Open Closed

AuthServer Not Working in v7.0 in Microservices K8S Environment #4331


User avatar
0
thedatacrew created
  • ABP Framework version: v7.0.0
  • UI type: BlazorServer
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Microservices
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi,

I have tried to get AuthServer working in K8S and keep getting the error.

Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).

This worked in v6 - no matter what I try it will not pick up the hostname in K8S for .well-known/openid-configuration. AuthServer / BlazorServer / PublicWeb are all affected. Runs ok locally. I have even tries a congfigmap in Helm for appsettings.json - it's like the url is hardcoded or something. Something has changed since v6.

[13:01:36 INF] Request starting HTTP/1.1 POST http://auth.dataadmiral.net/Account/Login application/x-www-form-urlencoded 300
[13:01:36 INF] CORS policy execution successful.
[13:01:36 INF] Executing endpoint '/Account/Login'
[13:01:36 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
[13:01:36 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[13:01:36 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync - ModelState is Valid
[13:01:37 INF] Start processing HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Sending HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Executed page /Account/Login in 937.9643ms
[13:01:37 INF] Executed endpoint '/Account/Login'
[13:01:37 ERR] An unhandled exception has occurred while executing the request.
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
   at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
   at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
   at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
   at Nelson.NetworkSecurityService.NetworkAddressPermissions.NetworkAddressPermissionClientProxy.GetCountOfNetworkAddressRestrictionsAsync() in /src/services/networkSecurity/src/Nelson.NetworkSecurityService.HttpApi.Client/ClientProxies/NetworkAddressPermissionClientProxy.Generated.cs:line 77
   at Nelson.AuthServer.CustomSignInManager.isIpAllowedAsync(IdentityUser user) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 124
   at Nelson.AuthServer.CustomSignInManager.CheckPasswordSignInAsync(IdentityUser user, String password, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 97
   at Microsoft.AspNetCore.Identity.SignInManager`1.PasswordSignInAsync(TUser user, String password, Boolean isPersistent, Boolean lockoutOnFailure)
   at Nelson.AuthServer.CustomSignInManager.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 63
   at Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync(String action)
   at Volo.Abp.Account.Web.Pages.Account.OpenIddictSupportedLoginModel.OnPostAsync(String action)
   at Nelson.AuthServer.Pages.Account.MyLoginModel.OnPostAsync(String action) in /src/apps/auth-server/src/Nelson.AuthServer/Pages/Account/MyLoginModel.cs:line 46
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
   at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
   at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
[13:01:37 INF] CORS policy execution successful.

10 Answer(s)
  • User Avatar
    0
    gterdem created
    Support Team

    This may be related to https://github.com/openiddict/openiddict-core/issues/1613

    Please contact me via email at galip.erdem@volosoft.com so we can schedule a remote meeting that I can check.

  • User Avatar
    0
    gterdem created
    Support Team

    The problem is about CustomSignInManager configuration is done before configuring the OpenIddictServer issuer.

    Under PreConfigureServices:

    PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
    {
        options.AddDevelopmentEncryptionAndSigningCertificate = false;
    });
    
    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
        builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
        builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
    });
    
    PreConfigure<IdentityBuilder>(identityBuilder =>
    {
        identityBuilder.AddSignInManager<CustomSignInManager>();
    });
    

    When the CustomSignInManager configured, Account/Login tries to redirect to initial appsettings configuration (localhost:44322) instead of overwritten issuer value.

  • User Avatar
    0
    thedatacrew created

    Hi,

    After fixing the routes and retesting the following code does not load the CustomSignInManager

    
    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        Configure<IdentityBuilder>(identityBuilder =>
        {
            identityBuilder.AddSignInManager<CustomSignInManager>();
        });
       
    }
    
  • User Avatar
    0
    maliming created
    Support Team

    hi

    You need to use PreConfigure method.

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        PreConfigure<IdentityBuilder>(identityBuilder =>
        {
            identityBuilder.AddSignInManager<CustomSignInManager>();
        });
    }
    

    Can you share the code of CustomSignInManager?

  • User Avatar
    0
    thedatacrew created

    Hi,

    I had a call with Galip, the PreConfigure causes an issue with OpenIddict 4, where as when we tried the Configure it's does not work at all. Waiting on a fix for this.

