New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abp.Authorization.AbpAuthorizationException: Current user did not login to the application! #6175
Comments
This might happen when your web server is recycled. If you are using IIS, you can configure it to always running mode. |
Hi @ismcagdas I changed Appplication Pools ->Advanced Settings -> start Mode (AlwaysRunning) and i have still the same issue |
@ontur00 thanks, we will check this in details. |
ABP - Version 5.1.0.0 Hello, I tested the application despite the constant activity of the user, clicking and moving the mouse logs out after about 30-40 minutes. Chats.cs Index.js `var keepSessionAlive = false; function SetupSessionUpdater(actionUrl) { function CheckToKeepSessionAlive() { function KeepSessionAlive2() { |
@ontur00 sorry for the late reply. Do you go to other pages during your test ? If not, the cookie's expire time will not change and user will be logged out. This is the expected case. |
@ismcagdas I'm not passing, I understand that this is how the framework works. Is there any workaround for this? He needs to stay on one page after the user logs in, and he will not go to other subpages. Or, is it possible to extend the cookie expiry time |
I think you can update the cookie's expire time by modifying this line https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Resources/Abp/Framework/scripts/libs/abp.jquery.js#L39 |
Currently @ontur00 is unavailable so I'll continue the issue. Can you give us example on how to modify this line to update cookie's expiry time? Also from what we see the expiry time is supposed to be as long as browser session, but after about 30 minutes we have the same issue as if we delete the cookie manually. From our POV it looks like a bug. Is there maybe a workaround for this? |
@DWiszyns sorry for the late reply, I will check it again. If the cookie expire time doesn't have a value, you don't have to change it. |
@ismcagdas were you able to check it again? |
Sorry, didn't have time yet but probably will check it this week. Sorry for the delay. |
@ismcagdas Were you able to check it last week? |
I did the tests, they go through the subpages every 1 minute and so the user logged off after 30 minutes. |
Hello, is there a workaround currently available in version 6.5? |
Is there any information on the session logout error. |
When are you planning to release version 7. Will there be a fix for the logout error in it? It is very necessary or some kind of workaround |
@ontur00 we couldn't reproduce this on our side. I have some questions for you.
Thanks, |
|
Thanks. I downloaded a new version 2 days ago, runned it using visual studio, waited 30 mins without any action and couldn't reproduce the problem. If you can reproduce it and share the steps, I will really appreciate it. |
I tested publish on IIS template 7.x version, there was no problem, even after 10 hours it did not log out. Do you have any advice on migrating the old project to the version 7.x template |
@ontur00 thanks for taking your time and trying this. We normally suggest an approach similar to https://docs.aspnetzero.com/en/common/latest/Version-Updating for templates. You can implement same approach for your project. You can only try to upgrade authentication related parts of the project. |
@ismcagdas Which module to copy to update regarding authencation? |
As far as I remember, you should update Web.Core and Web.Mvc but if you do that, it might create other problems. I think it is better to upgrade all projects if possible. |
I couldn't come up with an solution idea since we can't reproduce the problem. Maybe you can write extra logs and try to figure out why security stamp is not valid. |
@Saxroll did you find a solution to this problem ? |
@ismcagdas I am experiencing the same problem while using Microsoft Identity (not IdentityServer) with default authentication (application cookie). When I use:
I will get logged out after 30 seconds. |
As stated by @Saxroll, this seems to be an issue with the security stamp validation. This is currently stopping us from going live, so I had to use the workaround that @Saxroll described by adding the following to the Startup class:
I also added the following event handler to overrule the validation process:
The only downside is that this means that we are not using the security stamp functionality anymore, but I guess it did not work currently anyways. @ismcagdas If you find a fix for the security stamp validation issues, please let me know. |
@AntheusS Are you using 2FA? |
@acjh Yes. 2FA is enabled. It occurs for both users that have 2FA enabled and users that have 2FA disabled. |
This should be fixed in PR #6414. |
Hi. Unfortunately not yet. We stay on a workaround with disabled security stamp validataion and its cons. We will be investigating further and trying to find solution later. |
Error at application
After about 30 minutes of logging in, the application shows an error Current user did not login to the application!
Log
WARN 2021-06-14 12:29:57,233 [76 ] Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Current user did not login to the application!
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable
1 authorizeAttributes) at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type) at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type) at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) Abp.Authorization.AbpAuthorizationException: Current user did not login to the application! at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable
1 authorizeAttributes)at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
log.txt
The text was updated successfully, but these errors were encountered: