Activities of "AlderCove"

Hi - any thoughts?

I sent the project link to info@abp.com.

Here are some more details on the exception that occurs when the RedirectAllowedUrls setting is added for the public website:

I created a new project with abp suite and was able to isolate the issue a little better.

ABP Framework version: v5.1.4 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes Public website: yes

Running in locally with Null Email Sender in use.

The issue arises in the following scenario:

1. Navigate to the web public page
2. Click Login (navigates to Identity server)
3. Click Forgot password
4. Enter email for password reset
5. Copy & paste the password reset link from the Identity Server log into browser (ie. https://localhost:44349/Account/ResetPassword?userId=bcece16c-6098-6c0c-1ad3-3a045aecf37c&__tenant=&resetToken=CfDJ8PxMEPuK7GlJjYKAHwu3dDapqpsWhVzKFziM6xXtptAvMFgXVCOc%2BIIWnBiY1Uq0GDOOmno4yc99Ur26Zu4GCQPTDDino5Ix8dGgf6meYEtyXo%2FpH0VQlhB3C%2F0Rhy6h0lfn6lFkXK0yqHQGjTIB22xWUfYlzljkJDmCc%2FFy%2BuOR5PV8sMSKOvkUPz6T0bwUUCtrg1qRgKgL5l%2FeUWdijBcffVip%2B1nRPJ2ijhnVqS0j&returnUrl=https://localhost:44306/signin-oidc)
6. On Reset Password page, enter new password
7. On Reset Pasword Confirmation page, press Go to the application
8. On Login page, enter credentials and Login.
9. System redirects to the Identity Server page (even though the return url in the password reset is to the public website "https://localhost:44306/signin-oidc")

As a result of this issue, we had added a redirect setting (https://localhost:44306) in the appsettings for the identity server project:

"RedirectAllowedUrls": "http://localhost:4200,https://localhost:44307,https://localhost:44306"

When the redirect url is added, the exception described above is thrown (RemoteAuthentication: OpenIdConnectAuthenticationHandler: message.State is null or empty.).

We also tried with the RedirectAllowedUrl of "https://localhost:44306/signin-oidc" with the same result.

private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
    context.Services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
        .AddCookie("Cookies", options =>
        {
            options.ExpireTimeSpan = TimeSpan.FromDays(365);
        })
        .AddAbpOpenIdConnect("oidc", options =>
        {
            options.Authority = configuration["AuthServer:Authority"];
            options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;

            options.ClientId = configuration["AuthServer:ClientId"];
            options.ClientSecret = configuration["AuthServer:ClientSecret"];

            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.Scope.Add("role");
            options.Scope.Add("email");
            options.Scope.Add("phone");
            options.Scope.Add("Portal");
        });
}

I am encountering the same issue running the application locally, outside of docker.

a) Navigate to url:

https://localhost:44309/Account/Login?ReturnUrl=https%3A%2F%2Flocalhost%3A44306%2Fsignin-oidc

b) Login :

c) Exception:

d) web public log file:

2022-06-07 14:37:48.835 -07:00 [INF] Error from RemoteAuthentication: OpenIdConnectAuthenticationHandler: message.State is null or empty.. 2022-06-07 14:37:48.836 -07:00 [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> System.Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<

• ABP Framework version: v5.1.4
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

Upon logging into the Public Website (as result of a password reset or navigating to https://portal-identity-dev.com/Account/Login?returnUrl=https%3A%2F%2Fportal-web-public-dev.com%2Fsignin-oidc), the application returns to url ("https://portal-web-public-dev.com/signin-oidc") and a 500 Internal Server Error occurs:

In the public web server log:

