The Authority endpoint in the Module project was wrong, I fixed that and now I get this error on request:
2020-05-19 08:50:39.673 -05:00 [INF] Request starting HTTP/1.1 GET https://localhost:44321/api/devices?serialNumber=string&api-version=1.0
2020-05-19 08:50:40.147 -05:00 [INF] Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'Portal'. Did not match: validationParameters.ValidAudience: 'Devices' or validationParameters.ValidAudiences: 'null'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateAudience(IEnumerable`1 audiences, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
2020-05-19 08:50:40.169 -05:00 [INF] BearerIdentityServerAuthenticationJwt was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'Portal'. Did not match: validationParameters.ValidAudience: 'Devices' or validationParameters.ValidAudiences: 'null'.
2020-05-19 08:50:40.170 -05:00 [INF] Bearer was not authenticated. Failure message: IDX10214: Audience validation failed. Audiences: 'Portal'. Did not match: validationParameters.ValidAudience: 'Devices' or validationParameters.ValidAudiences: 'null'.
2020-05-19 08:50:40.176 -05:00 [INF] Authorization failed.
2020-05-19 08:50:40.181 -05:00 [INF] AuthenticationScheme: BearerIdentityServerAuthenticationJwt was challenged.
2020-05-19 08:50:40.181 -05:00 [INF] AuthenticationScheme: Bearer was challenged.
2020-05-19 08:50:40.182 -05:00 [INF] Request finished in 508.9196ms 401
I'm guessing I am missing some part of the configuration in the Identity Server but I'm not sure what.
That fixed the permission issue. Now when I try the request from the Web project to the Remote API through the "Devices" page that I made before I get these errors in the logs for the Remote API service:
2020-05-18 09:58:34.520 -05:00 [INF] Request finished in 125.7825ms 200 application/json;charset=utf-8
2020-05-18 09:58:35.684 -05:00 [INF] Request starting HTTP/1.1 GET https://localhost:44321/api/devices?serialNumber=string&api-version=1.0
2020-05-18 09:58:39.874 -05:00 [ERR] Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost:44349/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://localhost:44349/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it.
---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
2020-05-18 09:58:39.898 -05:00 [ERR] IDX20803: Unable to obtain configuration from: 'https://localhost:44349/.well-known/openid-configuration'.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost:44349/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://localhost:44349/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it.
---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
2020-05-18 09:58:39.900 -05:00 [INF] Bearer was not authenticated. Failure message: IDX20803: Unable to obtain configuration from: 'https://localhost:44349/.well-known/openid-configuration'.
2020-05-18 09:58:39.907 -05:00 [INF] Authorization failed.
2020-05-18 09:58:39.914 -05:00 [INF] AuthenticationScheme: BearerIdentityServerAuthenticationJwt was challenged.
2020-05-18 09:58:39.914 -05:00 [INF] AuthenticationScheme: Bearer was challenged.
2020-05-18 09:58:39.916 -05:00 [INF] Request finished in 4231.9708ms 401
In the Remote API solution (which is a module template solution) in Application.Contracts I have two files in an Authorization folder: DevicesPermissionDefinitionProvider
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Localization;
namespace NowMicro.Dice.Devices.Authorization
{
public class DevicesPermissionDefinitionProvider : PermissionDefinitionProvider
{
public override void Define(IPermissionDefinitionContext context)
{
var devicesGroup = context.AddGroup(DevicesPermissions.GroupName);
var products = devicesGroup.AddPermission(DevicesPermissions.Devices.Default);
products.AddChild(DevicesPermissions.Devices.Update);
products.AddChild(DevicesPermissions.Devices.Delete);
products.AddChild(DevicesPermissions.Devices.Create);
}
}
}
DevicesPermissions
using Volo.Abp.Reflection;
namespace NowMicro.Dice.Devices.Authorization
{
public class DevicesPermissions
{
public const string GroupName = "Devices";
public static class Devices
{
public const string Default = GroupName + ".Device";
public const string Delete = Default + ".Delete";
public const string Update = Default + ".Update";
public const string Create = Default + ".Create";
}
public static string[] GetAll()
{
return ReflectionHelper.GetPublicConstantsRecursively(typeof(DevicesPermissions));
}
}
}
As suggested earlier, I created a tiered version of the web project: MVC, no mobile, EF Core, and tiered. Steps I took after that:
//context.Services.AddStackExchangeRedisCache(options =>
//{
// options.Configuration = configuration["Redis:Configuration"];
//});
typeof(DevicesHttpApiClientModule), typeof(AbpHttpClientIdentityModelModule) as dependency references in the WebModule.cs file.I've setup a tiered version of the web project, but I'm running into a problem getting the permissions for the remote API to show up. When I go to add the permissions to the admin user I don't see any for the remote API permission set I created. I have references for typeof(DevicesHttpApiClientModule), typeof(AbpHttpClientIdentityModelModule) in the Web module. Am I missing something in the tiered version that wasn't required in the non-tiered one?
Thanks for getting back, here is what I see:
| Name | Value | | --- | --- | | Email | "admin@abp.io" | | EmailVerified | false | | Id | {5a86407f-aa6f-3eab-147a-39f4f7773384} | | IsAuthenticated | true | | PhoneNumber | null | | PhoneNumberVerified | false | | Roles | {string[1]} | | TenantId | null | | UserName | "admin" |
Then when I expand Roles I see:
| Name | Value | | --- | --- | | [0] | "admin" |