To use the ABP access-token.bin for licensing in a GitHub Actions (or any CI/CD) Docker build, you need to copy the access-token.bin file into the container so the ABP licensing system can find it. Here’s a step-by-step solution:
abp login <username>
This will create the file at:
~/.abp/cli/access-token.bin (Linux/macOS)
or
%USERPROFILE%\.abp\cli\access-token.bin (Windows)
Add the access-token.bin file to your repository as a GitHub Actions secret (for example, as a base64-encoded string).
In your GitHub Actions workflow, decode the secret and write it to a file before building the Docker image:
- name: Decode ABP access token
run: |
echo "${{ secrets.ABP_ACCESS_TOKEN_BIN }}" | base64 -d > access-token.bin
RUN mkdir -p /root/.abp/cli
COPY access-token.bin /root/.abp/cli/access-token.bin
This approach is confirmed as the solution for running ABP commercial modules in Docker and CI/CD environments.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
The error "invalid issuer in discovery document expected: https://localhost:44338 current: https://localhost:44338/" is caused by a trailing slash mismatch between the issuer URL in your Angular environment configuration and the issuer returned by your backend's OpenID Connect discovery document. ABP's Angular OAuth module performs strict validation, so both URLs must match exactly (including or excluding the trailing slash).
The error "Cannot read properties of undefined (reading 'grant_type')" is a side effect of the failed discovery document validation, which prevents the OAuth flow from initializing properly.
How to fix:
environment.ts or environment.prod.ts).oAuthConfig.issuer property.https://localhost:44338/ (with a trailing slash), then set:oAuthConfig: {
issuer: 'https://localhost:44338/', // Note the trailing slash
...
}
If it returns without the slash, remove it in the config.
Reference:
This should resolve both the issuer validation and the grant_type errors, allowing the login buttons to work as expected.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
Storing access tokens in local storage is the default approach in ABP Angular applications, but it is not possible to set HttpOnly or SameSite attributes for tokens stored in browser storage from the Angular side. These attributes are only available for cookies set by the server, not for values stored in local or session storage.
To comply with security requirements such as HttpOnly and SameSite, you must switch from storing tokens in local storage to using secure cookies. This requires significant changes:
There is no built-in ABP Angular mechanism to store access tokens in HttpOnly cookies, as this is a limitation of browser JavaScript APIs. The only way to achieve this is to handle authentication entirely on the server and use cookies for session management.
No verified source available for this specific query.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
In the ABP SaaS module, features assigned via an edition are linked to the tenant's subscription. When an edition (and its subscription) expires, the expected behavior is that the features provided by that edition should no longer be available to the tenant.
However, by default, the ABP SaaS module does not automatically invalidate or remove the features from the tenant when the edition expires. The features remain accessible unless you implement custom logic to handle feature invalidation upon edition expiration.
To achieve the behavior where features become invalid after the edition expires, you need to implement a mechanism (such as a background job or event handler) that checks for expired subscriptions and updates or removes the tenant's feature values accordingly.
The ABP SaaS module provides extensibility points where you can hook into subscription/edition changes and enforce your own business rules for feature availability.
For more details, refer to the official documentation and related support discussions:
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
The behavior you are seeing is the expected and intended design of ABP's permission dependency system. When you use .RequirePermissions("AbpIdentity.Users", "AbpIdentity.Roles") in your permission definition, ABP will only consider your custom permission as "granted" if both the permission itself and all required permissions are granted to the user. However, this dependency is enforced at runtime (authorization check), not in the UI.
The ABP Permission Management UI (the permissions pop-up/modal) does not automatically select or enforce dependent permissions when you select a permission that has dependencies. It also does not prevent saving if dependencies are not met. The dependency is only checked when the permission is used (e.g., when accessing a page or API that requires it).
There is currently no built-in way in ABP to make the permission management UI automatically select, enforce, or visually indicate permission dependencies. The UI will allow you to grant a permission without its dependencies, but at runtime, the permission will not be effective unless all dependencies are also granted.
If you want the UI to enforce or visually indicate permission dependencies, you would need to customize the Permission Management UI. This would involve overriding the relevant components/pages to add logic that checks for dependencies and updates the UI accordingly.