  • User Avatar
    0
    thedatacrew created

    Hi,

    @gterdem - Is there any know fix for this yet?

    Thanks

  • User Avatar
    0
    gterdem created
    Support Team

    We’re still investigating.

  • User Avatar
    0
    thedatacrew created

    I got a bit further by using the helm configmap to override the appsettings so that it uses the correct url. However i now get the following error.

    Everything is running non http on k8s.

    Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Endpoint does not use HTTPS: http://auth.mycompany.net/connect/authorize
    
  • User Avatar
    0
    gterdem created
    Support Team

    @thedatacrew

    Can you share authserver module PreConfigureServices method please?

  • User Avatar
    0
    thedatacrew created

    Here you go, it still doesn't work with the custom sign in manager that causes the issue. CustomSignInManager talks remotely to the NetworkSecurityService via HTTP API to fetch IP Address Permissions for the Tenant. Could it be this that causes the AuthServer to raise the error?

    It all works locally though.

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Linq;
    using System.Security.Cryptography.X509Certificates;
    
    using Microsoft.AspNetCore.Authentication.Google;
    using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
    using Microsoft.AspNetCore.Authentication.Twitter;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Cors;
    using Microsoft.AspNetCore.DataProtection;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.Identity;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.DependencyInjection.Extensions;
    using Microsoft.Extensions.Hosting;
    
    using MyCompany.AdministrationService.EntityFrameworkCore;
    using MyCompany.IdentityService.EntityFrameworkCore;
    using MyCompany.NetworkSecurityService;
    using MyCompany.SaasService.EntityFrameworkCore;
    using MyCompany.Shared.Hosting.AspNetCore;
    
    using OpenIddict.Server.AspNetCore;
    
    using Prometheus;
    
    using Serilog;
    
    using StackExchange.Redis;
    
    using Volo.Abp;
    using Volo.Abp.Account;
    using Volo.Abp.Account.Public.Web;
    using Volo.Abp.Account.Public.Web.ExternalProviders;
    using Volo.Abp.Account.Public.Web.Impersonation;
    using Volo.Abp.Account.Web;
    using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
    using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX;
    using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX.Bundling;
    using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared;
    using Volo.Abp.Auditing;
    using Volo.Abp.BackgroundJobs.RabbitMQ;
    using Volo.Abp.Caching;
    using Volo.Abp.Caching.StackExchangeRedis;
    using Volo.Abp.Emailing;
    using Volo.Abp.EventBus.RabbitMq;
    using Volo.Abp.Http.Client.IdentityModel;
    using Volo.Abp.Identity;
    using Volo.Abp.LeptonX.Shared;
    using Volo.Abp.Modularity;
    using Volo.Abp.MultiTenancy;
    using Volo.Abp.OpenIddict;
    using Volo.Abp.UI.Navigation.Urls;
    using Volo.Abp.VirtualFileSystem;
    using Volo.Saas.Host;
    namespace MyCompany.AuthServer;
    [DependsOn(
        typeof(AbpCachingStackExchangeRedisModule),
        typeof(AbpEventBusRabbitMqModule),
        typeof(AbpBackgroundJobsRabbitMqModule),
        typeof(AbpAspNetCoreMvcUiLeptonXThemeModule),
        typeof(AbpAccountPublicWebOpenIddictModule),
        typeof(AbpAccountPublicApplicationModule),
        typeof(AbpAccountPublicHttpApiModule),
        typeof(AbpAccountPublicWebImpersonationModule),
        typeof(AbpHttpClientIdentityModelModule),
        typeof(AdministrationServiceEntityFrameworkCoreModule),
        typeof(IdentityServiceEntityFrameworkCoreModule),
        typeof(SaasServiceEntityFrameworkCoreModule),
        typeof(SaasHostApplicationContractsModule),
        typeof(MyCompanySharedHostingAspNetCoreModule),
        typeof(MyCompanySharedLocalizationModule),
        typeof(NetworkSecurityServiceHttpApiClientModule)
    )]
    public class MyCompanyAuthServerModule : AbpModule
    {
        public override void PreConfigureServices(ServiceConfigurationContext context)
        {
            var hostingEnvironment = context.Services.GetHostingEnvironment();
            var configuration = context.Services.GetConfiguration();
    
    
            PreConfigure<OpenIddictBuilder>(builder =>
            {
                builder.AddValidation(options =>
                {
                    options.AddAudiences("AccountService");
                    options.UseLocalServer();
                    options.UseAspNetCore();
                });
    
                builder.AddServer(builder =>
                {
    
                    if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))
                    {
                        builder.UseAspNetCore().DisableTransportSecurityRequirement();
                    }
    
                    builder.Configure(options =>
                    {
    
                        var validIssuers = (configuration.GetSection("AuthServer:ValidIssuers").Get<string[]>() ?? Array.Empty<string>());
    
                        var validIssuerList = validIssuers.Select(validIssuer => validIssuer.EnsureEndsWith('/')).ToList();
    
                        options.TokenValidationParameters.ValidIssuers = validIssuerList;
    
                        Log.Information("OpenIddictBuilder TokenValidationParameters.ValidIssuers are {@ValidIssuers}", validIssuers);
    
                    });
                });
    
            });
    
            if (!hostingEnvironment.IsDevelopment())
            {
                PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
                {
                    options.AddDevelopmentEncryptionAndSigningCertificate = false;
                });
    
                PreConfigure<OpenIddictServerBuilder>(builder =>
                {
                    builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                    builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                    builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
                });
            }
    
            
            // TODO : Removing for now as it breaks auth server.
            //
    
            // PreConfigure<IdentityBuilder>(builder =>
            // {
            //     builder.AddSignInManager<CustomSignInManager>();
            // });
    
        }
    
        public override void ConfigureServices(ServiceConfigurationContext context)
        {
            var hostingEnvironment = context.Services.GetHostingEnvironment();
            var configuration = context.Services.GetConfiguration();
    
            if (!Convert.ToBoolean(configuration["App:DisablePII"]))
            {
                Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
            }
    
            if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))
            {
                Configure<OpenIddictServerAspNetCoreOptions>(options =>
                {
                    options.DisableTransportSecurityRequirement = true;
                });
            }
    
            ConfigureBundles();
            ConfigureSwagger(context, configuration);
            ConfigureSameSiteCookiePolicy(context);
            ConfigureExternalProviders(context);
    
            context.Services.Configure<AbpTenantResolveOptions>(options =>
            {
                options.TenantResolvers.Clear();
                options.TenantResolvers.Add(new CurrentUserTenantResolveContributor());
            });
    
            Configure<AbpMultiTenancyOptions>(options =>
            {
                options.IsEnabled = true;
            });
    
            Configure<AbpAccountOptions>(options =>
            {
                // For impersonation in Saas module
                options.TenantAdminUserName = "admin";
                options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
    
                // For impersonation in Identity module
                options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
            });
    
            Configure<AbpAuditingOptions>(options =>
            {
                options.ApplicationName = "AuthServer";
            });
    
            Configure<AppUrlOptions>(options =>
            {
                options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"];
                options.RedirectAllowedUrls.AddRange(configuration["App:RedirectAllowedUrls"].Split(','));
            });
    
            Configure<AbpDistributedCacheOptions>(options =>
            {
                options.KeyPrefix = "MyCompany:";
            });
    
            var dataProtectionBuilder = context.Services.AddDataProtection().SetApplicationName("MyCompany");
            var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]);
            dataProtectionBuilder.PersistKeysToStackExchangeRedis(redis, "MyCompany-Protection-Keys");
    
            context.Services.AddCors(options =>
            {
                options.AddDefaultPolicy(builder =>
                {
                    builder
                        .WithOrigins(
                            configuration["App:CorsOrigins"]
                                .Split(",", StringSplitOptions.RemoveEmptyEntries)
                                .Select(o => o.Trim().RemovePostFix("/"))
                                .ToArray()
                        )
                        .WithAbpExposedHeaders()
                        .SetIsOriginAllowedToAllowWildcardSubdomains()
                        .AllowAnyHeader()
                        .AllowAnyMethod()
                        .AllowCredentials();
                });
            });
    
    #if DEBUG
            context.Services.Replace(ServiceDescriptor.Singleton<IEmailSender, NullEmailSender>());
    #endif
    
            if (hostingEnvironment.IsDevelopment())
            {
                Configure<AbpVirtualFileSystemOptions>(options =>
                {
                    options.FileSets.ReplaceEmbeddedByPhysical<MyCompanySharedLocalizationModule>(Path.Combine(
                        hostingEnvironment.ContentRootPath,
                        $"..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}shared{Path.DirectorySeparatorChar}MyCompany.Shared.Localization"));
                });
            }
    
