Activities of "viswajwalith"

1. We did not find any ETOs for IdentityUserOrganizationUnit and IdentityUserRole to implement DistributedEventHandler.

2. We are using default ABP API for User creation and Edit. We are facing performance issue when we have hundreds of organization units. We've observed that LocalEventHandler is triggering for every organization unit assignment/removal in User create/edit. Is Default API using Batch Processing for organization unit assignment/removal or else need to inplement explicitly by overriding default API.

Any guidance or clarification on this would be greatly appreciated.

We are facing the perforamce issue on creation /modification of users when we have lots of locations and mappings.

1. We are currently working with domain events and handling them using ILocalEventHandler<T> for both the IdentityUserOrganizationUnit and IdentityUserRole entities. Specifically, we are successfully using the following local event handlers: ILocalEventHandler<EntityCreatedEventData<IdentityUserOrganizationUnit>> ILocalEventHandler<EntityCreatedEventData<IdentityUserRole>>

These local event handlers are functioning as expected within the same application context.

As we transition to a distributed architecture using RabbitMQ, we are attempting to handle the same events through the distributed event bus, using: IDistributedEventHandler<EntityCreatedEventData<IdentityUserOrganizationUnit>> IDistributedEventHandler<EntityCreatedEventData<IdentityUserRole>>

However, we have encountered the following challenges: These events are not automatically published to the distributed event bus. Did not find any ETOs for the IdentityUserOrganizationUnit or IdentityUserRole entities. As a result, we are unable to subscribe to or handle these events using the distributed event.

2. We've observed a significant performance issue when assigning or unassigning roles and organization units to users in our application. Specifically, during user creation or editing, the LocalEventHandler is triggered for every individual role or organization unit assignment or removal.

In scenarios where a user is associated with hundreds of roles or organization units, this results in the UserManager making repeated changes per item — leading to hundreds of operations and drastically increasing the time required to complete the user creation/edit process.

Are there best practices within ABP for improving performance in such scenarios?

Any guidance or clarification on this would be greatly appreciated.

We have manually upgraded our solution from ABP.io 7 to ABP.io 9.

After the upgrade, the LeptonX CSS and JS bundles are loading, but not the latest ABP.io 9 bundles in development mode.

Could you please confirm if there are additional steps or configurations required to enable the latest LeptonX bundles in ABP.io 9?We have manually upgraded our solution from ABP.io 7 to ABP.io 9.

After the upgrade, the LeptonX CSS and JS bundles are loading, but not the latest ABP.io 9 bundles in development mode.

Could you please confirm if there are additional steps or configurations required to enable the latest LeptonX bundles in ABP.io 9?

Some how we are able to make the things working with Idenity4 server after upgrade to ABP 9 .

We made changes in Auth server module file

and in JwtBearerConfigurationHelper.cs we have added additional options

After the above changes Login worked perfectly and things are perfect till Auth Server ad Web,

But we we are calling the API's from different services we observed that ICurrentUser object is coming but with null values for Id, Email etc, Also IsAuthenticated also coming as false so services are not respeoning as expected. Any idea what we might have missed?

We can find the Roles in Log, but when we inject CurrentUser in AppService, not able find the roles.

[liming.ma@volosoft.com] said: hi

The Microsoft logs level still not Debug

Please use the log configuration code below.

var loggerConfiguration = new LoggerConfiguration() 
    .MinimumLevel.Debug() 
    .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning) 
    .Enrich.FromLogContext() 
    .WriteTo.Async(c => c.File("Logs/logs.txt")) 

2025-06-30 19:52:16.805 +05:30 [INF] Request starting HTTP/1.1 GET http://localhost:44371/api/employee-service/dashboard-pages?PageId=HOMEDASHBOARD&SkipCount=0&MaxResultCount=20000&api-version=1.0 - null 0 
 
2025-06-30 19:52:17.252 +05:30 [INF] Executing endpoint 'Exceego.EHSWatch.AppV3.EmployeeService.Controllers.DashboardPages.DashboardPageController.GetListAsync (Exceego.EHSWatch.AppV3.EmployeeService.HttpApi)' 
 
2025-06-30 19:52:18.685 +05:30 [INF] Authorization failed. These requirements were not met: 
PermissionRequirement: EmployeeService.CustomReports 
 
2025-06-30 19:52:19.936 +05:30 [INF] Request finished HTTP/1.1 GET https://localhost:44371/api/employee-service/dashboard-pages?PageId=HOMEDASHBOARD&SkipCount=0&MaxResultCount=20000&api-version=1.0 - 403 0 null 3131.5555ms 

These requirements were not met: PermissionRequirement: EmployeeService.CustomReports

Does your current user have EmployeeService.CustomReports permission?

