Authentication failure in tiered blazor app on iis

[vamessias]

Hi,

I'm running the release version of a tiered aspnetcore app on IIS using Blazor Server and ABP Commercial and I'm facing some problems, I can log into the app but when I finish the log in as admin and get into the dashboard I can't click on anything else, when i do this, some logs are shown on the blazor project.

My appsettings are in below:

authserver:

{
"App": {
"SelfUrl": "https://beta1authserver.pipali.com.br",
"CorsOrigins": "https://beta1httpapihost.pipali.com.br,https://beta1blazor.pipali.com.br",
"RedirectAllowedUrls": "https://beta1httpapihost.pipali.com.br,https://beta1blazor.pipali.com.br",
"DisablePII": false
},
"ConnectionStrings": {
"Default": "Server=(LocalDb)\MSSQLLocalDB;Database=Beta01-Quality;Trusted_Connection=True;TrustServerCertificate=true"
},
"AuthServer": {
"Authority": "https://beta1authserver.pipali.com.br",
"RequireHttpsMetadata": true,
"CertificatePassPhrase": "6132db5f-9ddf-42b3-965d-b4d189f754dc"
},
"StringEncryption": {
"DefaultPassPhrase": "mhvLo8IhGumjXM6Z"
},
"Redis": {
"Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=***"
}
}

httpapihost:

{
"App": {
"SelfUrl": "https://beta1httpapihost.pipali.com.br",
"MVCPublicUrl": "https://localhost:44316",
"CorsOrigins": "https://beta1blazor.pipali.com.br",
"DisablePII": false,
"HealthCheckUrl": "https://beta1httpapihost.pipali.com.br/health-status"
},
"ConnectionStrings": {
"Default": "Server=(LocalDb)\MSSQLLocalDB;Database=Beta01-Quality;Trusted_Connection=True;TrustServerCertificate=true"
},
"Redis": {
"Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=***"
},
"RabbitMQ": {
"Connections": {
"Default": {
"HostName": "localhost"
}
},
"EventBus": {
"ClientName": "HttpApiHost",
"ExchangeName": "Beta01"
}
},
"AuthServer": {
"Authority": "https://beta1authserver.pipali.com.br",
"RequireHttpsMetadata": true,
"MetaAddress": "https://beta1authserver.pipali.com.br",
"SwaggerClientId": "Beta01_Swagger"
},
"StringEncryption": {
"DefaultPassPhrase": "mhvLo8IhGumjXM6Z"
}}

blazor:

{
"App": {
"SelfUrl": "https://beta1blazor.pipali.com.br",
"DisablePII": false
},
"RemoteServices": {
"Default": {
"BaseUrl": "https://beta1httpapihost.pipali.com.br"
},
"AbpAccountPublic": {
"BaseUrl": "https://beta1authserver.pipali.com.br"
}
},
"Redis": {
"Configuration": "redis-11477.c282.east-us-mz.azure.redns.redis-cloud.com:11477,password=**"
},
"RabbitMQ": {
"Connections": {
"Default": {
"HostName": "localhost"
}
},
"EventBus": {
"ClientName": "BlazorServer",
"ExchangeName": "Beta01"
}
},
"AuthServer": {
"Authority": "https://beta1authserver.pipali.com.br",
"RequireHttpsMetadata": true,
"ClientId": "Beta01_BlazorServer",
"ClientSecret": "1q2w3e"
},
"StringEncryption": {
"DefaultPassPhrase": "mhvLo8IhGumjXM6Z"
},
"Logging": {
"LogLevel": {
"Default": "Debug",
"System": "Debug",
"Microsoft": "Debug"
}
}
}

• Your ABP Framework version. 0.9.22
• Your User Interface : blazor server
• Your database provider: EF Core
• Exception message and stack trace :

authserver:
[18:34:18 INF] The introspection request was successfully validated.
[18:34:18 INF] Potentially sensitive application claims were excluded from the introspection response as the client 'Beta01_BlazorServer' was not explicitly listed as an audience.
[18:34:18 INF] The response was successfully returned as a JSON document: {
"active": true,
"iss": "https://beta1authserver.pipali.com.br/",
"sub": "6d4f59e5-6570-6956-848b-3a17bf9f834e",
"jti": "af14dcd8-3ed7-4dd8-9c95-c109318e49f1",
"token_type": "Bearer",
"token_usage": "access_token",
"client_id": "Beta01_BlazorServer",
"iat": 1738089244,
"nbf": 1738089244,
"exp": 1738092844,
"aud": "Beta01"
}.

httpapihost:

[18:34:15 INF] Request finished HTTP/1.1 GET https://beta1httpapihost.pipali.com.br/api/chat/contact/total-unread-message-count?api-version=1.0 - 200 null application/json; charset=utf-8 286.4922ms
[18:34:15 INF] Request finished HTTP/1.1 GET https://beta1httpapihost.pipali.com.br/api/chat/contact/total-unread-message-count?api-version=1.0 - 200 null application/json; charset=utf-8 281.9158ms
[18:34:17 INF] Request starting HTTP/1.1 GET https://beta1httpapihost.pipali.com.br/api/chat/contact/total-unread-message-count?api-version=1.0 - null null
[18:34:17 INF] Executing endpoint 'Volo.Chat.Users.ContactController.GetTotalUnreadMessageCountAsync (Volo.Chat.HttpApi)'
[18:34:17 INF] Route matched with {area = "chat", action = "GetTotalUnreadMessageCount", controller = "Contact", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[System.Int32] GetTotalUnreadMessageCountAsync() on controller Volo.Chat.Users.ContactController (Volo.Chat.HttpApi).
[18:34:17 INF] Authorization failed. These requirements were not met:
PermissionRequirement: Chat.Messaging
[18:34:18 WRN] ---------- RemoteServiceErrorInfo ----------
{
"code": "Volo.Authorization:010001",
"message": "Authorization failed! Given policy has not granted.",
"details": null,
"data": null,
"validationErrors": null
}

[18:34:18 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.

blazor:

