Activities of "Repunjay"

Logout

Hi, Thanks for your reply. However, this approach is not feasible for our requirement. What we need is -

• A report with list of users present in the system with last login date and time. The management needs such kind of report on a need basis. Is there a way query this information and provide it for all the users in the system.

• When I try to filter security logs by action as Logout, I don't see any results. Looks like the Logout action is not captured in Audit logs.

• ABP Framework version: v4.3.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: We have a requirement to capture user last login date and time and dormant users (who have not logged into the system for xx days) status. Does ABP framework provides information out of the box? If not what is the way to capture this information? The information is required as part of Audit and compliance, so your inputs and direction is must to address this issue.
• Is it something you can provide us quickly thru a hotfix release?
• Steps to reproduce the issue:"

• ABP Framework version: v4.3.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:

McAfee Antivirus reporting Volo.Abp.AuditLogging.HttpApi.Client.dll and Volo.Abp.IdentityServer.HttpApi.Client.dll as virus. Due to this we are not able to compile code. Kindly let us know how to resolve the issue.

Try setting AccessTokenLifetime (or also IdentityTokenLifetime if you need) to 15*60 (token values are in seconds).

If you are using hybrid/authorization code flow and using refresh token; also set AbsoluteRefreshTokenLifetime to 15*60.

We have updated AbsoluteRefreshTokenLifetime, AccessTokenLifetime, IdentityTokenLifetime for 60*5 seconds for testing. But the application logs out forcefully even if the user is active. This is one of the important task we are looking to implement ASAP. We will appreciate your quick response.

I couldn't understand your scenario. If you set AbsoluteRefreshTokenLifetime to 60*5, it will absolutely log you out after 5 mins. Keep this time longer and keep your Access and Identity tokens life time shorter so that, if the access token is compromised, it will be refreshed in short amount of time.

This is not related with ABP, you can check identity server docs for more information

Hi,
Thanks for your suggestion. I understand this is not related to ABP but the Identity server is integrated with ABP and thus reaching out to you for advise. Here is what we did but still not able to fix the problem. Will appreciate if you can do a remote call with us to understand and resolve the issue.

Set AbsoluteRefreshTokenLifetime to 60100 i.e. 100 minutes.
Set AccessTokenLifetime to 605 i.e. 5 minutes.
Set IdentityTokenLifetime to 60*5 i.e. 5 minutes.
User remains active but forcefully gets logout after 5 minutes. There is no call to refresh token api from client application when doing such test. So, does application refreshes token automatically based on above settings or there is something additional we need to do to refresh token?

Hello, This issue is related to SecurityStampValidator, you will have to just add below line in WebModule class in ConfigureServices method. It needs this package Microsoft.AspNetCore.Identity in case gives error for SecurityStampValidatorOptions. This will keep user active for 24 hours/ you can change as per your conveniece.

context.Services.Configure<SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromHours(24));

Unfortunately the suggested code changes didn't worked for us. We added the code into Host module class and the user is still logged out forcefully after 5 minutes. Please note we are using .Net + Angular code template (ABP version 4.3.1). Can we have a short remote call to discuss and resolve this issue?

hi

You can implementation your own AWSSESEmailSender, Just like MailKitSmtpEmailSender .

https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.MailKit/Volo/Abp/MailKit/MailKitSmtpEmailSender.cs#L15 https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.MailKit/Volo/Abp/MailKit/AbpMailKitModule.cs https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.MailKit/Volo/Abp/MailKit/IMailKitSmtpEmailSender.cs https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.MailKit/Volo/Abp/MailKit/AbpMailKitOptions.cs

Hi,

Please note we already have a SESEmailSender class in our project which is used to send out email notifications thru AWS SES. We want to understand how to invoke/integrate email send method of this class when password is reset by clicking "Forgot Password" ? In the interest of time, can we have a quick call remotely to understand and resolve this issue?

Try setting AccessTokenLifetime (or also IdentityTokenLifetime if you need) to 15*60 (token values are in seconds).

If you are using hybrid/authorization code flow and using refresh token; also set AbsoluteRefreshTokenLifetime to 15*60.

We have updated AbsoluteRefreshTokenLifetime, AccessTokenLifetime, IdentityTokenLifetime for 60*5 seconds for testing. But the application logs out forcefully even if the user is active. This is one of the important task we are looking to implement ASAP. We will appreciate your quick response.

