Activities of "jason.smith"

• ABP Framework version: v3.2.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Exception message and stack trace: none
• Steps to reproduce the issue:
• 1. AsyncBackgroundJob that calls an AppService with and [Authorize] attribute on the method called.

Looking for the correct method to supply the calling users permissions / authorisations to a background job so that long running actions can be performed on behalf of that user.

[Authorize(ReprosPermissions.TimeSeriesMetaData.Default)]
public class TimeSeriesMetaDataAppService : ApplicationService, ITimeSeriesMetaDataAppService
{
    [Authorize(ReprosPermissions.TimeSeriesMetaData.Create)]
    public virtual async Task<TimeSeriesMetaDataDto> CreateAsync(TimeSeriesMetaDataCreateDto inputDto)
    {
        //Added record to the database
    }
}

public class ResCsvIngestJob : AsyncBackgroundJob<ResCsvIngestArgs>, ITransientDependency
{
    public ResCsvIngestJob(
        ITimeSeriesMetaDataAppService timeSeriesMetaDataAppService)
    {
        _timeSeriesMetaDataAppService = timeSeriesMetaDataAppService;
    }

    public override async Task ExecuteAsync(ResCsvIngestArgs args)
    {
        //How do I call the following without getting the auth exception?
        await _timeSeriesMetaDataAppService.CreateAsync(new TimeSeriesMetaDataCreateDto());
    }
}

Refresh token not found in database causes Angular UI to hang.

2020-11-26 10:56:05.745 +00:00 [DBG] refresh_token grant with value: iT6s1mhTmlfz62tFZ7Rhj3xn-j1koHwhWdrGkpPQYlA not found in store.
2020-11-26 10:56:05.745 +00:00 [WRN] Invalid refresh token
2020-11-26 10:56:05.745 +00:00 [WRN] Refresh token validation failed. aborting, {"ClientId":"Repros_App","ClientName":"Repros_App","GrantType":"refresh_token","Scopes":null,"AuthorizationCode":null,"RefreshToken":null,"UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"grant_type":"refresh_token","scope":"offline_access Repros","refresh_token":"***REDACTED***","client_id":"Repros_App"},"$type":"TokenRequestValidationLog"}
2020-11-26 10:56:05.746 +00:00 [INF] {"ClientId":"Repros_App","ClientName":"Repros_App","RedirectUri":null,"Endpoint":"Token","SubjectId":null,"Scopes":null,"GrantType":"refresh_token","Error":"invalid_grant","ErrorDescription":null,"Category":"Token","Name":"Token Issued Failure","EventType":"Failure","Id":2001,"Message":null,"ActivityId":"0HM4HTQO2PDS6:00000001","TimeStamp":"2020-11-26T10:56:05.0000000Z","ProcessId":3992,"LocalIpAddress":"127.0.0.1:5001","RemoteIpAddress":"172.69.34.197","$type":"TokenIssuedFailureEvent"}
2020-11-26 10:56:05.746 +00:00 [INF] Request finished in 25.1345ms 400 application/json; charset=UTF-8

Hi @christianvpernix,

You might like the answer. Basically I opened every proj file, and the package.json in your front end (mine is angular). Then every abp package you see, change the version number from 3.3.1 to 3.2.1. Then restore packages through nuget and npm and build. A few things might break at this point and you have to figure out how to extract those features. I was lucky that the external party login (facebook, google, etc) was the only thing that broke, so I deleted their configurations.

Still testing. So we will see if this was a good move or not.

Hope that helps.

OK. Just downgraded to 3.2.1 to get the old behaviour.

All I need to do now is login and then I can perfom POSTS with just providing a cookie

I don't require the bearer auth method, or a XSRF-TOKEN

In addition to the above, does this mean the cli and suite always use the latest ? (i.e. the cli use the latest suite, and suite latest nuget pacakges).

If this is the case the tool not be of any use in day to day operations. Updating to the latest will be a controlled action in our environment. The cookie issue listed above is a classic reason as to why. Please advise if there is a way to use the abp suite tool at locked versions.

Uninstalling cli does not uninstall version 3.3.1. After uninstalling and reinstalling version 3.2.1, version 3.3.1 is still loaded. After uninstall the suite I can not reinstall anything but the latest.

The following is not a great solution. https://support.abp.io/QA/Questions/287/How-can-I-install-a-specific-version-of-ABP-Suite

The above method still produces new solutions which reference 3.3.1, not 3.2.1

@liangshiwei the image you posted does not appear

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

• ABP Framework version: v3.3.1 Commerical
• UI type: Angular
• Tiered (MVC) or Identity Server Seperated (Angular): Identity Server Included
• Exception message and stack trace: Server Logs:

2020-11-12 15:51:05.452 +11:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.Fk0-jtlgxmU" is not present.
2020-11-12 15:51:05.452 +11:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.

