Activities of "nhontran"

Hi @maliming, is there a way to override the handler?

Hi @maliming, I have provided the source code via email, I also attached the ECDSA cert that we use for testing.

I tried AddSigningCertificate, it does not work with ECDSA cert.

Hi @maliming, ok, let me share the full code to you.

Hi, I did disable the development cert, below is my full PreConfigureServices:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
    var environment = context.Services.GetHostingEnvironment();
    var configuration = context.Services.GetConfiguration();

    PreConfigure<OpenIddictBuilder>(builder =>
    {
        builder.AddValidation(options =>
        {
            options.AddAudiences("DigitalPlatform");
            options.UseLocalServer();
            options.UseAspNetCore();
        });
    });

    // disable developer signing credential
    PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
    {
        options.AddDevelopmentEncryptionAndSigningCertificate = false;
    });

    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        // get ECDSA certificate
        var ecdsaCertificate = CertificateHelper.GetClientCertificate(configuration["Key:ThumbPrint"]);
        ECDsaSecurityKey ecdsaCertificatePublicKey = new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey());

        // add signing key
        builder.AddSigningKey(new ECDsaSecurityKey(ecdsaCertificate.GetECDsaPrivateKey()));

        // add encryption credentials
        var encryptionKey = JsonWebKeyConverter.ConvertFromECDsaSecurityKey(ecdsaCertificatePublicKey);
        encryptionKey.KeyId = "encryption_key_id";
        encryptionKey.Use = JsonWebKeyUseNames.Enc;
        builder.AddEncryptionCredentials(new EncryptingCredentials(encryptionKey, SecurityAlgorithms.EcdsaSha256, "ECDH-ES+A192KW"));
    });

    PreConfigure<IdentityBuilder>(builder =>
    {
        builder.AddSignInManager<CustomSignInManager>();
    });
}

Hi, yes, I did add the PreConfigure<OpenIddictServerBuilder>

Below is the result of JWKS URL, it contains the signing key only:

{
  "keys": [
    {
      "kid": "NLRNW5UYTDMFJCTK0WOLUKLIL3GJYCEYYL5SEAT0",
      "use": "sig",
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "nLrNw5uYtDmFjCTk0wOlukLil3gJyCEYYl5Seat0AXM",
      "y": "OIgBQXQFSdvmnOFa59MTQyHhyy6t17yNIbbOFKJdQTw"
    }
  ]
}

Hi @maliming, thanks for the confirmation.

Hi @maliming, thanks for the reply. we managed to implement it, just found a minor issue in documentation, it should be "AbpAspNetCoreMultiTenancyOptions" instead of "AbpMultiTenancyOptions".

Hi @maliming, thanks for the reply.

While waiting for the upgrade, is there a way to override the current AbpAspNetCoreMultiTenancyOptions to implement the fix?

Hi @maliming, sorry, forgot to mention that this issue happens with ABP endpoint as well, it shows the tenant not found page:

Hi @maliming:

I found that the query string value below caused the issue:

I capture it as the screenshot and managed to post it already.

Please close the ticket, thanks