From c70a9bc9f3efb83d1a2e6bdb628dbf5b147ddbf2 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Mon, 30 Jun 2025 12:40:45 +0800
Subject: [PATCH 01/11] Add FrontChannelLogoutUri property and related methods
 to OpenIddict application classes

---
 .../Applications/AbpApplicationDescriptor.cs          |  9 +++++++--
 .../OpenIddict/Applications/AbpApplicationManager.cs  | 11 +++++++++++
 .../Applications/AbpOpenIddictApplicationStore.cs     |  7 +++++++
 .../Applications/IAbpOpenIdApplicationStore.cs        |  2 ++
 .../Applications/OpenIddictApplicationModel.cs        |  9 +++++++--
 5 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
index 3b5a4fc247..2e86762747 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
@@ -4,13 +4,18 @@ namespace Volo.Abp.OpenIddict.Applications;
 
 public class AbpApplicationDescriptor : OpenIddictApplicationDescriptor
 {
+    /// <summary>
+    /// Gets or sets the front-channel logout URI associated with the application.
+    /// </summary>
+    public virtual string FrontChannelLogoutUri { get; set; }
+
     /// <summary>
     /// URI to further information about client.
     /// </summary>
-    public string ClientUri { get; set; }
+    public virtual string ClientUri { get; set; }
 
     /// <summary>
     /// URI to client logo.
     /// </summary>
-    public string LogoUri { get; set; }
+    public virtual string LogoUri { get; set; }
 }
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
index e02d671652..a3804b54e0 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
@@ -44,6 +44,7 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
 
         if (descriptor is AbpApplicationDescriptor model)
         {
+            model.FrontChannelLogoutUri = application.FrontChannelLogoutUri;
             model.ClientUri = application.ClientUri;
             model.LogoUri = application.LogoUri;
         }
@@ -55,11 +56,21 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
 
         if (descriptor is AbpApplicationDescriptor model)
         {
+            application.FrontChannelLogoutUri = model.FrontChannelLogoutUri;
             application.ClientUri = model.ClientUri;
             application.LogoUri = model.LogoUri;
         }
     }
 
+    public virtual async ValueTask<string> GetFrontChannelLogoutUriAsync(object application, CancellationToken cancellationToken = default)
+    {
+        Check.NotNull(application, nameof(application));
+        Check.AssignableTo<IAbpOpenIdApplicationStore>(application.GetType(), nameof(application));
+
+        return await Store.As<IAbpOpenIdApplicationStore>().GetFrontChannelLogoutUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
+    }
+
+
     public virtual async ValueTask<string> GetClientUriAsync(object application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpOpenIddictApplicationStore.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpOpenIddictApplicationStore.cs
index 416d90b3b7..f604a0960c 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpOpenIddictApplicationStore.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpOpenIddictApplicationStore.cs
@@ -635,6 +635,13 @@ public class AbpOpenIddictApplicationStore : AbpOpenIddictStoreBase<IOpenIddictA
         }
     }
 
+    public virtual async ValueTask<string> GetFrontChannelLogoutUriAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default)
+    {
+        Check.NotNull(application, nameof(application));
+
+        return await new ValueTask<string>(application.FrontChannelLogoutUri);
+    }
+
     public virtual ValueTask<string> GetClientUriAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpOpenIdApplicationStore.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpOpenIdApplicationStore.cs
index ca2cd50102..9dd0b70515 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpOpenIdApplicationStore.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpOpenIdApplicationStore.cs
@@ -6,6 +6,8 @@ namespace Volo.Abp.OpenIddict.Applications;
 
 public interface IAbpOpenIdApplicationStore : IOpenIddictApplicationStore<OpenIddictApplicationModel>
 {
+    ValueTask<string> GetFrontChannelLogoutUriAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default);
+
     ValueTask<string> GetClientUriAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default);
 
     ValueTask<string> GetLogoUriAsync(OpenIddictApplicationModel application, CancellationToken cancellationToken = default);
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationModel.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationModel.cs
index 48a376769f..6841b10a04 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationModel.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationModel.cs
@@ -89,13 +89,18 @@ public class OpenIddictApplicationModel : ExtensibleObject
     /// </summary>
     public virtual string Settings { get; set; }
 
+    /// <summary>
+    /// Gets or sets the front-channel logout URI associated with the application.
+    /// </summary>
+    public virtual string FrontChannelLogoutUri { get; set; }
+
     /// <summary>
     /// URI to further information about client.
     /// </summary>
-    public string ClientUri { get; set; }
+    public virtual string ClientUri { get; set; }
 
     /// <summary>
     /// URI to client logo.
     /// </summary>
-    public string LogoUri { get; set; }
+    public virtual string LogoUri { get; set; }
 }

From 56bb869955361067362d1603349369c26e00968c Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Mon, 30 Jun 2025 13:47:56 +0800
Subject: [PATCH 02/11] Add `sid` claim to openiddict's `principal`.

---
 .../Pages/Index.cshtml                        | 21 +++++++++++++++++++
 .../OpenIddict.Demo.Server/Pages/Index.cshtml | 14 +++++++++----
 .../Controllers/AuthorizeController.cs        | 15 +++++++++++++
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
index dc32cca59c..ea4a9f3347 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
@@ -15,17 +15,38 @@
     @if (HttpContext.User.Identity != null && HttpContext.User.Identity.IsAuthenticated)
     {
         <ul class="list-group mt-3 text-start">
+            <p>Current User</p>
             @foreach (var claim in HttpContext.User.Claims)
             {
                 <li class="list-group-item">@claim.Type : @claim.Value</li>
             }
         </ul>
 
+        <ul class="list-group mt-3 text-start">
+            <p>oidc</p>
+            @{
+                var oidc = await HttpContext.AuthenticateAsync("oidc");
+                if (oidc.Principal != null)
+                {
+                    foreach (var claim in oidc.Principal.Claims)
+                    {
+                        <li class="list-group-item">@claim.Type : @claim.Value</li>
+                    }
+                }
+            }
+        </ul>
+
+
         <p>HttpContext.GetTokenAsync("access_token")
             <br/>
             @await HttpContext.GetTokenAsync("access_token")
         </p>
 