2022-06-07 17:56:19.662 +00:00 [INF] Error from RemoteAuthentication: OpenIdConnectAuthenticationHandler: message.State is null or empty.. 2022-06-07 17:56:19.663 +00:00 [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> System.Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2022-06-07 17:56:19.663 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2022-06-07 17:56:19.663 +00:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). 2022-06-07 17:56:19.667 +00:00 [WRN] Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration. 2022-06-07 17:56:19.667 +00:00 [INF] Start processing HTTP request GET "https://portal-api-dev.com/api/abp/application-configuration?api-version=1.0" 2022-06-07 17:56:19.667 +00:00 [INF] Sending HTTP request GET "https://portal-api-dev.com/api/abp/application-configuration?api-version=1.0" 2022-06-07 17:56:20.299 +00:00 [INF] Received HTTP response headers after 631.6003ms - 200 2022-06-07 17:56:20.299 +00:00 [INF] End processing HTTP request after 631.8429ms - 200 2022-06-07 17:56:20.436 +00:00 [INF] Executing ViewResult, running view ~/Views/Error/500.cshtml. 2022-06-07 17:56:20.452 +00:00 [WRN] Could not find IdentityClientConfiguration for CmsKitPublic. Either define a configuration for CmsKitPublic or set a default configuration. 2022-06-07 17:56:20.452 +00:00 [INF] Start processing HTTP request GET "https://portal-api-dev.com/api/cms-kit-public/menu-items?api-version=1.0" 2022-06-07 17:56:20.452 +00:00 [INF] Sending HTTP request GET "https://portal-api-dev.com/api/cms-kit-public/menu-items?api-version=1.0" 2022-06-07 17:56:20.485 +00:00 [INF] Received HTTP response headers after 33.3313ms - 200 2022-06-07 17:56:20.486 +00:00 [INF] End processing HTTP request after 33.559ms - 200 2022-06-07 17:56:20.491 +00:00 [INF] Executed ViewResult - view ~/Views/Error/500.cshtml executed in 54.2382ms.

Pressing the Login button navigates to the identity server and back again with a logged-in state.

I am using docker containers.

Identity server app settings: { "App": { "SelfUrl": "https://portal-identity-dev.com", "ClientUrl": "https://portal-web-public-dev.com", "CorsOrigins": "https://portal-app-dev.com,https://portal-api-dev.com,https://portal-identity-dev.com", "RedirectAllowedUrls": "https://portal-app-dev.com,https://portal-api-dev.com,https://portal-web-public-dev.com/signin-oidc" }, "AuthServer": { "Authority": "https://portal-identity-dev.com", "RequireHttpsMetadata": "false", "ValidIssuers": [ "https://portal-web-public-dev.com", "https://portal-app-dev.com", "https://portal-web-dev.com", "https://portal-api-dev.com" ] }, "ConnectionStrings": { "Default": "Server=XX\data1; Database=Portal; User=sa; Password=XX;" }, "Redis": { "Configuration": "redis" }, "StringEncryption": { "DefaultPassPhrase": "ZY4h7Pg08tNZWA0d" } }

Web Public appsettings: { "App": { "SelfUrl": "https://portal-web-dev.com" }, "RemoteServices": { "Default": { "BaseUrl": "https://portal-api-dev.com/" }, "AbpAccountPublic": { "BaseUrl": "https://portal-identity-dev.com/" } }, "Redis": { "Configuration": "redis" }, "AuthServer": { "Issuer": "https://portal-web-public.com", "Authority": "https://portal-identity-dev.com", "RequireHttpsMetadata": "true", "ClientId": "Portal_Web_Public_Tiered", "ClientSecret": "1q2w3e*", "ValidIssuers": [ "https://portal-web-public-dev.com", "https://portal-app-dev.com", "https://portal-web-dev.com", "https://portal-api-dev.com" ] }, "StringEncryption": { "DefaultPassPhrase": "ZY4h7Pg08tNZWA0d" } }

• ABP Framework version: v5.1.4
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

Hi

For our public website (MVC) project, the users should be directed to the dashboard after successfully logging in, instead of the default home page (index). We don't want them to always be redirected (as described here https://support.abp.io/QA/Questions/2011/Abp-Routing), just after the initial login. The user should be able to navigate to the home page after logging in without being redirected to the dashboard.

Can you please provide some assistance?

Thanks

This works - thanks!

hi

Can you direct share a template project with me? liming.ma@volosoft.com

I will check it locally.

sent shared link to your email. thx

• ABP Framework version: v5.2.1
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: This is a follow-up to my previous issue here, which was closed but not fully resolved: [https://support.abp.io/QA/Questions/2792/How-to-add-to-extend-the-Identity-Server-Personal-info-page#answer-c4fad5d5-e30a-85db-b30b-3a02e5558be9]

To reiterate, I am adding an extra property on the User Personal Info tab for Communication Language, that can be set by the user. I have the property displaying on the view component but updating the value throws an error:

Your request is not valid! The following errors were detected during validation. - The field Language is invalid.

