Activities of "gterdem"

We dont't have support for micro-frontend unfortunatelly. If you want to build your back-office or public web application on micro-frontend, you need to do it manually.

Angular had module federation I think to build micro-frontends. We don't have any knowledge or experience unfortunatelly.

The openid-providers (openiddict library in abp templates after v6) uses certificates to sign and encrypt the tokens. This is not related to ABP.

When you build your application on development environment, you use the temprorary/non-secure development signin certificate defined by the openid-provider library to not bother developers with deployment configurations in the development process. In ABP templates, you can see a code pieceas below under the AuthServer project:

if (!hostingEnvironment.IsDevelopment())
{
    PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
    {
        options.AddDevelopmentEncryptionAndSigningCertificate = false;
    });

    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
        builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
        builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]));
    });
}

When deploying your application in different environments, you need to create a self-signed certificate or use a real certificate that handles the signing and encryption of the tokens.

If you follow the souce of GetSigninCertificate method, shortest way to handle it is, creating a self signed certificate called authserver.pfx with a password and set it as embedded resource (or manually copy it to your server) so it can be read by the server.

Here is a code piece how to generate self signed certificate using dotnet tooling to create a dev-cert for localhost:

dotnet dev-certs https -v -ep authserver.pfx -p 3A2AA457-5D33-48D6-936F-C48E5EF46A21

Kindly reminder, this is not related to ABP.

Please share the authserver logs.

Why not using just [Authorize] for your guest end points? So you don’t bother with permissions but just have the authentication. Or you can use AuthorizationService for some manual controls.

Can you share HttpApi.Host logs?

Hello,

There is no automated way to add gateways and applications for microservice template for now.

I would suggest understanding the architecture for microservice applications in details since they are not the same with the new app template. The back-office and public-web applications are used in different purposes. You need to decide in what context you want to use the application for. To add a new application, you need to create the application manually. Based on your use case, dependencies will be different. Afterwards, you need to register it to the auth-server using OpenIddict Management UI or the OpenIddictDataSeeder located under IdentityService or the DbMigrator (which ever you prefer to use).

If you are following backend for frontend gateway approach as in the microservice template; you will need to create it manually as well. You can configure it to use the same WebGateway_Swagger client for authorization by checking the other gateway configurations.

You are using kubernetes.io/ingress.class: azure/application-gateway. It seems like it is related to that. I have no idea about azure/application-gateway but I assume there is a guide, gui about configuring it since it seems like a gateway.

Answer

We don't have a step by step guide but we have the eShopOnAbp sample using Helm charts to deploy to azure. You can find the scripts used for that application and azure helm charts at https://github.com/abpframework/eShopOnAbp/tree/main/etc/k8s

Please follow the steps and let us know what exact errors you receive so we can try to help.

Hello,

[04:22:07 INF] Request finished HTTP/1.1 POST http://authserver.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DPublicWeb%26redirect_uri%3Dhttps%253A%252F%252Fpublicweb.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520AdministrationService%2520ProductService%26response_mode%3Dform_post%26nonce%3D638103901167256421.MGMyYjFlMWYtM2RhZC00MzAyLTk5NWYtYzE0ZmQ2ZTdhOTU5ZWViYmI4N2QtZmI1OS00ZTc5LWE4ZTItMzVjMTZjZTE4MzZl%26state%3DCfDJ8JJyrua-ZltLqDoPZm_zeQfp0J1IFIuwBqACfHbom6IruK1Rv79GO333ahvIhrZ-SLtBwTL89u3GQwVsU-rMWqo9tTgXc_uUvjaqcCtdski-AKEmq8SVroq61km5yyA0Rxwg2HIEo33aKhPabt-lfLD3APbHOT-0MBynDfgkUKsIh3TklAQucKhwBYJUsYNaJURE2_eu4rgVuSJUOEBXlbcycaO3GskmtfKdzrl73AOMlxCzx_uY1sHfwb8tOoQs9Bvx54lD3MimJw9dMDyI5xABkoxnTTo6fbSCIEWzHWmqh-5P5ICQh4IQfcm_gWToYg%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D6.15.1.0 application/x-www-form-urlencoded 291 - 302 0 - 532.6852ms

This is your initial request and it seems to be redirected. It seems there is a reverse proxy redirecting this request. It can be related to cloudflare if you are using or something else.

And why do you set "RequireHttpsMetadata": "true", on public-web application? What is your deployed /.well-known/openid-configuration endpoint?

Can you check if your gateway has websocket configuration as in the ocelot documentation in the OnApplicationInitialization method like:

app.UseWebSockets();
app.UseOcelot().Wait();
Showing 11 to 20 of 726 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54