+        <p>HttpContext.GetTokenAsync("id_token")
+            <br/>
+            @await HttpContext.GetTokenAsync("id_token")
+        </p>
+
         var client = new HttpClient();
         var request = new HttpRequestMessage(HttpMethod.Get, "https://localhost:44303/api/claims");
         request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", await HttpContext.GetTokenAsync("access_token"));
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Pages/Index.cshtml b/modules/openiddict/app/OpenIddict.Demo.Server/Pages/Index.cshtml
index fd28464cc7..daa3ee9b95 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Pages/Index.cshtml
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Pages/Index.cshtml
@@ -4,7 +4,13 @@
     ViewData["Title"] = "Home page";
 }
 
-<div class="text-center">
-    <h1 class="display-4">Welcome</h1>
-    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
-</div>
\ No newline at end of file
+@if (HttpContext.User.Identity != null && HttpContext.User.Identity.IsAuthenticated)
+{
+    <ul class="list-group mt-3 text-start">
+        <p>Current User</p>
+        @foreach (var claim in HttpContext.User.Claims)
+        {
+            <li class="list-group-item">@claim.Type : @claim.Value</li>
+        }
+    </ul>
+}
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
index 5c2f6ef996..a8350e22e5 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
@@ -148,6 +149,13 @@ public class AuthorizeController : AbpOpenIdDictControllerBase
             case OpenIddictConstants.ConsentTypes.Explicit when authorizations.Any() && !request.HasPromptValue(OpenIddictConstants.PromptValues.Consent):
                 var principal = await SignInManager.CreateUserPrincipalAsync(user);
 
+                var sid = dynamicPrincipal.FindFirst(JwtRegisteredClaimNames.Sid);
+                if (sid != null)
+                {
+                    principal.RemoveClaims(JwtRegisteredClaimNames.Sid);
+                    principal.AddClaim(JwtRegisteredClaimNames.Sid, sid.Value);
+                }
+
                 if (result.Properties != null && result.Properties.IsPersistent)
                 {
                     var claim = new Claim(AbpClaimTypes.RememberMe, true.ToString()).SetDestinations(OpenIddictConstants.Destinations.AccessToken);
@@ -247,6 +255,13 @@ public class AuthorizeController : AbpOpenIdDictControllerBase
 
         var principal = await SignInManager.CreateUserPrincipalAsync(user);
 
+        var sid = User.FindFirst(JwtRegisteredClaimNames.Sid);
+        if (sid != null)
+        {
+            principal.RemoveClaims(JwtRegisteredClaimNames.Sid);
+            principal.AddClaim(JwtRegisteredClaimNames.Sid, sid.Value);
+        }
+
         var result = await HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
         if (result.Succeeded && result.Properties != null && result.Properties.IsPersistent)
         {

From 5a29733f3de9481a2a5ff7bee3f1370c805c688a Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Mon, 30 Jun 2025 13:58:49 +0800
Subject: [PATCH 03/11] Add FrontChannelLogoutUri property to
 OpenIddictApplication

---
 ...tial.Designer.cs => 20250630055813_Initial.Designer.cs} | 7 +++++--
 ...20250215074649_Initial.cs => 20250630055813_Initial.cs} | 1 +
 .../Migrations/ServerDbContextModelSnapshot.cs             | 5 ++++-
 .../Abp/OpenIddict/Applications/OpenIddictApplication.cs   | 5 +++++
 .../Applications/OpenIddictApplicationExtensions.cs        | 2 ++
 5 files changed, 17 insertions(+), 3 deletions(-)
 rename modules/openiddict/app/OpenIddict.Demo.Server/Migrations/{20250215074649_Initial.Designer.cs => 20250630055813_Initial.Designer.cs} (99%)
 rename modules/openiddict/app/OpenIddict.Demo.Server/Migrations/{20250215074649_Initial.cs => 20250630055813_Initial.cs} (99%)

diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.Designer.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.Designer.cs
similarity index 99%
rename from modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.Designer.cs
rename to modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.Designer.cs
index fec1a9f143..5c4b03ed99 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.Designer.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.Designer.cs
@@ -13,7 +13,7 @@ using Volo.Abp.EntityFrameworkCore;
 namespace OpenIddict.Demo.Server.Migrations
 {
     [DbContext(typeof(ServerDbContext))]
-    [Migration("20250215074649_Initial")]
+    [Migration("20250630055813_Initial")]
     partial class Initial
     {
         /// <inheritdoc />
@@ -22,7 +22,7 @@ namespace OpenIddict.Demo.Server.Migrations
 #pragma warning disable 612, 618
             modelBuilder
                 .HasAnnotation("_Abp_DatabaseProvider", EfCoreDatabaseProvider.SqlServer)
-                .HasAnnotation("ProductVersion", "9.0.0")
+                .HasAnnotation("ProductVersion", "9.0.5")
                 .HasAnnotation("Relational:MaxIdentifierLength", 128);
 
             SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder);
@@ -938,6 +938,9 @@ namespace OpenIddict.Demo.Server.Migrations
                         .HasColumnType("nvarchar(max)")
                         .HasColumnName("ExtraProperties");
 
