Activities of "FrancoisLabelle"

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ DONE Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index DONE The exact solution to your question may have been answered before, please use the search on the homepage. : No result for these issues.

• ABP Framework version: v5.3.1
• UI type: Blazor
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: None
• Steps to reproduce the issue:" (Explained below...)

Hello,

I might have split this "Bug report / feature request" in more than one post, but it's all related to the same...

**The main goal I would like to achieve here would be to "pre-register" some corporate users (using Azure AD) to log in in my application, but without allowing anyone else being able to self register ! And I would also like to use third party authentication in a safe way and right now, it is not because it's too easy to bypass it. ** BUG * I saw that a new "import" button as appeared recently... but it's not working ! A message says "No external login provider available * while this is not true. * My external login provider i**s setup and perfectly working **!!! I would have tried this new feature it but I can't. So, maybe it would do a part of the job when fixed. Actually, when you create a new user, even using the pro modules, there is no way to add an external user manually (let's say using Azure AD but also any other third party external provider). We cannot specify that the user is or will be an external user. Also, you absolutely need to enter a password, that will not be used anyway.

I feel like the default GUI are missing some things... and the overall identification process should be reviewed/improved because it is unsecured and missing some features that should be already there.

Despite the presence of the column IsExternal in table AbpUsers, it seems that nothing is using this column... but it could and should be used...

Here is what I would like to see and/or consider like a bug and/or an important missing feature, especially in a so called PRO module.

1. Be able to create an external user, meaning also a "password less user", meant to be an external user ONLY.
   1. **BUG **! An external user can easily bypass the third party authentication, just by asking for a password reset and login back as a "internal user". (Note, disabling the internal user login feature is not something that we can do, we need and are using both kind of user login).
      1. To solve this bug:
         1. An external user should never be allowed to login with a password.
         2. The password reset feature should be considering the IsExternal column value and if set to true, refuse to the user a password reset attempt.
   2. Improvements needed.
      1. Put the "Is External" check box on the standard new/edit user form.
      2. When the checkbox is checked, ignore the password field and the fact that this field value is required.
      3. Add tabs to the new/edit form, with titles being the name of enabled external providers...
         1. The tab should provide a field to enter the user unique id for this provider (ObjectId for AD), (the AbpUserLogins.ProviderKey column in DB)
      4. Add the "IsExternal" column in the grid (user list)
      5. Disable the action SetPassword for External user.

P.S. I know that I can download the source code and do all of this myself, but I think that all of this should be "as default", especially for a pro module.

2. Self registration should be improve for external user...
   1. A new two step self registration should be added for external user.
      1. First, someone should create the user as an external user.
      2. Second, the user identifies itself against the third party identity and then, complete its self registration ABP...
         1. This mean that the actual attempt to create a new user should be skipped (when already existing) and the part where the objectid is saved in AbpUserLogins table should be kept to "finalize" the user registration.
3. Microsoft authentication should be improved...(google and twitter too...)
   1. Endpoints management should be improved. Actually hard coded (easy code change, I know...), these should be parameters as ClientId and ClientSecret are.
   2. Some optional parameters could be sent with the "oauth request", like "&promp=xxx (xxx being various possible value)" or login_hint=yyyy, etc. These could be nice to add as optional parameters concept and used to append these automatically to the URL.

Thanks

Hello,

I had a similar issue when I have activated the Microsoft login and tested it locally on my workstation using IIS express.

My solution was to add this configuration in the web.config file of the IdentityServer project.

<system.webServer>
	<security>
		<requestFiltering>
			<!--This is needed with IISEXPRESS to allow the callback from Microsoft OAuth/OIDC authentication with a large query string. (OIDC Specs says max 2047...) -->
			<requestLimits maxQueryString="4096" />
		</requestFiltering>
	</security>
</system.webServer>

Hi, and thanks for your answer.

I admit that I'm not yet familiar with the "Docker sttuff". Will it be easier ? Not sure because I think the problem remains the same.

Actually, I'm using this standard task in Azure to deploy. In the parameters, I just fix to which web app I want to deploy. This web app is "plain", "clean", without any bundle or package installed (well, appart the default standards one provided by Microsoft)

https://github.com/microsoft/azure-pipelines-tasks/blob/master/Tasks/AzureRmWebAppDeploymentV4/README.md

That's what I'm calling "deployment on a clean/vanilla server". The deployment is basically an "unzip of the artifact built during the build process"... so everything should be included during the build, I agree.

Of course, during the build process, there is a sub tasks that launches the "package restore" step. And it's working well with all the NuGet packages. But there is not step (yet) to restore the /libs folder and I don't know how to do this yet because the only way I found to do this is to launch the ABP CLI with the install-libs parameters.

So, how I can do this properly during the build process ? What is the best way to do this ?

Should I insert a new "power shell script" that will launch abp.exe CLI (that I would have to include in my repo somewhere) with the parameter "install-libs" ?
Is abp.exe having dependencies ? Should I provided some environment variables to tell abp.exe where is my licence key ?

If it's not the way to go... then what should be the right method ?

P.S. For now, I just removed the exclusion in the .gitignore file, commit and push and everything has been successfully deployed, but I'm looking for the right way of doing this.

Hello,

I would like to know what is now the best way to deploy the libs folder to a clean/vanilla server (like a fresh new Web App Service in Azure) since this folder has been added to the list of exclusion in the .gitignore file.

------Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ DONE Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index DONE The exact solution to your question may have been answered before, please use the search on the homepage. Found nothing except to run the CLI command "abp install-libs"

• ABP Framework version: v5.2
• UI type: Blazor
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): no
• Exception message and stack trace:
• [ERR] An unhandled exception has occurred while executing the request. Volo.Abp.AbpException: Could not find file '/libs/@fortawesome/fontawesome-free/css/all.css' at Volo.Abp.AspNetCore.Mvc.UI.Bundling.BundlerBase.GetFileInfo(IBundlerContext context, String file) at Volo.Abp.AspNetCore.Mvc.UI.Bundling.BundlerBase.GetAndMinifyFileContent(IBundlerContext context, String fileName) at Volo.Abp.AspNetCore.Mvc.UI.Bundling.BundlerBase.GetFileContentConsideringMinification(IBundlerContext context, String fileName) at Volo.Abp.AspNetCore.Mvc.UI.Bundling.BundlerBase.Bundle(IBundlerContext context) at Volo.Abp.AspNetCore.Mvc.UI.Bundling.BundleManager.<>c__DisplayClass16_0.b__0() at System.Collections.Generic.AbpDictionaryExtensions.<>c__DisplayClass7_0`2.b__0(TKey k) [....]
• Steps to reproduce the issue:" Publish into Azure app service from a Git Branch... new rpoepo in DevIpsipOps.

Locally, the solution to this problem is to run "abp install-libs" and it does the job. But, remotely, the ABP client is not available...

Then, what is your recommandation for the best way to have the libs folder being restored/deployed with the application ?

1. Remove the .gitignore exclusion and push the libs folder to my source file repository ? (What was the initial goal of this change, then ?!?!?)
2. Find a way to deploy the ABP CLI application and launch it remotely ? (That sounds a bit complicated....)
3. Change some files (package.json or whatever related to this) to have the packages automatically restored ? (That should be good for anyone cloning the solution from the repo also)
4. Other ?

Thanks