
2024-01-22 12:58:41.206 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.207 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.208 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.208 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.208 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.208 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:41.211 +05:30 [WRN] Could not find the localization resource LeptonX on the remote server!
2024-01-22 12:58:42.601 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: ObservationsService.Observations
2024-01-22 12:58:42.601 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: IncidentService.IncidentManagements
2024-01-22 12:58:42.601 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: InspectionService.AuditsManagements
2024-01-22 12:58:42.602 +05:30 [INF] Authorization failed. These requirements were not met:
PermissionRequirement: InspectionService.InspectionManagements
Still we proceeded and tried the same but getting the below error as well
{ "code": "Volo.Account:RequirePermissionToImpersonateUser", "message": "Require AbpIdentity.Users permission to impersonate user!", "details": null, "data": { "PermissionName": "AbpIdentity.Users" }, "validationErrors": null }
My first question is this functionality and steps valid for ABP7?
the log is as follows
2024-01-17 17:38:46.244 +05:30 [INF] IDX10242: Security token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' has a valid signature.
2024-01-17 17:38:46.244 +05:30 [INF] IDX10239: Lifetime of the token is valid.
2024-01-17 17:38:46.244 +05:30 [ERR] IDX10214: Audience validation failed. Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'. Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'.
2024-01-17 17:38:46.245 +05:30 [INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'IdentityService, AdministrationService, SaasService, EmployeeService, IncidentService, AttachmentService, ObservationsService, ActionService, UserTaskService, HSEPlansService, NCRService, CustomerService, InspectionService, Forms, FileManagement, AuthServer, RMService, TMService, PTWService'. Did not match: validationParameters.ValidAudience: 'AccountService' or validationParameters.ValidAudiences: 'null'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateAudience(IEnumerable`1 audiences, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
--- End of stack trace from previous location ---
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, JwtSecurityToken outerToken, TokenValidationParameters validationParameters, SecurityToken& signatureValidatedToken)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
has context menu
Please advise.
Hi,
Sorry for that, I forgot it is not included in the downloaded source code.
You can tell me which files you want to remove and I will repackage and share it with you
Thats fine, actually we would like to exclude webpack://leptonx/./node_modules/perfect-scrollbar/dist/perfect-scrollbar.esm.js
Also, I have some suggitions