+                    b.Property<string>("FrontChannelLogoutUri")
+                        .HasColumnType("nvarchar(max)");
+
                     b.Property<bool>("IsDeleted")
                         .ValueGeneratedOnAdd()
                         .HasColumnType("bit")
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.cs
similarity index 99%
rename from modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.cs
rename to modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.cs
index fdf8dac987..77775a3324 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250215074649_Initial.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/20250630055813_Initial.cs
@@ -378,6 +378,7 @@ namespace OpenIddict.Demo.Server.Migrations
                     RedirectUris = table.Column<string>(type: "nvarchar(max)", nullable: true),
                     Requirements = table.Column<string>(type: "nvarchar(max)", nullable: true),
                     Settings = table.Column<string>(type: "nvarchar(max)", nullable: true),
+                    FrontChannelLogoutUri = table.Column<string>(type: "nvarchar(max)", nullable: true),
                     ClientUri = table.Column<string>(type: "nvarchar(max)", nullable: true),
                     LogoUri = table.Column<string>(type: "nvarchar(max)", nullable: true),
                     ExtraProperties = table.Column<string>(type: "nvarchar(max)", nullable: false),
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs
index 4099fccc43..ff0eaf970c 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Migrations/ServerDbContextModelSnapshot.cs
@@ -19,7 +19,7 @@ namespace OpenIddict.Demo.Server.Migrations
 #pragma warning disable 612, 618
             modelBuilder
                 .HasAnnotation("_Abp_DatabaseProvider", EfCoreDatabaseProvider.SqlServer)
-                .HasAnnotation("ProductVersion", "9.0.0")
+                .HasAnnotation("ProductVersion", "9.0.5")
                 .HasAnnotation("Relational:MaxIdentifierLength", 128);
 
             SqlServerModelBuilderExtensions.UseIdentityColumns(modelBuilder);
@@ -935,6 +935,9 @@ namespace OpenIddict.Demo.Server.Migrations
                         .HasColumnType("nvarchar(max)")
                         .HasColumnName("ExtraProperties");
 
+                    b.Property<string>("FrontChannelLogoutUri")
+                        .HasColumnType("nvarchar(max)");
+
                     b.Property<bool>("IsDeleted")
                         .ValueGeneratedOnAdd()
                         .HasColumnType("bit")
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
index e88370e874..a141be9a68 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
@@ -94,6 +94,11 @@ public class OpenIddictApplication : FullAuditedAggregateRoot<Guid>
     /// </summary>
     public virtual string Settings { get; set; }
 
+    /// <summary>
+    /// Gets or sets the front-channel logout URI associated with the application.
+    /// </summary>
+    public virtual string FrontChannelLogoutUri { get; set; }
+
     /// <summary>
     /// URI to further information about client.
     /// </summary>
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
index 791136316a..8685c70ae8 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
@@ -27,6 +27,7 @@ public static class OpenIddictApplicationExtensions
             RedirectUris = model.RedirectUris,
             Requirements = model.Requirements,
             Settings = model.Settings,
+            FrontChannelLogoutUri = model.FrontChannelLogoutUri,
             ClientUri = model.ClientUri,
             LogoUri = model.LogoUri
         };
@@ -59,6 +60,7 @@ public static class OpenIddictApplicationExtensions
         entity.RedirectUris = model.RedirectUris;
         entity.Requirements = model.Requirements;
         entity.Settings = model.Settings;
+        entity.FrontChannelLogoutUri = model.FrontChannelLogoutUri;
         entity.ClientUri = model.ClientUri;
         entity.LogoUri = model.LogoUri;
 

From dd9590f5f2d22af34fafadca0f8db821e84a68bb Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Mon, 30 Jun 2025 15:29:36 +0800
Subject: [PATCH 04/11] Refactor FrontChannelLogoutUri property to use Uri.

---
 .../Applications/AbpApplicationDescriptor.cs  |  5 +++--
 .../Applications/AbpApplicationManager.cs     | 22 ++++++++++++++++---
 .../Applications/IAbpApplicationManager.cs    |  2 ++
 .../Applications/OpenIddictApplication.cs     |  4 ++--
 4 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
index 2e86762747..5fb2de1205 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationDescriptor.cs
@@ -1,4 +1,5 @@
-using OpenIddict.Abstractions;
+using System;
+using OpenIddict.Abstractions;
 
 namespace Volo.Abp.OpenIddict.Applications;
 
@@ -7,7 +8,7 @@ public class AbpApplicationDescriptor : OpenIddictApplicationDescriptor
     /// <summary>
     /// Gets or sets the front-channel logout URI associated with the application.
     /// </summary>
-    public virtual string FrontChannelLogoutUri { get; set; }
+    public virtual Uri FrontChannelLogoutUri { get; set; }
 
     /// <summary>
     /// URI to further information about client.
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
index a3804b54e0..8e9a1e0b0b 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
@@ -44,7 +44,17 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
 
         if (descriptor is AbpApplicationDescriptor model)
         {
-            model.FrontChannelLogoutUri = application.FrontChannelLogoutUri;
+
+            if (!application.FrontChannelLogoutUri.IsNullOrWhiteSpace())
+            {
+                if (!Uri.TryCreate(application.FrontChannelLogoutUri, UriKind.Absolute, out var uri) || IsImplicitFileUri(uri))
+                {
+                    throw new ArgumentException(OpenIddictResources.GetResourceString("ID0214"));
+                }
+
+                model.FrontChannelLogoutUri = uri;
+            }
+
             model.ClientUri = application.ClientUri;
             model.LogoUri = application.LogoUri;
         }
@@ -56,7 +66,7 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
 
         if (descriptor is AbpApplicationDescriptor model)
         {
-            application.FrontChannelLogoutUri = model.FrontChannelLogoutUri;
+            application.FrontChannelLogoutUri = model.FrontChannelLogoutUri?.OriginalString;
             application.ClientUri = model.ClientUri;
             application.LogoUri = model.LogoUri;
         }
@@ -70,7 +80,6 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
         return await Store.As<IAbpOpenIdApplicationStore>().GetFrontChannelLogoutUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
     }
 
-
     public virtual async ValueTask<string> GetClientUriAsync(object application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
@@ -86,4 +95,11 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
 
         return await Store.As<IAbpOpenIdApplicationStore>().GetLogoUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
     }
+
+    protected virtual bool IsImplicitFileUri(Uri uri)
+    {
+        Check.NotNull(uri, nameof(uri));
+
+        return uri.IsAbsoluteUri && uri.IsFile && !uri.OriginalString.StartsWith(uri.Scheme, StringComparison.OrdinalIgnoreCase);
+    }
 }
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpApplicationManager.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpApplicationManager.cs
index 1f12a9d088..b0dd375908 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpApplicationManager.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/IAbpApplicationManager.cs
@@ -6,6 +6,8 @@ namespace Volo.Abp.OpenIddict.Applications;
 
 public interface IAbpApplicationManager : IOpenIddictApplicationManager
 {
+    ValueTask<string> GetFrontChannelLogoutUriAsync(object application, CancellationToken cancellationToken = default);
+
     ValueTask<string> GetClientUriAsync(object application, CancellationToken cancellationToken = default);
 
     ValueTask<string> GetLogoUriAsync(object application, CancellationToken cancellationToken = default);
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
index a141be9a68..d2f7b5f752 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplication.cs
@@ -102,10 +102,10 @@ public class OpenIddictApplication : FullAuditedAggregateRoot<Guid>
     /// <summary>
     /// URI to further information about client.
     /// </summary>
-    public string ClientUri { get; set; }
+    public virtual string ClientUri { get; set; }
 
     /// <summary>
     /// URI to client logo.
     /// </summary>
-    public string LogoUri { get; set; }
+    public virtual string LogoUri { get; set; }
 }

From f2a57ee0c33101c87eef22902f3baaa21269bfe8 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Mon, 30 Jun 2025 17:39:53 +0800
Subject: [PATCH 05/11] Update application type checks to use
 OpenIddictApplicationModel and include FrontChannelLogoutUri in ToModel
 method

---
 .../Abp/OpenIddict/Applications/AbpApplicationManager.cs    | 6 +++---
 .../Applications/OpenIddictApplicationExtensions.cs         | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
index 8e9a1e0b0b..99b44e4293 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/AbpApplicationManager.cs
@@ -75,7 +75,7 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
     public virtual async ValueTask<string> GetFrontChannelLogoutUriAsync(object application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
-        Check.AssignableTo<IAbpOpenIdApplicationStore>(application.GetType(), nameof(application));
+        Check.AssignableTo<OpenIddictApplicationModel>(application.GetType(), nameof(application));
 
         return await Store.As<IAbpOpenIdApplicationStore>().GetFrontChannelLogoutUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
     }
@@ -83,7 +83,7 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
     public virtual async ValueTask<string> GetClientUriAsync(object application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
-        Check.AssignableTo<IAbpOpenIdApplicationStore>(application.GetType(), nameof(application));
+        Check.AssignableTo<OpenIddictApplicationModel>(application.GetType(), nameof(application));
 
         return await Store.As<IAbpOpenIdApplicationStore>().GetClientUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
     }
@@ -91,7 +91,7 @@ public class AbpApplicationManager : OpenIddictApplicationManager<OpenIddictAppl
     public virtual async ValueTask<string> GetLogoUriAsync(object application, CancellationToken cancellationToken = default)
     {
         Check.NotNull(application, nameof(application));
-        Check.AssignableTo<IAbpOpenIdApplicationStore>(application.GetType(), nameof(application));
+        Check.AssignableTo<OpenIddictApplicationModel>(application.GetType(), nameof(application));
 
         return await Store.As<IAbpOpenIdApplicationStore>().GetLogoUriAsync(application.As<OpenIddictApplicationModel>(), cancellationToken);
     }
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
index 8685c70ae8..818a40f973 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.Domain/Volo/Abp/OpenIddict/Applications/OpenIddictApplicationExtensions.cs
@@ -102,6 +102,7 @@ public static class OpenIddictApplicationExtensions
             RedirectUris = entity.RedirectUris,
             Requirements = entity.Requirements,
             Settings = entity.Settings,
+            FrontChannelLogoutUri = entity.FrontChannelLogoutUri,
             ClientUri = entity.ClientUri,
             LogoUri = entity.LogoUri
         };

From 25c815985d0ef953fbae7baedbce9b12c666fb3f Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 1 Jul 2025 09:36:36 +0800
Subject: [PATCH 06/11] Refactor security headers middleware to reintroduce
 essential security headers and improve code organization.

---
 ...etCoreAuthenticationOpenIdConnectModule.cs |  6 ++++++
 .../Security/AbpSecurityHeadersMiddleware.cs  | 20 +++++++++----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/framework/src/Volo.Abp.AspNetCore.Authentication.OpenIdConnect/Volo/Abp/AspNetCore/Authentication/OpenIdConnect/AbpAspNetCoreAuthenticationOpenIdConnectModule.cs b/framework/src/Volo.Abp.AspNetCore.Authentication.OpenIdConnect/Volo/Abp/AspNetCore/Authentication/OpenIdConnect/AbpAspNetCoreAuthenticationOpenIdConnectModule.cs
index ba21ef11fd..4fc7c4ca75 100644
--- a/framework/src/Volo.Abp.AspNetCore.Authentication.OpenIdConnect/Volo/Abp/AspNetCore/Authentication/OpenIdConnect/AbpAspNetCoreAuthenticationOpenIdConnectModule.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Authentication.OpenIdConnect/Volo/Abp/AspNetCore/Authentication/OpenIdConnect/AbpAspNetCoreAuthenticationOpenIdConnectModule.cs
@@ -1,5 +1,6 @@
 using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.AspNetCore.Authentication.OAuth;
+using Volo.Abp.AspNetCore.Security;
 using Volo.Abp.Modularity;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.RemoteServices;
@@ -16,5 +17,10 @@ public class AbpAspNetCoreAuthenticationOpenIdConnectModule : AbpModule
     public override void ConfigureServices(ServiceConfigurationContext context)
     {
         context.Services.AddHttpClient();
+
+        Configure<AbpSecurityHeadersOptions>(options =>
+        {
+            options.IgnoredScriptNoncePaths.Add("/signout-oidc");
+        });
     }
 }
diff --git a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
index 2d231c46ee..5a1da8e3d3 100644
--- a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
+++ b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
@@ -30,16 +30,6 @@ public class AbpSecurityHeadersMiddleware : AbpMiddlewareBase, ITransientDepende
             await next.Invoke(context);
             return;
         }
-
-        /*X-Content-Type-Options header tells the browser to not try and “guess” what a mimetype of a resource might be, and to just take what mimetype the server has returned as fact.*/
-        AddHeader(context, "X-Content-Type-Options", "nosniff");
-
-        /*X-XSS-Protection is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks*/
-        AddHeader(context, "X-XSS-Protection", "1; mode=block");
-
-        /*The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. SAMEORIGIN makes it being displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain*/
-        AddHeader(context, "X-Frame-Options", "SAMEORIGIN");
-
         var requestAcceptTypeHtml = context.Request.Headers["Accept"].Any(x =>
             x!.Contains("text/html") || x.Contains("*/*") || x.Contains("application/xhtml+xml"));
 
@@ -54,13 +44,21 @@ public class AbpSecurityHeadersMiddleware : AbpMiddlewareBase, ITransientDepende
             return;
         }
 
+        /*X-Content-Type-Options header tells the browser to not try and “guess” what a mimetype of a resource might be, and to just take what mimetype the server has returned as fact.*/
+        AddHeader(context, "X-Content-Type-Options", "nosniff");
+
+        /*X-XSS-Protection is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks*/
+        AddHeader(context, "X-XSS-Protection", "1; mode=block");
+
+        /*The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. SAMEORIGIN makes it being displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain*/
+        AddHeader(context, "X-Frame-Options", "SAMEORIGIN");
+
         if (Options.Value.UseContentSecurityPolicyScriptNonce)
         {
             var randomValue = Guid.NewGuid().ToString("N");
             context.Items.Add(AbpAspNetCoreConsts.ScriptNonceKey, randomValue);
         }
 
-
         context.Response.OnStarting(() =>
         {
             if (context.Response.Headers.ContainsKey("Content-Security-Policy"))

From 814f44d5335e5eccd839fa69dfa3f1cfbd1ea9d1 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 1 Jul 2025 10:16:26 +0800
Subject: [PATCH 07/11] Enhance security headers middleware to improve header
 management and add tests for ignored headers

---
 .../Security/AbpSecurityHeadersMiddleware.cs  | 31 ++++++++++---------
 .../Headers/SecurityHeadersTestController.cs  |  8 +++++
 .../SecurityHeadersTestController_Tests.cs    | 14 ++++++++-
 3 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
index 5a1da8e3d3..f1f2c9016e 100644
--- a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
+++ b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
@@ -25,24 +25,13 @@ public class AbpSecurityHeadersMiddleware : AbpMiddlewareBase, ITransientDepende
     {
         var endpoint = context.GetEndpoint();
 
-        if (endpoint?.Metadata.GetMetadata<IgnoreAbpSecurityHeaderAttribute>() != null)
+        if (endpoint?.Metadata.GetMetadata<IgnoreAbpSecurityHeaderAttribute>() != null ||
+            await AlwaysIgnoreContentTypes(context) ||
+            Options.Value.IgnoredScriptNoncePaths.Any(x => context.Request.Path.StartsWithSegments(x.EnsureStartsWith('/'), StringComparison.OrdinalIgnoreCase)))
         {
             await next.Invoke(context);
             return;
         }
-        var requestAcceptTypeHtml = context.Request.Headers["Accept"].Any(x =>
-            x!.Contains("text/html") || x.Contains("*/*") || x.Contains("application/xhtml+xml"));
-
-        if (!requestAcceptTypeHtml
-            || !Options.Value.UseContentSecurityPolicyHeader
-            || await AlwaysIgnoreContentTypes(context)
-            || endpoint == null
-            || Options.Value.IgnoredScriptNoncePaths.Any(x => context.Request.Path.StartsWithSegments(x.EnsureStartsWith('/'), StringComparison.OrdinalIgnoreCase)))
-        {
-            AddOtherHeaders(context);
-            await next.Invoke(context);
-            return;
-        }
 
         /*X-Content-Type-Options header tells the browser to not try and “guess” what a mimetype of a resource might be, and to just take what mimetype the server has returned as fact.*/
         AddHeader(context, "X-Content-Type-Options", "nosniff");
@@ -53,6 +42,20 @@ public class AbpSecurityHeadersMiddleware : AbpMiddlewareBase, ITransientDepende
         /*The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. SAMEORIGIN makes it being displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain*/
         AddHeader(context, "X-Frame-Options", "SAMEORIGIN");
 
+        var requestAcceptTypeHtml = context.Request.Headers["Accept"].Any(x =>
+            x!.Contains("text/html", StringComparison.OrdinalIgnoreCase) ||
+            x.Contains("*/*", StringComparison.OrdinalIgnoreCase) ||
+            x.Contains("application/xhtml+xml", StringComparison.OrdinalIgnoreCase));
+
+        if (!requestAcceptTypeHtml
+            || !Options.Value.UseContentSecurityPolicyHeader
+            || endpoint == null)
+        {
+            AddOtherHeaders(context);
+            await next.Invoke(context);
+            return;
+        }
+
         if (Options.Value.UseContentSecurityPolicyScriptNonce)
         {
             var randomValue = Guid.NewGuid().ToString("N");
diff --git a/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController.cs b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController.cs
index 8e92558cb8..aa6462996a 100644
--- a/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController.cs
+++ b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController.cs
@@ -2,10 +2,18 @@
 
 namespace Volo.Abp.AspNetCore.Mvc.Security.Headers;
 