Response: 400 Bad Request

• Steps to reproduce the issue: Create new commerical application using suite

1. Create new solution
2. Select
   1. Template Type: Application Template
   2. Project Name: Testing
   3. Output Folder: C:\Testing
   4. Create Solution Folder: Yes
   5. UI Framework: Angular
   6. Mobile: None
   7. DB Provider: Entity Framework Core
   8. Connection String: Valid string to database
   9. Separated Identity Server: No
   10. Preview Version: No
3. Created single entity with a single property of "Name"
4. Built and ran DB migrations
5. Built and ran Host

Using Insomina - No Cookies

1. POST api/account/login using

{
  "userNameOrEmailAddress": "admin",
  "password": "1q2w3E*",
  "rememberMe": true
}

2. Response contains SetCookies. Insomina stores cookies

set-cookie	idsrv.session=d2M1gwv8ziO_pceYBykIKg; path=/; secure; samesite=none
set-cookie	.AspNetCore.Identity.Application=CfDJ8M-y0buRRcFEoHZEdek9NePLI14KQ97IYsT4VilLHF88t8-bxgISjtyF2g6YdLy39ZTAKLjlLDff55CCtwT8R2bY1oYEPslAzQ17Lj61N3aqeq8uws7RubMp2RE-LIVwXb9pLlybM0hxXLfSyAbC9wfHFVL07Ki_2UV4R-RpICbGQ3ETR7nUmJGcYc7lSsdVKGlms7N149nd-l3MVO8kG1Z2WOs_6SrJ8WDxwU41fZQTrv7bMu7ao41Kj9U78qg4TzuH-3zPliPJyAbHHYFjubXKRdT8M8IZdKwUrNo_ASMtblkmo3B2xUC7uJNPc7IjrOt2jRUdiHOPrszWHzbRbCy7FtCbZP5z1sUiQMmkazXfcVZlTUPlw4I2KldoTYgcjnsq-tFjNl-kMpY8GsAaWn96qwTaXQomhK_xdrta5MZcn9Kv2KXOXz-gkh-G4Q2RLPVOKRrTmx1eEL5EFQg7yOAEF2K2YuAI1LfEiIZCtqMcJGl3LM1GWRJa5UgUdeedTE_YnWFM5Ix8UeD6pZ_W7Z3B_-nh--bSGXb2adpLydl-BPdBhD2ZSOnh9z8O9NgWcjjNnKl28S82jDYY5TZrtlZp75XflU_MoG_QKB2HIK4LHSWNJh5nKqVEXyqnSQQZw1uiExHHuFrpSO0_3G0fyCTtfWr731VwODEnq1Hh_o4HnfBMoyzAg8d0HGjptl2dxBlHZ0PQaeEpdCzxCGagqA6SjVu4tUHUkOndQX4TCIkjqhybA7sW6u3WhMNOdT3i4IMT1m7Vsu0LXZ9roOdnOCsHZFC1UUkByrKoG0Dt_7UHg1Pf9N5S-55vnoAyYYqvrWJidzgYek-ZFEhtdoMkYLMC3SNotwLohR-RwRt6PB7WTUUUrFh6jWum3hPkYiFZFOjvWqi0vvxMKkbJsjrL1V4aKO_DVBpIzpmXGyJen5q_7Bp2NACiyxG0Cdn3Tx-jRUKmtJHnSWLEJCIuUmqWg1z5va6zaX_HZUmdwavFlqjYCglEdR1GUOVWR6x5dRg2ESIXA0fjq88hpIxBuR5vMGRYMoIfIjEwNBB3ZgSenB0TCoihPMjIpHgWa5WCq_VIg0HSJ1agZS6EFcBfSJA2E8WRUOaBYN0YPg5g8L2WI8a1wVSEtyvtn0JzSBOsJatWwQ; expires=Thu, 26 Nov 2020 21:52:49 GMT; path=/; secure; samesite=none; httponly

3. Don't see any XSRF-TOKEN cookie at this stage
4. POST api/app/scenarios
5. Response BAD Request
   1. On the server see the following:

2020-11-12 15:51:05.452 +11:00 [ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.Fk0-jtlgxmU" is not present.
2020-11-12 15:51:05.452 +11:00 [INF] Authorization failed for the request at filter 'Volo.Abp.AspNetCore.Mvc.AntiForgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'.

I have recently updated our solution to use the commercial modules. This change the authentication method to the commerical module available which is fine. On testing cookie authentication for POST requests no longer work (GET requests are fine).

To see if this was an issue with my migration to the commercial modules I decided to create a simple Angular application using the Abp Suite. The same issue is present. For cookie auth POST requests no longer work. Also of interest, only the first POST to Login works. All subsequent calls result in a 400 Bad Request.

Any hints as to where to look would be greatly appreciated. The very strange behaviour is that GET requests work, yet POST requests fail for the same endpoint. My current next step is to debug AbpAutoValidateAntiforgeryTokenAuthorizationFilter, which I was hoping not to do.

I can see that the default options does the following:

AutoValidateIgnoredHttpMethods = new HashSet<string> {"GET", "HEAD", "TRACE", "OPTIONS"}; So that explains why the GET request is working, but the POST is not.

Yet the following:

TokenCookie = new CookieBuilder
            {
                Name = "XSRF-TOKEN",
                HttpOnly = false,
                IsEssential = true,
                Expiration = TimeSpan.FromDays(3650) //10 years!
            };

I never see this cookie returned from the service. Calling https://localhost:44382/api/account/login does not return this token, how is it retrieved using the login REST API call?

"hi jason.smith Can you create a new quesion?"

"closing the issue, you can always reopen if you need help on the same issue."

Sure. Please note this adds a full weekend to turn around now. Why not create a new issue and address start to address the issue there. Creating a new issue.

@alper the Angular user interface works fine, its just direct calls to the REST API no longer work.

I have not tested in MVC. As we are not using MVC in our project.