            Configure<LeptonXThemeOptions>(options =>
            {
                options.DefaultStyle = LeptonXStyleNames.System;
            });
        }
    
        public override void OnApplicationInitialization(ApplicationInitializationContext context)
        {
            var app = context.GetApplicationBuilder();
            var env = context.GetEnvironment();
    
            var configuration = context.ServiceProvider.GetRequiredService<IConfiguration>();
    
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
    
            app.UseAbpRequestLocalization();
    
            if (!env.IsDevelopment())
            {
                app.UseErrorPage();
            }
    
            app.UseCorrelationId();
            app.UseAbpSecurityHeaders();
            app.UseStaticFiles();
            app.UseRouting();
            app.UseCors();
            app.UseCookiePolicy();
            app.UseHttpMetrics();
            app.UseAuthentication();
            app.UseAbpOpenIddictValidation();
            app.UseMultiTenancy();
            app.UseAbpSerilogEnrichers();
            app.UseUnitOfWork();
            app.UseAuthorization();
            app.UseSwagger();
            app.UseAbpSwaggerUI(options =>
            {
                options.SwaggerEndpoint("/swagger/v1/swagger.json", "Account Service API");
                options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]);
            });
            app.UseAuditing();
            app.UseConfiguredEndpoints(endpoints =>
            {
                endpoints.MapMetrics();
            });
        }
    
        private void ConfigureBundles()
        {
            Configure<AbpBundlingOptions>(options =>
            {
                options.StyleBundles.Configure(
                    LeptonXThemeBundles.Styles.Global,
                    bundle =>
                    {
                        bundle.AddFiles("/global-styles.css");
                    }
                );
            });
        }
    
        private void ConfigureExternalProviders(ServiceConfigurationContext context)
        {
            context.Services.AddAuthentication()
                .AddGoogle(GoogleDefaults.AuthenticationScheme, _ => { })
                .WithDynamicOptions<GoogleOptions, GoogleHandler>(
                    GoogleDefaults.AuthenticationScheme,
                    options =>
                    {
                        options.WithProperty(x => x.ClientId);
                        options.WithProperty(x => x.ClientSecret, isSecret: true);
                    }
                )
                .AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, options =>
                {
                    //Personal Microsoft accounts as an example.
                    options.AuthorizationEndpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize";
                    options.TokenEndpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
                })
                .WithDynamicOptions<MicrosoftAccountOptions, MicrosoftAccountHandler>(
                    MicrosoftAccountDefaults.AuthenticationScheme,
                    options =>
                    {
                        options.WithProperty(x => x.ClientId);
                        options.WithProperty(x => x.ClientSecret, isSecret: true);
                    }
                )
                .AddTwitter(TwitterDefaults.AuthenticationScheme, options => options.RetrieveUserDetails = true)
                .WithDynamicOptions<TwitterOptions, TwitterHandler>(
                    TwitterDefaults.AuthenticationScheme,
                    options =>
                    {
                        options.WithProperty(x => x.ConsumerKey);
                        options.WithProperty(x => x.ConsumerSecret, isSecret: true);
                    }
                );
        }
    
        private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
        {
            var fileName = "authserver.pfx";
            var passPhrase = "XXXXXXXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXXXX";
            var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
    
            if (!File.Exists(file))
            {
                throw new FileNotFoundException($"Signing Certificate couldn't found: {file}");
            }
    
            return new X509Certificate2(file, passPhrase);
        }
    
        private void ConfigureSwagger(ServiceConfigurationContext context, IConfiguration configuration)
        {
            SwaggerConfigurationHelper.ConfigureWithAuth(
                context: context,
                authority: configuration["AuthServer:Authority"],
                scopes: new Dictionary<string, string> {
                    /* Requested scopes for authorization code request and descriptions for swagger UI only */
                    { "AccountService", "Account Service API" }
                },
                apiTitle: "Account Service API"
            );
        }
    
        private void ConfigureSameSiteCookiePolicy(ServiceConfigurationContext context)
        {
            context.Services.AddSameSiteCookiePolicy();
        }
    }
    
    
Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54