2025-01-28 18:34:18.241 +00:00 [WRN] Unhandled exception rendering component: Unauthorized
Volo.Abp.Http.Client.AbpRemoteCallException: Unauthorized
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.ThrowExceptionForResponseAsync(HttpResponseMessage response) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at Volo.Chat.Users.ContactClientProxy.GetTotalUnreadMessageCountAsync()
at Volo.Chat.Blazor.Components.MessagesToolbarItem.OnInitializedAsync()
at Microsoft.AspNetCore.Components.ComponentBase.RunInitAndSetParametersAsync()
at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task taskToHandle, ComponentState owningComponentState)
2025-01-28 18:34:18.248 +00:00 [ERR] Unhandled exception in circuit '5ZTZzIr5JdxfLbW_Ovk31EuSxi3khwqpqGEvjitMA1g'.
Volo.Abp.Http.Client.AbpRemoteCallException: Unauthorized
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.ThrowExceptionForResponseAsync(HttpResponseMessage response) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at Volo.Chat.Users.ContactClientProxy.GetTotalUnreadMessageCountAsync()
at Volo.Chat.Blazor.Components.MessagesToolbarItem.OnInitializedAsync()
at Microsoft.AspNetCore.Components.ComponentBase.RunInitAndSetParametersAsync()
at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task taskToHandle, ComponentState owningComponentState)
2025-01-28 18:34:18.250 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.250 +00:00 [INF] The file _content/Blazorise.Bootstrap5/tooltip.js was not modified
2025-01-28 18:34:18.250 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.250 +00:00 [INF] Request starting HTTP/2 GET https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA&_=1738089258243 - null null
2025-01-28 18:34:18.250 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_content/Blazorise.Bootstrap5/tooltip.js?v=1.6.2.0 - 304 null text/javascript 61.8139ms
2025-01-28 18:34:18.258 +00:00 [INF] Request starting HTTP/2 GET https://beta1blazor.pipali.com.br/_content/Blazorise/tooltip.js?v=1.6.2.0 - null null
2025-01-28 18:34:18.270 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.272 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.272 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.272 +00:00 [INF] Request finished HTTP/2 POST https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA - 200 null text/plain 40.2961ms
2025-01-28 18:34:18.275 +00:00 [INF] Request starting HTTP/2 POST https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA - application/octet-stream 168
2025-01-28 18:34:18.288 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.288 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.288 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.290 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] The file _content/Blazorise/vendors/jsencrypt.js was not modified
2025-01-28 18:34:18.290 +00:00 [INF] The file _content/Blazorise/vendors/sha512.js was not modified
2025-01-28 18:34:18.290 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.290 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA&_=1738089258243 - 200 328 application/octet-stream 40.4065ms
2025-01-28 18:34:18.290 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_content/Blazorise/vendors/jsencrypt.js?v=1.6.2.0 - 304 null text/javascript 52.1216ms
2025-01-28 18:34:18.290 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_content/Blazorise/vendors/sha512.js?v=1.6.2.0 - 304 null text/javascript 51.6752ms
2025-01-28 18:34:18.296 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.297 +00:00 [INF] Request starting HTTP/2 GET https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA&_=1738089258295 - null null
2025-01-28 18:34:18.298 +00:00 [INF] Request starting HTTP/2 DELETE https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA - null null
2025-01-28 18:34:18.298 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.298 +00:00 [INF] The file _content/Blazorise/tooltip.js was not modified
2025-01-28 18:34:18.298 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.299 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_content/Blazorise/tooltip.js?v=1.6.2.0 - 304 null text/javascript 40.6488ms
2025-01-28 18:34:18.313 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.315 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.315 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.315 +00:00 [INF] Request finished HTTP/2 POST https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA - 200 null text/plain 40.0892ms
2025-01-28 18:34:18.341 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.342 +00:00 [WRN] The operation was canceled.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at Microsoft.Extensions.Caching.StackExchangeRedis.RedisCache.GetAsync(String key, CancellationToken token)
at Volo.Abp.Caching.DistributedCache2.GetAsync(TCacheKey key, Nullable1 hideErrors, Boolean considerUow, CancellationToken token)
2025-01-28 18:34:18.344 +00:00 [INF] The access_token is active.
2025-01-28 18:34:18.345 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.346 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.346 +00:00 [INF] Request finished HTTP/2 DELETE https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA - 202 null text/plain 48.2178ms
2025-01-28 18:34:18.348 +00:00 [INF] Start processing HTTP request POST https://beta1authserver.pipali.com.br/api/account/dynamic-claims/refresh
2025-01-28 18:34:18.348 +00:00 [INF] Sending HTTP request POST https://beta1authserver.pipali.com.br/api/account/dynamic-claims/refresh
2025-01-28 18:34:18.465 +00:00 [INF] Received HTTP response headers after 116.9151ms - 204
2025-01-28 18:34:18.466 +00:00 [INF] End processing HTTP request after 117.0816ms - 204
2025-01-28 18:34:18.466 +00:00 [WRN] The operation was canceled.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at Microsoft.Extensions.Caching.StackExchangeRedis.RedisCache.GetAsync(String key, CancellationToken token)
at Volo.Abp.Caching.DistributedCache2.GetAsync(TCacheKey key, Nullable1 hideErrors, Boolean considerUow, CancellationToken token)
2025-01-28 18:34:18.468 +00:00 [WRN] Failed to refresh remote dynamic claims cache for user: 6d4f59e5-6570-6956-848b-3a17bf9f834e
Volo.Abp.AbpException: Failed to refresh remote claims for user: 6d4f59e5-6570-6956-848b-3a17bf9f834e
at Volo.Abp.Security.Claims.RemoteDynamicClaimsPrincipalContributorCacheBase1.GetAsync(Guid userId, Nullable1 tenantId)
at Volo.Abp.Security.Claims.RemoteDynamicClaimsPrincipalContributorBase`2.ContributeAsync(AbpClaimsPrincipalContributorContext context)
2025-01-28 18:34:18.469 +00:00 [INF] AuthenticationScheme: Cookies signed out.
2025-01-28 18:34:18.469 +00:00 [INF] Executing endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.469 +00:00 [INF] Executed endpoint 'Microsoft.AspNetCore.Routing.RouteEndpoint'
2025-01-28 18:34:18.469 +00:00 [INF] Request finished HTTP/2 GET https://beta1blazor.pipali.com.br/_blazor?id=SZrmH0iXw6iO6jQae0lQyA&_=1738089258295 - 404 null text/plain 172.0508ms

• Steps needed to reproduce the problem.

follow all the steps in https://abp.io/docs/commercial/8.1/startup-templates/application/deployment-iis?UI=Blazor&DB=EF&Tiered=Yes

abp*
#abp

[TheObliterator]

Be advised you may inadvertently leaked some secrets from your config in your post (Redis password).
Sorry I don't know the cause of your issue, I came looking for an auth warning in my Blazor Client:

dotnet.runtime.rubq0v1yiy.js:sourcemap:3 warn: Volo.Abp.IdentityModel.IdentityModelAuthenticationService[0]
Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration.

[vamessias]

Be advised you may inadvertently leaked some secrets from your config in your post (Redis password). Sorry I don't know the cause of your issue, I came looking for an auth warning in my Blazor Client:

dotnet.runtime.rubq0v1yiy.js:sourcemap:3 warn: Volo.Abp.IdentityModel.IdentityModelAuthenticationService[0]
Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration.

Thanks, i edited the excerpt

I've been facing the same auth warning, wonder what is it

[maliming]

hi @vamessias

Have you enabled the WebSocket feature in your IIS server?