Activities of "Frontis2"

@gterdem

Thanks for your response.

As a digital agency, we run multiple ABP projects, for multiple customers. And those customers (abp-projects), have multiple clients connecting to them. So multiple clients, that connect to our ABP api's.

We did not make all clients, and therefore it is hard to test them. Is there anything that we should report to the developers of the clients? Other than "please test everything".

Are there significant changes that occur, after the migration, that our customers need to report to their clients? Think about endpoint changes. Is there any difference in how tokens are handled?

As far as we know, all clients follow the openid / oauth2 specs. We did not implement custom code on the ABP side.

If this question is hard to answer, I also do like to know. Anything you know of, is desirable to hear.

Is my question to complicated? I know it is a bit abstract. However, knowing any pitfalls would help us a lot. If there is no known pitfall, I do like to know either.

• ABP Framework version: v6.0.1
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Steps to reproduce the issue:"

After reading the migration guide... https://docs.abp.io/en/abp/latest/Migration-Guides/OpenIddict-Step-by-Step

Context We have multiple customers. Some of our customers have multiple clients (Administration => Identity Server => Clients) connecting to them. Therefor it is hard for us to test if the clients keep working. We don't have much influence on it.

So my question is.. Are there significant changes that occur, after the migration, that our customers need to report to their clients? Think about endpoint changes. Is there any difference in how tokens are handled?

As far as we know, all clients follow the openid / oauth2 specs. We did not implement custom code on the ABP side.

Another (small) functional question: Can created ABP users use their own password after the migration?

Thanks in advance,

For us it was a combination of

- 1. Development certificate

    private void ConfigureOpenIddict()
    {
        Configure<AbpOpenIddictAspNetCoreOptions>(builder => {
            builder.AddDevelopmentEncryptionAndSigningCertificate = false;
        });
    }

    {
        ...
        ConfigureOpenIddict();
        ...
    }

Why not adding this code (maybe with env.IsDevelopment()) to the starter template? This might help a lot of people?

- 2. Setting Loading User Profile to true in IIS

Tnhx for the support!

• ABP Framework version: v6.0.0-rc.1
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Exception message and stack trace:

Application '/LM/W3SVC/2/ROOT' with physical root 'D:\Domains\abp_beheer\httpdocs\' has exited from Program.Main with exit code = '1'. First 30KB characters of captured stdout and stderr logs:
[14:14:52 INF] Starting web host.
[14:14:53 FTL] Host terminated unexpectedly!
Volo.Abp.AbpInitializationException: An error occurred during ConfigureServicesAsync phase of the module Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule, Volo.Abp.OpenIddict.AspNetCore, Version=6.0.0.0, Culture=neutral, PublicKeyToken=null. See the inner exception for details.
 ---> Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access is denied.
   at Internal.Cryptography.Pal.StorePal.FromSystemStore(String storeName, StoreLocation storeLocation, OpenFlags openFlags)
   at System.Security.Cryptography.X509Certificates.X509Store.Open(OpenFlags flags)
   at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate(X500DistinguishedName subject)
   at Microsoft.Extensions.DependencyInjection.OpenIddictServerBuilder.AddDevelopmentEncryptionCertificate()
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.<>c__DisplayClass1_0.<AddOpenIddictServer>b__0(OpenIddictServerBuilder builder)
   at Microsoft.Extensions.DependencyInjection.OpenIddictServerExtensions.AddServer(OpenIddictBuilder builder, Action`1 configuration)
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.AddOpenIddictServer(IServiceCollection services)
   at Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule.ConfigureServices(ServiceConfigurationContext context)
   at Volo.Abp.Modularity.AbpModule.ConfigureServicesAsync(ServiceConfigurationContext context)
   at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
   --- End of inner exception stack trace ---
   at Volo.Abp.AbpApplicationBase.ConfigureServicesAsync()
   at Volo.Abp.AbpApplicationFactory.CreateAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
   at Microsoft.Extensions.DependencyInjection.ServiceCollectionApplicationExtensions.AddApplicationAsync[TStartupModule](IServiceCollection services, Action`1 optionsAction)
   at Microsoft.Extensions.DependencyInjection.WebApplicationBuilderExtensions.AddApplicationAsync[TStartupModule](WebApplicationBuilder builder, Action`1 optionsAction)
   at ABP_Beheer.Web.Program.Main(String[] args) in D:\BUILD02_Agent3\_work\730\s\src\ABP_Beheer.Web\Program.cs:line 36

• Steps to reproduce the issue:"

• dotnet tool install Volo.Abp.Cli -g --version 6.0.0-rc.1
• abp new BookStore --preview
• Run migrator & Open application & login with admin user
• Now release to a windows server 2022 server (install IIS+dotnet 6 webhosting bundle)
• Configure ABP there with Local IIS
  • ApplicationPoolIdentity
• Add a ssl certificate in the Personal folder via "Manage computer certificates"
• After that, configure the SSL certificate, so that the IIS APPOOL has access to it (manage computer certificates> Personal > Certificates > right click certificate > All tasks > Manage private keys > Add iis appool user here)
  • See https://github.com/dotnet/aspnetcore/issues/6840 for more info
• Add HTTPS binding of the ssl certificate, to the iis site
• Recycle app pool
• Go to the application, by browsering to it

We haven't had this issue with ABP in combination with Identity server. What am i doing wrong, in context of OpenIddict?

Thanks in advance.