+[Route("SecurityHeadersTest")]
 public class SecurityHeadersTestController : AbpController
 {
+    [HttpGet("Get")]
     public ActionResult Get()
     {
         return Content("OK");
     }
+
+    [HttpGet("ignored")]
+    public ActionResult Get_Ignored()
+    {
+        return Content("OK");
+    }
 }
diff --git a/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController_Tests.cs b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController_Tests.cs
index 336c7fe8db..b71103620b 100644
--- a/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController_Tests.cs
+++ b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Security/Headers/SecurityHeadersTestController_Tests.cs
@@ -15,6 +15,8 @@ public class SecurityHeadersTestController_Tests : AspNetCoreMvcTestBase
         {
             options.UseContentSecurityPolicyHeader = true;
             options.Headers["Referrer-Policy"] = "no-referrer";
+
+            options.IgnoredScriptNoncePaths.Add("/SecurityHeadersTest/ignored");
         });
 
         base.ConfigureServices(services);
@@ -27,7 +29,6 @@ public class SecurityHeadersTestController_Tests : AspNetCoreMvcTestBase
         responseMessage.Headers.ShouldContain(x => x.Key == "X-Content-Type-Options" & x.Value.First().ToString() == "nosniff");
         responseMessage.Headers.ShouldContain(x => x.Key == "X-XSS-Protection" & x.Value.First().ToString() == "1; mode=block");
         responseMessage.Headers.ShouldContain(x => x.Key == "X-Frame-Options" & x.Value.First().ToString() == "SAMEORIGIN");
-        responseMessage.Headers.ShouldContain(x => x.Key == "X-Content-Type-Options" & x.Value.First().ToString() == "nosniff");
     }
 
     [Fact]
@@ -37,4 +38,15 @@ public class SecurityHeadersTestController_Tests : AspNetCoreMvcTestBase
         responseMessage.Headers.ShouldNotBeEmpty();
         responseMessage.Headers.ShouldContain(x => x.Key == "Referrer-Policy" && x.Value.First().ToString() == "no-referrer");
     }
+
+    [Fact]
+    public async Task SecurityHeaders_Should_Be_Ignored()
+    {
+        var responseMessage = await GetResponseAsync("/SecurityHeadersTest/ignored");
+        responseMessage.Headers.ShouldNotBeEmpty();
+        responseMessage.Headers.ShouldNotContain(x => x.Key == "X-Content-Type-Options" & x.Value.First().ToString() == "nosniff");
+        responseMessage.Headers.ShouldNotContain(x => x.Key == "X-XSS-Protection" & x.Value.First().ToString() == "1; mode=block");
+        responseMessage.Headers.ShouldNotContain(x => x.Key == "X-Frame-Options" & x.Value.First().ToString() == "SAMEORIGIN");
+        responseMessage.Headers.ShouldNotContain(x => x.Key == "Referrer-Policy" && x.Value.First().ToString() == "no-referrer");
+    }
 }

From 6b140577e02276a6e54065ac19f2a2e1f937c641 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Thu, 3 Jul 2025 21:29:56 +0800
Subject: [PATCH 08/11] Simplify ApplicationPart sorting logic

---
 .../AspNetCore/Mvc/ApplicationPartSorter.cs   | 156 ++----------------
 1 file changed, 13 insertions(+), 143 deletions(-)

diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
index 9bc15ae617..2cb30a811e 100644
--- a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
@@ -1,7 +1,5 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
 using System.Linq;
-using System.Reflection;
 using Microsoft.AspNetCore.Mvc.ApplicationParts;
 using Volo.Abp.Modularity;
 
@@ -15,152 +13,24 @@ public static class ApplicationPartSorter
 {
     public static void Sort(ApplicationPartManager partManager, IModuleContainer moduleContainer)
     {
-        /* Performing a double Reverse() to preserve the original order for non-sorted parts
-         */
-
-        var dependencyDictionary = CreateDependencyDictionary(partManager, moduleContainer);
-
-        var sortedParts = partManager
-            .ApplicationParts
-            .Reverse() //First Revers
-            .SortByDependencies(p => dependencyDictionary[p]);
-
-        sortedParts.Reverse(); //Reverse again
-
-        //Replace the original parts with the sorted parts
-        partManager.ApplicationParts.Clear();
-        foreach (var applicationPart in sortedParts)
-        {
-            partManager.ApplicationParts.Add(applicationPart);
-        }
-    }
-
-    private static Dictionary<ApplicationPart, List<ApplicationPart>> CreateDependencyDictionary(
-        ApplicationPartManager partManager, IModuleContainer moduleContainer)
-    {
-        var dependencyDictionary = new Dictionary<ApplicationPart, List<ApplicationPart>>();
-
-        foreach (var applicationPart in partManager.ApplicationParts)
-        {
-            dependencyDictionary[applicationPart] =
-                CreateDependencyList(applicationPart, partManager, moduleContainer);
-        }
-
-        return dependencyDictionary;
-    }
-
-    private static List<ApplicationPart> CreateDependencyList(
-        ApplicationPart applicationPart,
-        ApplicationPartManager partManager,
-        IModuleContainer moduleContainer)
-    {
-        var list = new List<ApplicationPart>();
-
-        if (applicationPart is AssemblyPart assemblyPart)
-        {
-            AddDependencies(list, assemblyPart, partManager, moduleContainer);
-        }
-        else if (applicationPart is CompiledRazorAssemblyPart compiledRazorAssemblyPart)
+        var sortedParts = new List<ApplicationPart>();
+        foreach (var module in moduleContainer.Modules)
         {
-            AddDependencies(list, compiledRazorAssemblyPart, partManager, moduleContainer);
-        }
-
-        return list;
-    }
-
-    private static void AddDependencies(
-        List<ApplicationPart> list,
-        AssemblyPart assemblyPart,
-        ApplicationPartManager partManager,
-        IModuleContainer moduleContainer)
-    {
-        var dependedAssemblyParts = GetDependedAssemblyParts(
-            partManager,
-            moduleContainer,
-            assemblyPart
-        );
-
-        list.AddRange(dependedAssemblyParts);
+            var parts = partManager.ApplicationParts.Where(part =>
+                    (part is AssemblyPart ap && ap.Assembly == module.Assembly) ||
+                    (part is CompiledRazorAssemblyPart crp && crp.Assembly == module.Assembly))
+                .ToList();
 