In summary:
.RequirePermissions only affects runtime authorization, not the UI.Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
There is no secure way to keep the Blazorise product token hidden from the client in a Blazor WebAssembly (WASM) application. In WASM, all application code and configuration—including any tokens or secrets—are downloaded to the user's browser, making it impossible to keep such values confidential.
Even if you retrieve the product token from Azure Key Vault in your host project, you cannot securely pass it to the WASM client without exposing it. Any method of injecting the token into the client (such as via API, configuration, or JavaScript interop) will ultimately make it accessible to end users.
The Blazorise product token is intended to be used on the client side, and the licensing model assumes it will be visible in the distributed application. This is a limitation of all client-side web technologies, not just ABP or Blazorise.
If you require the product token to remain secret, you would need to use a server-side Blazor (Blazor Server) or another server-rendered technology, where the token can be kept on the server and not exposed to the client.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
For the issue with [DisableValidation] and 400 errors in WebAssembly (WASM) mode:
HttpClient) to your API endpoints. This bypasses the client-side validation layer and ensures the [DisableValidation] attribute is respected server-side.For the file upload API returning "Unsupported Media Type" in WASM mode:
Content-Type does not match what the API expects (e.g., multipart/form-data for file uploads). In Blazor WASM, ensure you are using IBrowserFile and MultipartFormDataContent when sending files, and that your API action is decorated with [Consumes("multipart/form-data")].HttpClient directly to construct and send the multipart request.Example for file upload in Blazor WASM:
var content = new MultipartFormDataContent();
content.Add(new StreamContent(file.OpenReadStream()), "File", file.Name);
await httpClient.PostAsync("api/your-endpoint", content);
And in your API controller:
[HttpPost]
[Consumes("multipart/form-data")]
public async Task<IActionResult> Upload([FromForm] YourFileUploadDto input)
{
// handle file
}
Summary:
[DisableValidation], use direct HTTP calls for endpoints where you want to avoid client-side validation.HttpClient with MultipartFormDataContent and ensure your API expects multipart/form-data.Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To achieve a layout similar to your screenshot (main menu on the left, submenu on top, and page actions), you need to customize your ABP application's layout. This is possible and supported, especially if you are using a theme like LeptonX.
Here’s how you can proceed:
abp get-source Volo.Abp.LeptonXTheme
lepton\aspnet-core\volo\src\Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX\Themes\LeptonX\Layouts
SideMenuLayout.cshtml or TopMenuLayout.cshtml (depending on your base)./Themes/LeptonX/Layouts/Application/SideMenuLayout.cshtml
Implement Submenu and Actions:
Optional: Organize Pages in Folders
Layout property at the top of the Razor file:@{
Layout = "/Themes/LeptonX/Layouts/MyCustomLayout.cshtml";
}
By following these steps, you can fully customize your application's layout to match your requirements, including main menu, submenu, and page actions.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To redirect file uploads from the default local (database) storage to Azure Blob Storage in an ABP Suite-generated application, while maintaining compatibility with the file components and metadata handling, follow these steps:
[DependsOn(
typeof(AbpBlobStoringAzureModule)
)]
public class YourAppNameApplicationModule : AbpModule
{
}
ConfigureServices method, configure the default blob container to use Azure:Configure<AbpBlobStoringOptions>(options =>
{
options.Containers.ConfigureDefault(container =>
{
container.UseAzure(azure =>
{
azure.ConnectionString = "Your_Azure_Connection_String";
azure.ContainerName = "your-container-name";
azure.CreateContainerIfNotExists = true;
});
});
});
.Application or .Web project).No Changes Needed in ABP Suite-Generated File Components
The ABP Suite-generated file upload logic (as shown in your screenshot) uses IBlobContainer. By configuring the default provider as above, all calls to _blobContainer.SaveAsync(...) will automatically use Azure Blob Storage instead of the local database.
File Metadata and Descriptors
The file metadata (such as FileDescriptor) will continue to be stored in your database as before. Only the binary content will be redirected to Azure Blob Storage. The framework will handle the association between the metadata and the actual file content.
Migration Note
Testing
This approach ensures seamless integration with ABP Suite-generated file components and maintains all metadata and descriptor handling.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
