Activities of "viswajwalith"

[liming.ma@volosoft.com] said: hi

Removing IdentityServer4 from the Back office Web project will fix this error.

As you can see. the IdentityServer4 is used in your Back office Web project

As I mentioned earlier, we have overcome this issue by assigning the claims again but now facing the permissions issue

[liming.ma@volosoft.com] said: hi

Please try to remove IdentityServer4 from Back office Web project first.

Then, the claims problem you can see https://abp.io/community/articles/how-claim-type-works-in-asp-net-core-and-abp-framework-km5dw6g1

Thanks.

Hi, Thanks for the response but I feel there is some miss-understanding, still we tried to find the reference for IdentityServer4 across our web project but no where we found that. If you can elobrate much more that might be useful.

Our Back Office Web Project has a reference to IdentityServer Web and Web dosent have reference to Identity4 and we checked over there as well but not able to find any clue

Also we are not in a plans to OpenIdDict and want to continue with IdentityServer4 for now. Do u think still IdentityServer4 need to be removed from web project?

[liming.ma@volosoft.com] said: hi

Your Back office Web project has an indirect dependency on IdentityServer4

Please search code and remove it.

Hi, we made some changes to map all the claims received via token to claimsIdentity in "ConfigureServices" under web module file . After that change we are able to login and roles are showing as mapped but permissins are not mapping to the logged in user in backend.

If we check the permissions in JS we are able to see the proper permissions but not at backend so getting forbidden erros.

Please advise.

Note: We still using IdentityServer4 and if we are making callss to API via PostMan getting the data without any roles or permissions issues

            options.Events = new OpenIdConnectEvents
            {
                OnRemoteFailure = context =>
                {
                    Log.Information("Remote login failed: " + context.Failure?.Message);
                    return Task.CompletedTask;
                },
                OnTokenValidated = context =>
{
    Log.Information("Token validated!");

    var claimsIdentity = context.Principal.Identity as ClaimsIdentity;

    var idToken = context.ProtocolMessage.IdToken;
    var handler = new JwtSecurityTokenHandler();
    var token = handler.ReadJwtToken(idToken);

    foreach (var claim in token.Claims)
    {
        if (!claimsIdentity.HasClaim(c => c.Type == claim.Type && c.Value == claim.Value))
        {
            Log.Information($"Manually adding claim: {claim.Type} = {claim.Value}");
            claimsIdentity.AddClaim(claim);
        }
    }

    return Task.CompletedTask;
}
            };

It s not possible to send the code we may have the screenshare session to take this further.

Hi Maliming,

Sent you email.

Hi Maliming,

Sent you email.

Hi Maliming,

can you share your Email id.

Dear Maliming,

Is https://localhost:44321/ an Identity Server website? - No, It is not Identity server, it is Back office Web. Are you signed in by external login? - No

1. Check your user claims generation logic and ensure the sub claim is present and correctly mapped for the authenticated user. - sub claim is mapped for the authenticated user.
2. Review any custom profile service or claims transformation code to ensure it is not omitting the sub claim.- We did not implemented any custom logic.
3. If you are using custom login or external authentication providers, ensure they provide the sub claim in the identity token. - We did not implemented any custom logic and not using any external authentication providers

We have upgraded our application from 7.3.2 to 9.0, and we are continue to use IdentityServer4 (we did not Migrated to OpenIddict). After upgrade from 7.3.2 to 9.0, we are encountering the following error immediately after login in web. It was working in v7.3.2 with IdentityServer4.