I have an app configured with roles based permissions as per the template, all works great for an actual logged in user. Now I want to have a page for anonymous users that uses certain services to get data and render to this "guest" user.
Obviously I want the app to be secure so I have devised a way that a unique URL slug is passed to the page and then verified as valid before rendering. I don't want to [AllowAnonymous] on my services obviously, but I do want this guest user with this un-guessable URL to access certain service methods after the initial page request.
I thought that I could create a Guest Role and assign the .Default permission group permissions to the role and use the identity system to mimic a logged in user in this case.
I cannot figure out how to keep utilizing the regular identity authentication system AND allow this scenario. I would even be okay with a cookie that is set on my initial request which is then used for further authorization or user authentication.
I have tried:
Am I going about this the wrong way? Is there a better way? How can I add a new authentication scheme to the existing project that will work alongside the regular authentication system and allow this user who makes their initial request at a specific URL an authenticated user with the system, but with my limited Guest Role?
I realize this is an advanced situation but I'm at my ropes end and am about to brute force the feature by asserting an actual user in the identity system with a Guest role but I'd rather not pollute the system and all the tenants with these needless users (note that I also may not have the guest users email address).
Any/all recommendations/insight is highly appreciated.
* An exception was thrown while activating Volo.Abp.Account.AccountController -> Volo.Abp.Account.AccountAppService -> Volo.Abp.BlobStoring.BlobContainer`1[[Volo.Abp.Account.AccountProfilePictureContainer, Volo.Abp.Account.Pro.Public.Application, Version=6.0.2.0, Culture=neutral, PublicKeyToken=null]] -> Volo.Abp.BlobStoring.BlobContainerFactory -> Volo.Abp.BlobStoring.DefaultBlobContainerConfigurationProvider. Autofac.Core.DependencyResolutionException: An exception was thrown while activating Volo.Abp.Account.AccountController -> Volo.Abp.Account.AccountAppService -> Volo.Abp.BlobStoring.BlobContainer`1[[Volo.Abp.Account.AccountProfilePictureContainer, Volo.Abp.Account.Pro.Public.Application, Version=6.0.2.0, Culture=neutral, PublicKeyToken=null]] -> Volo.Abp.BlobStoring.BlobContainerFactory -> Volo.Abp.BlobStoring.DefaultBlobContainerConfigurationProvider.
\-\-\-\> Autofac\.Core\.DependencyResolutionException: An exception was thrown while invoking the constructor 'Void \.ctor\(Microsoft\.Extensions\.Options\.IOptions`1[Volo.Abp.BlobStoring.AbpBlobStoringOptions])' on type 'DefaultBlobContainerConfigurationProvider'. ---> System.ArgumentException: value can not be null, empty or white space! (Parameter 'value') at Volo.Abp.Check.NotNullOrWhiteSpace(String value, String parameterName, Int32 maxLength, Int32 minLength) at Volo.Abp.BlobStoring.Minio.MinioBlobProviderConfiguration.set_EndPoint(String value) at ten3.Utilz.UtilzApplicationModule.<>c__DisplayClass0_0.<ConfigureServices>b__3(MinioBlobProviderConfiguration minio) at Volo.Abp.BlobStoring.Minio.MinioBlobContainerConfigurationExtensions.UseMinio(BlobContainerConfiguration containerConfiguration, Action`1 minioConfigureAction)
at ten3.Utilz.UtilzApplicationModule.<>c\_\_DisplayClass0\_0.b\_\_2(BlobContainerConfiguration container)
at Volo.Abp.BlobStoring.BlobContainerConfigurations.Configure(String name, Action`1 configureAction) at ten3.Utilz.UtilzApplicationModule.<>c__DisplayClass0_0.<ConfigureServices>b__1(AbpBlobStoringOptions options) at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
at Microsoft.Extensions.Options.UnnamedOptionsManager`1.get_Value() at lambda_method457(Closure , Object[] ) at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() --- End of inner exception stack trace --- at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() at Autofac.Core.Activators.Reflection.ReflectionActivator.<>c__DisplayClass12_0.<UseSingleConstructorActivation>b__0(ResolveRequestContext ctxt, Action`1 next)
at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Builder.RegistrationBuilder`3.<>c\_\_DisplayClass41\_0.b\_\_0(ResolveRequestContext ctxt, Action`1 next) at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
\-\-\- End of inner exception stack trace \-\-\-
at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action`1 next)
at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action`1 next) at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest request) at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest request) at Autofac.ResolutionExtensions.TryResolveService(IComponentContext context, Service service, IEnumerable`1 parameters, Object& instance)
at Autofac.ResolutionExtensions.ResolveService(IComponentContext context, Service service, IEnumerable\`1 parameters)
at Microsoft.AspNetCore.Mvc.Controllers.ServiceBasedControllerActivator.Create(ControllerContext actionContext)
at Microsoft\.AspNetCore\.Mvc\.Controllers\.ControllerFactoryProvider\.<\>c\_\_DisplayClass6\_0\.g\_\_CreateController\|0\(ControllerContext controllerContext\)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
\-\-\- End of stack trace from previous location \-\-\-
at Microsoft\.AspNetCore\.Mvc\.Infrastructure\.ResourceInvoker\.g\_\_Awaited\|26\_0\(ResourceInvoker invoker\, Task lastTask\, State next\, Scope scope\, Object state\, Boolean isCompleted\)
I configure my web project and my module with
[DependsOn(typeof(AbpBlobStoringMinioModule))]
[DependsOn(typeof(AbpBlobStoringModule))]
and in module ConfigureServices() (web project and in the depended module)
Configure<AbpBlobStoringOptions>(options =>
{
options.Containers.Configure<AttachmentsContainer>(container =>
{
container.UseMinio(minio =>
{
minio.EndPoint = configuration[Constants.SettingsKeys.BlobStorage.Endpoint];
minio.AccessKey = configuration[Constants.SettingsKeys.BlobStorage.AccessKey];
minio.SecretKey = configuration[Constants.SettingsKeys.BlobStorage.SecretKey];
minio.BucketName = configuration[Constants.SettingsKeys.BlobStorage.BucketName];
minio.WithSSL = true;
minio.CreateBucketIfNotExists = true;
});
});
});
So I do not touch the defaultContainer setup at all but somehow have destroyed the configuration of the **Volo.Abp.Account.AccountProfilePictureContainer ** in the depended module Volo.Abp.Account.Pro.Public.Application
I have followed the directions from the documentation found at https://docs.abp.io/en/abp/6.0/Blob-Storing specifically using a typed container as per the guidance because I am making a reusable module.