If the 403 error only happened on Exceego.EHSWatch.AppV3.EmployeeService.HttpApi.Host. website.

Please enable the Debug log level and share again.

Also output some info to the logs.

app.UseAuthentication(); 
 
app.Use(async (httpContext, next) => 
{ 
    var logger = httpContext.RequestServices.GetRequiredService<ILogger<EmployeeServiceHttpApiHostModule>>(); 
    var claims = httpContext.User.Claims.Select(x => new { x.Type, x.Value }).ToList(); 
    logger.LogError("HttpContext.User Claims:"); 
    logger.LogError(JsonSerializer.Serialize(claims)); 
 
    var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>().GetAllClaims().Select(x => new { x.Type, x.Value }).ToList(); 
    logger.LogError("Current User Claims:"); 
    logger.LogError(JsonSerializer.Serialize(currentUser)); 
 
 
    var userid = AbpClaimTypes.UserId; 
    var username = AbpClaimTypes.UserName; 
    var roleClaimType = AbpClaimTypes.Role; 
 
    logger.LogError($"UserId Claim Type: {userid}"); 
    logger.LogError($"UserName Claim Type: {username}"); 
    logger.LogError($"Role Claim Type: {roleClaimType}"); 
 
    var authorizationHeader = httpContext.Request.Headers["Authorization"]; 
    logger.LogError(!string.IsNullOrEmpty(authorizationHeader) 
        ? $"Authorization Header: {authorizationHeader}" 
        : "Authorization Header is missing or empty."); 
 
    await next(httpContext); 
}); 

Thanks.

sent the logs to ur email, Thanks

1. We have upgraded our application from 7.3.2 to 9.2.0
2. We are continue to use IdentityServer (we did not Migrated to OpenIddict).
3. We are not using any external login.
4. After upgrade from 7.3.2 to 9.2.0, we were missing the sub and role claims in Back Office Web. We have managed to get thsese claims by adding below code in Back Office Web in AddAbpOpenIdConnect configuration. options.ClaimActions.MapJsonKey("sub", AbpClaimTypes.UserId); options.ClaimActions.MapJsonKey("role", "role");
5. One of our Micro service called 'Employee Service' have 'EmployeeService.CustomReports' permission and this permission is given to a role and that role assigned to the logged in user. We are able to get that permission from JS, because in Back office web we mapped the roles. But when we check in Employee Service(Micro service), we are missing the roles in claims/CurrentUser, because of this we are not getting the permission.
6. After upgrade from 7.3.2 to 9.2.0, we are facing this in Employee Service.

Are we missing anything to get Roles claims/CurrentUser in Employee Service?

Hi,

Sent you email.

[liming.ma@volosoft.com] said: hi

Add it to the project that has forbidden erros And can you share the debug logs for forbidden erros?

https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

Thanks.

Hi We have added the code in both web and one of the service still getting the autorization error, I have emails the log files to ur email id

[liming.ma@volosoft.com] said:

If we check the permissions in JS we are able to see the proper permissions but not at backend so getting forbidden erros.

Sorry for that. I missed it.

Can you check the claims value and type by adding a custom middleware after UseAuthentication?

app.UseAuthentication(); 
 
app.Use(async (httpContext, next) => 
{ 
    var claims = httpContext.User.Claims; 
    var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>().GetAllClaims(); 
     
    var userid = AbpClaimTypes.UserId; 
    var username = AbpClaimTypes.UserName; 
    var roleClaimType = AbpClaimTypes.Role; 
     
    await next(httpContext); 
}); 
 

Thanks.

Thanks for the quick response, I belive this need to be added in Web Module file right. will give a try and update you back.