I couldn't understand your scenario. If you set AbsoluteRefreshTokenLifetime to 60*5, it will absolutely log you out after 5 mins. Keep this time longer and keep your Access and Identity tokens life time shorter so that, if the access token is compromised, it will be refreshed in short amount of time.

This is not related with ABP, you can check identity server docs for more information

Hi, Thanks for your suggestion. I understand this is not related to ABP but the Identity server is integrated with ABP and thus reaching out to you for advise. Here is what we did but still not able to fix the problem. Will appreciate if you can do a remote call with us to understand and resolve the issue.

Set AbsoluteRefreshTokenLifetime to 60100 i.e. 100 minutes. Set AccessTokenLifetime to 605 i.e. 5 minutes. Set IdentityTokenLifetime to 60*5 i.e. 5 minutes. User remains active but forcefully gets logout after 5 minutes. There is no call to refresh token api from client application when doing such test. So, does application refreshes token automatically based on above settings or there is something additional we need to do to refresh token?

Try setting AccessTokenLifetime (or also IdentityTokenLifetime if you need) to 15*60 (token values are in seconds).

If you are using hybrid/authorization code flow and using refresh token; also set AbsoluteRefreshTokenLifetime to 15*60.

We have updated AbsoluteRefreshTokenLifetime, AccessTokenLifetime, IdentityTokenLifetime for 60*5 seconds for testing. But the application logs out forcefully even if the user is active. This is one of the important task we are looking to implement ASAP. We will appreciate your quick response.

The response of api is Status Code: 403 Forbidden

Can not find the given email address:Ish @s.com

It will throw an UserFriendlyException exception when the GetUserByEmail method cannot find user, and its status code will be 403, which is by design.

protected virtual async Task<IdentityUser> GetUserByEmail(string email) 
{ 
    var user = await UserManager.FindByEmailAsync(email); 
    if (user == null) 
    { 
        throw new UserFriendlyException(L["Volo.Account:InvalidEmailAddress", email]); 
    } 
 
    return user; 
} 

https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/ExceptionHandling/DefaultHttpExceptionStatusCodeFinder.cs#L72

hi,

Actually this is not the issue. We have enabled the Forgot Password flow into front-end and ABP uses SMTP for sending email notifications.

For our project, we are using AWS SES service for sending email notification to users. All the example we have seen for forgot password are using SMTP methods. Will you please guide us how to utilize forgot password feature with AWS SES method?

This is one important ask our product owner is looking and we would like to finish this feature ASAP. We will appreciate your quick response

Thanks for your inputs.

I have incorporated all changes you have suggested as given urls

https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.HttpApi.Host/IDSReferenceTokenHttpApiHostModule.cs#L131-L137

https://github.com/abpframework/abp-samples/blob/da789bb0737b9629e4171c2214f89479f3865f10/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L268

https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L83-L88

Still we cannot access api’s from postman using revoked token.

Please let me know if we can have quick remote call to discuss and resolve the issue.

ABP Framework version: v4.3.1 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes

We have custom login page and using AWS SES for sending emails. Steps performed

1. Code added in Login components <a href="/account/forgot-password" class="forgot_pass_cl"> {{ 'AbpAccount::ForgotPassword' | abpLocalization }}</a>

2. When we click on Forgot Password? Its redirected to url http://localhost:4200/account/forgot-password

3. We are entering aws certified email on submit its calling api https://localhost:44359/api/account/send-password-reset-code The response of api is Status Code: 403 Forbidden JSON Response {"error":{"code":null,"message":"Can not find the given email address:Ish***** **@****s.com","details":null,"data":{},"validationErrors":null}}

4. Downloaded latest package Volo.Abp.Identity.AspNetCore package in Lit***.HttpApi project

5. Define this package in the LitHttpApiModule class in the LitName.HttpApi project

6. Added entry in Lit***.HttpApi.Host project appsettings.json "App": { "ClientUrl": "http://localhost:4200", }

7. ConfigureUrls options.Applications["Angular"].RootUrl = configuration["App:ClientUrl"]; options.Applications["Angular"].Urls[AccountUrlNames.PasswordReset] = "account/reset-password"; options.Applications["Angular"].Urls[AccountUrlNames.EmailConfirmation] = "account/email-confirmation";

8. Added ConfigureUrls To ConfigureServices() method in Lit***HttpApiHostModule class

Getting 403 Forbidden error, please advise.