• Steps to reproduce the issue:"

To replace the personal info tab, I did the following in the Identity Server project:

1. Created a new class MyAccountProfileManagementPageContributor that implements the IProfileManagementPageContributor interface and removes the framework supplied PersonalInfo tab and adds a custom version in place:

public class MyAccountProfileManagementPageContributor : IProfileManagementPageContributor
{
    public async Task ConfigureAsync(ProfileManagementPageCreationContext context)
    {
        var l = context.ServiceProvider.GetRequiredService<IStringLocalizer<AccountResource>>();

        context.Groups.Remove(context.Groups.First(x => x.Id == "Volo-Abp-Account-PersonalInfo"));

        context.Groups.Add(
            new ProfileManagementPageGroup(
                "Volo-Abp-Account-PersonalInfo",
                l["ProfileTab:PersonalInfo"],
                typeof(MyAccountProfilePersonalInfoManagementGroupViewComponent)
            )
        );
    }
}

2. Configured the module to add the MyAccountProfileManagementPageContributor, in the ConfigureServices method:

        Configure<ProfileManagementPageOptions>(options =>
        {
            options.Contributors.Add(new MyAccountProfileManagementPageContributor());
        });

3. Created a PortalIdentityDtoExtensions class and added the extra property to the relevant Dtos:

   public static void Configure()
    {
        OneTimeRunner.Run(() =>
        {
            ObjectExtensionManager.Instance

               .AddOrUpdateProperty<ProfileDto, Language>(AccountExtensionProperties.Language)
               .AddOrUpdateProperty<UpdateProfileDto, Language>(AccountExtensionProperties.Language)
               .AddOrUpdateProperty<MyPersonalInfoModel, Language>(AccountExtensionProperties.Language);
        });
    }

4. Configured the PortalIdentityDtoExtensions in the module:

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        PortalIdentityDtoExtensions.Configure();
    }

5. Created a version of the AccountProfilePersonalInfoManagementGroupViewComponent:

namespace Volo.Abp.Account.Public.Web.Pages.Account.Components.ProfileManagementGroup.PersonalInfo;

public class MyAccountProfilePersonalInfoManagementGroupViewComponent : AccountProfilePersonalInfoManagementGroupViewComponent
{
    public MyAccountProfilePersonalInfoManagementGroupViewComponent(
        IProfileAppService profileAppService): base(profileAppService)
    {
    }

    public override async Task<IViewComponentResult> InvokeAsync()
    {
        var user = await ProfileAppService.GetAsync();

        var model = ObjectMapper.Map<ProfileDto, MyPersonalInfoModel>(user);

        return View("~/Pages/Account/Components/ProfileManagementGroup/PersonalInfo/Default.cshtml", model);
    }

    public class MyPersonalInfoModel : ExtensibleObject
    {
        [Required]
        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxUserNameLength))]
        [Display(Name = "DisplayName:UserName")]
        public string UserName { get; set; }

        [Required]
        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxEmailLength))]
        [Display(Name = "DisplayName:Email")]
        public string Email { get; set; }

        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxNameLength))]
        [Display(Name = "DisplayName:Name")]
        public string Name { get; set; }

        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxSurnameLength))]
        [Display(Name = "DisplayName:Surname")]
        public string Surname { get; set; }

        [DynamicStringLength(typeof(IdentityUserConsts), nameof(IdentityUserConsts.MaxPhoneNumberLength))]
        [Display(Name = "DisplayName:PhoneNumber")]
        public string PhoneNumber { get; set; }

        public bool PhoneNumberConfirmed { get; set; }

        public bool EmailConfirmed { get; set; }
    }
}    

6. Added a Default.cshtml to reference MyPersonalInfoModel and added handling for extra properties: (see \Volo.Abp.Account.Pro.Public.Web\Pages\Account\Components\ProfileManagementGroup\PersonalInfo\Default.cshtml for rest of page)

7. Added the auto mapper profile:

public class PortalIdentityServerAutoMapperProfile : Profile
{
    public PortalIdentityServerAutoMapperProfile()
    {
        CreateMap<ProfileDto, MyAccountProfilePersonalInfoManagementGroupViewComponent.MyPersonalInfoModel>().MapExtraProperties();

        CreateMap<IdentitySecurityLog, IdentitySecurityLogDto>(); // can remove 5.2-RC2 https://github.com/abpframework/abp/issues/12070
    }
}

8. Configured the auto mapper profile in the module:

        context.Services.AddAutoMapperObjectMapper<PortalIdentityServerModule>();
        Configure<AbpAutoMapperOptions>(options =>
        {
            options.AddProfile<PortalIdentityServerAutoMapperProfile>(validate: true);
        });

Appreciate your assistance.