It is a good practice to always use a typed container while developing re-usable modules, so the final application can configure the provider for your container without effecting the other containers.
I am expecting to not have to re-configure any BlobStoring containers, but if I must, how can I re-use the default configuration of the Account PRO Module? And will that fix my issue?
ABP Framework version: v6.0.2
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no (single no-layers template with added modules)
Exception message and stack trace:
[15:02:43 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+InferIssuerFromHost. [15:02:43 INF] The request address matched a server endpoint: Authorization. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+InferEndpointType. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [15:02:43 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as skipped by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [15:02:43 DBG] AuthenticationScheme: Identity.Application was successfully authenticated. [15:02:46 ERR] An unhandled exception has occurred while executing the request. Volo.Abp.BusinessException: Exception of type 'Volo.Abp.BusinessException' was thrown. at Volo.Abp.Account.Public.Web.Pages.Account.ImpersonateUserModel.OnPostAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync() at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeNextResourceFilter() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope) at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger) at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext) at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider) at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Steps to reproduce the issue:"
(I created my no-layer project using 6.0.1 and then upgraded but not sure that's necessary to reproduce)
enable multitenancy, tenant impersonation and user impersonation
log in with admin user.
create another admin user.
impersonate the new user from the users list using the (Log in With This User) action option
//For impersonation in Saas module
context.Services.Configure<AbpSaasHostWebOptions>(options => { options.EnableTenantImpersonation = true; });
//For impersonation in Identity module
context.Services.Configure<AbpIdentityWebOptions>(options => { options.EnableUserImpersonation = true; });
Not sure if this issue is being experienced by others or what the problem here could be without pulling the Account Pro project and integrating it with my template in order to step through (is that even possible w/ no-layers template?)
So, what can be done to eliminate this issue?
It may be worthy of note that I did extend the user entity with a GUID property using the following Extensibility procedure:
ObjectExtensionManager.Instance
.MapEfCoreProperty<IdentityUser, Guid>(
BusinessDomainConstants.Database.People.ColumnNameForExtraPropertyIdentityUserPersonId,
(entityBuilder, propertyBuilder) =>
{
propertyBuilder
.HasMaxLength(36)
.HasDefaultValue(null)
;
}
);
..however, removing this from the module startup does not change the error scenario.
I am using docker containers to house my app and redis and reverse proxy in production. But every time I deploy a new build to the server the currently authorized users in my mobile app (and the web-app, but this is less troublesome) lose their authentication.
From looking at the account module code and the tables that are created (ie. AbpUserTokens) and the documentation, I think the default template should be using the IPersistedGrantStore that writes to EF Core database instead of in-memory store. But I cannot figure out how to tell the system to use the persisted store instead of in-memory one. I didn't want to try and separate the IdentityServer4 from the MVC project because of the complexity of doing so. Any directions or hints?
ABP Framework version: v4.2.2 UI type: MVC DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes, tiered MVC Exception message and stack trace: Steps to reproduce the issue:
I am also working on trying to get the mobile app to re-up the auth when/if it is lost but this above scenario is bugging me because I THINK it should be straight forward to accomplish and would allow me to only concentrate on getting refresh token instead of checking for broken auth before every API call in the mobile app.
I am trying to work with multiple developers with API generated via template and they are complaining the cookie handling and XSRF token header is causing error 400 and redirects to the login page.
Configure<AbpAntiForgeryOptions>(options =>
{
options.AutoValidate = false;
});
[IgnoreAntiforgeryToken]
Errors I am seeing in the logs
[17:13:24 ERR] The required antiforgery header value "RequestVerificationToken" is not present.
[16:43:35 ERR] The provided antiforgery token was meant for a different claims-based user than the current user.
[16:43:44 ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.9TtSrW0hzOs" is not present.
[16:44:18 ERR] The antiforgery cookie token and request token do not match.
[18:16:19 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[18:19:05 ERR] The antiforgery token could not be decrypted.
[18:20:33 ERR] The provided antiforgery token was meant for a different claims-based user than the current user.