-        foreach (var dependedAssemblyPart in dependedAssemblyParts)
-        {
-            var viewsPart = GetViewsPartOrNull(partManager, dependedAssemblyPart);
-            if (viewsPart != null)
+            if (!parts.IsNullOrEmpty())
             {
-                list.Add(viewsPart);
+                sortedParts.AddRange(parts);
             }
         }
-    }
-
-    private static void AddDependencies(
-        List<ApplicationPart> list,
-        CompiledRazorAssemblyPart compiledRazorAssemblyPart,
-        ApplicationPartManager partManager,
-        IModuleContainer moduleContainer)
-    {
-        if (!compiledRazorAssemblyPart.Name.EndsWith(".Views"))
-        {
-            return;
-        }
-
-        var originalAssemblyPart = GetOriginalAssemblyPartOrNull(compiledRazorAssemblyPart, partManager);
-        if (originalAssemblyPart == null)
-        {
-            return;
-        }
-
-        list.Add(originalAssemblyPart);
-    }
-
-    private static AssemblyPart[] GetDependedAssemblyParts(
-        ApplicationPartManager partManager,
-        IModuleContainer moduleContainer,
-        AssemblyPart assemblyPart)
-    {
-        var moduleDescriptor = GetModuleDescriptorForAssemblyOrNull(moduleContainer, assemblyPart.Assembly);
-        if (moduleDescriptor == null)
+        sortedParts.Reverse();
+        partManager.ApplicationParts.Clear();
+        foreach (var applicationPart in sortedParts)
         {
-            return Array.Empty<AssemblyPart>();
+            partManager.ApplicationParts.Add(applicationPart);
         }
-
-        var moduleDependedAssemblies = moduleDescriptor
-            .Dependencies
-            .SelectMany(d => d.AllAssemblies)
-            .ToArray();
-
-        return partManager.ApplicationParts
-            .OfType<AssemblyPart>()
-            .Where(a => a.Assembly.IsIn(moduleDependedAssemblies))
-            .Distinct()
-            .ToArray();
-    }
-
-    private static CompiledRazorAssemblyPart? GetViewsPartOrNull(ApplicationPartManager partManager,
-        ApplicationPart assemblyPart)
-    {
-        var viewsAssemblyName = assemblyPart.Name + ".Views";
-        return partManager
-            .ApplicationParts
-            .OfType<CompiledRazorAssemblyPart>()
-            .FirstOrDefault(p => p.Name == viewsAssemblyName);
-    }
-
-    private static AssemblyPart? GetOriginalAssemblyPartOrNull(
-        CompiledRazorAssemblyPart compiledRazorAssemblyPart,
-        ApplicationPartManager partManager)
-    {
-        var originalAssemblyName = compiledRazorAssemblyPart.Name.RemovePostFix(".Views");
-        return partManager.ApplicationParts
-            .OfType<AssemblyPart>()
-            .FirstOrDefault(p => p.Name == originalAssemblyName);
-    }
-
-    private static IAbpModuleDescriptor? GetModuleDescriptorForAssemblyOrNull(
-        IModuleContainer moduleContainer,
-        Assembly assembly)
-    {
-        return moduleContainer
-            .Modules
-            .FirstOrDefault(m => m.AllAssemblies.Contains(assembly));
     }
 }

From 23c31fd6c44a957cc94f68180c74e4f822b9cdb6 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Thu, 3 Jul 2025 21:38:07 +0800
Subject: [PATCH 09/11] Sort ApplicationParts with AssemblyPart last

---
 .../Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
index 2cb30a811e..5c31a438d5 100644
--- a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
@@ -23,7 +23,7 @@ public static class ApplicationPartSorter
 
             if (!parts.IsNullOrEmpty())
             {
-                sortedParts.AddRange(parts);
+                sortedParts.AddRange(parts.OrderBy(x => x is AssemblyPart ? 1 : 0));
             }
         }
         sortedParts.Reverse();

From 1e17125ebf565b0c819a22e8fc8fe3c1c2e99ae5 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 4 Jul 2025 08:17:16 +0800
Subject: [PATCH 10/11] Update build-and-test.yml

---
 .github/workflows/build-and-test.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 8ebcc32bfc..a3017f300e 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -56,9 +56,9 @@ jobs:
       with:
         dotnet-version: 9.0.100
 
-    - name: chown
-      run: |
-        sudo chown -R $USER:$USER /home/runneradmin
+    # - name: chown
+    #   run: |
+    #     sudo chown -R $USER:$USER /home/runneradmin
 
     - name: Build All
       run: ./build-all.ps1

From 88fe08574ea331cb3043b717d9100a20afdb9723 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 4 Jul 2025 10:01:01 +0800
Subject: [PATCH 11/11] Add `ApplicationPartSorter_Tests`.

---
 .../AspNetCore/Mvc/ApplicationPartSorter.cs   | 42 ++++++----
 .../ApplicationPartSorter_Tests.cs            | 79 +++++++++++++++++++
 2 files changed, 106 insertions(+), 15 deletions(-)
 create mode 100644 framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApplicationPart/ApplicationPartSorter_Tests.cs

diff --git a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
index 5c31a438d5..d0ba8b98c0 100644
--- a/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
+++ b/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationPartSorter.cs
@@ -1,5 +1,5 @@
-using System.Collections.Generic;
-using System.Linq;
+using System.Linq;
+using System.Reflection;
 using Microsoft.AspNetCore.Mvc.ApplicationParts;
 using Volo.Abp.Modularity;
 
