Try
PreConfigure<OpenIddictServerAspNetCoreBuilder>(configure =>
{
configure.DisableTransportSecurityRequirement();
});
In your AuthServer PreConfigureServices method.
You can not use a token of an application in another application.
If you want to add your external application to the SSO, check the IdentityServer documentation about clients to add your application. It's authentication flow varies based on your application. Suggested flows are hybrid flow for server-side rendering applications (MVC, Web Forms etc) and Authorization Code flow with PKCE for SPAs.
If you are using ABP commercial, you can use IdentityServer Management UI to add new clients. Examine the existing clients and add your new client using the UI and add the related OpenIdConnect configurations to your application.
You can't do that. It is cookie authentication and you are trying to remove someone else's cookie.
Serve your authserver under HTTP (without HTTPS redirection).
Confirm you have HTTP issuer under .well-known/openid-configuration endpoint.
Update your application's appsettings AuthServer section and set RequireHttpsMetadata to false.
Are you trying to save/get the Access Token of MVC application and use it in a different application (Winform application)? If that is what you are trying to, it is basically what these security systems are preventing against.
If you are trying to achieve communication between an MVC application and Winform application, you should use Client-Credentials flow. If you are trying add your Winform application to the openid provider environment (identityserver) just like the mvc application, you need to add the MVC application as a client to the IdentityServer.
Sorry for the late response,
How you should do that in a microservice architecture if you need to have multiple requests. You can design your pages according to a call that you are gonna do. but that is a kind of limitation from a ui perspective.(Ex: First update name and description, then user will switch to another modal or page to update the price and so on).
This is highly debatable and based on the application business itself. You can design it as a single request posting data to multiple microservices using the aggregate pattern. It should work fine. If the UX designers (or decision makers) request multiple requests for better UX than you can do so. It is all about advantages and disadvantages.
The parts that i disagree on the video is, if you hold all the information in a seperate db from different services( i am not saying this is not the way,in some cases you should, for ex,if you wanna do search, paging and sorting together). Basically what you do is kind of cache, and what i believe is in most of the cases, you can do the cache in the gateway instead of another service. And if you do on the gateway level you can give different cache timeout values.
It is not caching, it is data duplication. You can also apply caching on it.
What i mean by that is if marketing is holding the information about name,description. and Sales holding the information about the price. Price information can be cached per day but marketing can be cached for a week so you don't need to call each microservice whenever requests comes(or you can get that information directly from db or text document).
As I have mentioned above, it is not caching but data duplication. You can handle data changes by events. It is also reasonable to apply caching on this microservice as well that uses events to invalidate cache.
I also started to implement a kind of viewmodel composition gateway on a scratch abp template. I have a question about where the conventional endpoint routes are configured. I want to create an extra endpoint middleware that will intercept the call coming to the gateway and dispatch it to multiple methods and compose the returning values. I have tried to look at the source code but couldn't find where you invoke the method info for the application service endpoints. Can you direct me to the necessary part?
If you mean where do the auto-api controllers are configured, it is under the module service configuration. You can also modify your endpoints in the Http.Api project and add your middleware in HttpApi.Host (or .Web) module. Abp uses UseConfiguredEndpoints middleware for the endpoints.
Hello,
Ok, the aggregator pattern solves the problem of how to fulfill the complex data requirements of your UI from multiple services. There are other solutions to this problem, but this is what comes to my mind first and I think it is very feasible and effective.
Your second question is about searching. What happens when we need to search with different parameters that need to be searched in different microservices? My personal opinion, there should be a different microservice that solely should be responsible for searching. Instead of making a request to N different microservices, I would create a new microservice that gets fed by other microservices. It can be achieved by using events, background jobs.
We are planning to implement these kinds of complexities into the eShopOnAbp solution but we are also investigating and brain-storming. Since there are lots of ways to solve a problem in distributes systems. The important part is comparing the advantages and disadvantages.
I would also suggest checking out Jimmy Bogard's Avoid Microservice Megadisasters presentation. If I remember correctly, he is sharing some solutions for some of the complex problems.
Since it is auto-generated by the EfCore, either Project has navigation for Phase or your owned entities have some relation with the Project entity.
This is not related to ABP but the EfCore itself. If you can share a public repository with the same problem, I can check. Otherwise, there seems no problem with the screenshot.
Technically speaking, if you would be using a tiered application or a SPA that uses tokens for authentication; you could delete the user tokens.
But in a non-tiered MVC application, you are basically trying to invalidate someone else's cookies. Even if you impersonate the user and sign out; it will be signed out from your browser, not his/her.
I don't think it is possible without XSS.
Or maybe I understand it wrong.
I am not completely sure, but you may need to add the created certificate under the LocalMachine instead of Personal. Though I am not sure how.