@@ -13,24 +13,36 @@ public static class ApplicationPartSorter
 {
     public static void Sort(ApplicationPartManager partManager, IModuleContainer moduleContainer)
     {
-        var sortedParts = new List<ApplicationPart>();
-        foreach (var module in moduleContainer.Modules)
-        {
-            var parts = partManager.ApplicationParts.Where(part =>
-                    (part is AssemblyPart ap && ap.Assembly == module.Assembly) ||
-                    (part is CompiledRazorAssemblyPart crp && crp.Assembly == module.Assembly))
-                .ToList();
+        var orderedModuleAssemblies = moduleContainer.Modules
+            .Select((moduleDescriptor, index) => new { moduleDescriptor.Assembly, index })
+            .ToDictionary(x => x.Assembly, x => x.index);
+
+        var modulesAssemblies = moduleContainer.Modules.Select(x => x.Assembly).ToList();
+        var sortedTypes = partManager.ApplicationParts
+            .Where(x => modulesAssemblies.Contains(GetApplicationPartAssembly(x)))
+            .OrderBy(x => orderedModuleAssemblies[GetApplicationPartAssembly(x)])
+            .ToList();
+
+        var sortIndex = 0;
+        var sortedParts = partManager.ApplicationParts
+            .Select(x => modulesAssemblies.Contains(GetApplicationPartAssembly(x)) ? sortedTypes[sortIndex++] : x)
+            .ToList();
 
-            if (!parts.IsNullOrEmpty())
-            {
-                sortedParts.AddRange(parts.OrderBy(x => x is AssemblyPart ? 1 : 0));
-            }
-        }
-        sortedParts.Reverse();
         partManager.ApplicationParts.Clear();
+        sortedParts.Reverse();
         foreach (var applicationPart in sortedParts)
         {
             partManager.ApplicationParts.Add(applicationPart);
         }
     }
+
+    private static Assembly GetApplicationPartAssembly(ApplicationPart part)
+    {
+        return part switch
+        {
+            AssemblyPart assemblyPart => assemblyPart.Assembly,
+            CompiledRazorAssemblyPart compiledRazorAssemblyPart => compiledRazorAssemblyPart.Assembly,
+            _ => throw new AbpException("Unknown application part type")
+        };
+    }
 }
diff --git a/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApplicationPart/ApplicationPartSorter_Tests.cs b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApplicationPart/ApplicationPartSorter_Tests.cs
new file mode 100644
index 0000000000..829aa23527
--- /dev/null
+++ b/framework/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/ApplicationPart/ApplicationPartSorter_Tests.cs
@@ -0,0 +1,79 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
+using System.Reflection.Emit;
+using Microsoft.AspNetCore.Mvc.ApplicationParts;
+using NSubstitute;
+using Shouldly;
+using Volo.Abp.Modularity;
+using Volo.Abp.VirtualFileSystem;
+using Xunit;
+
+namespace Volo.Abp.AspNetCore.Mvc.ApplicationPart;
+
+public class ApplicationPartSorter_Tests
+{
+    [Fact]
+    public void Should_Sort_ApplicationParts_By_Module_Dependencies()
+    {
+        var moduleDescriptors = new List<IAbpModuleDescriptor>();
+        var partManager = new ApplicationPartManager();
+
+        for (var i = 0; i < 10; i++)
+        {
+            var assembly = AssemblyBuilder.DefineDynamicAssembly(new AssemblyName($"ModuleA{i}.dll"), AssemblyBuilderAccess.Run);
+            partManager.ApplicationParts.Add(new AssemblyPart(assembly));
+            moduleDescriptors.Add(CreateModuleDescriptor(assembly));
+        }
+        var randomApplicationParts = partManager.ApplicationParts.OrderBy(x => Guid.NewGuid()).ToList(); // Shuffle the parts
+
+        // Additional part
+        randomApplicationParts.AddFirst(new CompiledRazorAssemblyPart(typeof(AbpAspNetCoreModule).Assembly));
+        randomApplicationParts.Insert(5, new CompiledRazorAssemblyPart(typeof(AbpAspNetCoreMvcModule).Assembly));
+        randomApplicationParts.AddLast(new CompiledRazorAssemblyPart(typeof(AbpVirtualFileSystemModule).Assembly));
+
+        partManager.ApplicationParts.Clear();
+        foreach (var part in randomApplicationParts)
+        {
+            partManager.ApplicationParts.Add(part);
+        }
+
+        var moduleContainer = CreateFakeModuleContainer(moduleDescriptors);
+
+        ApplicationPartSorter.Sort(partManager, moduleContainer);
+
+        // Act
+        partManager.ApplicationParts.Count.ShouldBe(13); // 10 modules + 3 additional parts
+
+        var applicationParts = partManager.ApplicationParts.Reverse().ToList(); // Reverse the order to match the expected output
+
+        applicationParts[0].ShouldBeOfType<CompiledRazorAssemblyPart>().Assembly.ShouldBe(typeof(AbpAspNetCoreModule).Assembly);
+        applicationParts[1].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA0");
+        applicationParts[2].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA1");
+        applicationParts[3].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA2");
+        applicationParts[4].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA3");
+        applicationParts[5].ShouldBeOfType<CompiledRazorAssemblyPart>().Assembly.ShouldBe(typeof(AbpAspNetCoreMvcModule).Assembly);
+        applicationParts[6].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA4");
+        applicationParts[7].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA5");
+        applicationParts[8].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA6");
+        applicationParts[9].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA7");
+        applicationParts[10].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA8");
+        applicationParts[11].ShouldBeOfType<AssemblyPart>().Assembly.GetName().Name.ShouldStartWith("ModuleA9");
+        applicationParts[12].ShouldBeOfType<CompiledRazorAssemblyPart>().Assembly.ShouldBe(typeof(AbpVirtualFileSystemModule).Assembly);
+    }
+
+    private static IModuleContainer CreateFakeModuleContainer(List<IAbpModuleDescriptor> moduleDescriptors)
+    {
+        var fakeModuleContainer = Substitute.For<IModuleContainer>();
+        fakeModuleContainer.Modules.Returns(moduleDescriptors);
+        return fakeModuleContainer;
+    }
+
+    private static IAbpModuleDescriptor CreateModuleDescriptor(Assembly assembly)
+    {
+        var moduleDescriptor = Substitute.For<IAbpModuleDescriptor>();
+        moduleDescriptor.Assembly.Returns(assembly);
+        return moduleDescriptor;
+    }
+}