Try setting AccessTokenLifetime (or also IdentityTokenLifetime if you need) to 15*60 (token values are in seconds).
If you are using hybrid/authorization code flow and using refresh token; also set AbsoluteRefreshTokenLifetime to 15*60.
We have updated AbsoluteRefreshTokenLifetime, AccessTokenLifetime, IdentityTokenLifetime for 60*5 seconds for testing. But the application logs out forcefully even if the user is active. This is one of the important task we are looking to implement ASAP. We will appreciate your quick response.
I couldn't understand your scenario. If you set AbsoluteRefreshTokenLifetime
to 60*5, it will absolutely log you out after 5 mins. Keep this time longer and keep your Access and Identity tokens life time shorter so that, if the access token is compromised, it will be refreshed in short amount of time.
This is not related with ABP, you can check identity server docs for more information
RUN abp login myUserName -p <my password>
You are copying the Nuget.Config file, it should work without logging in. It should work without using the code above.
Glad to hear your problem is solved. Closing the issue. Feel free to create a new one whenever you need.
Please help me to understand the scenario better.
It is happening because we have another application which has a link to the login page.
Is the application you get the error is an abp application?
You can check microsoft documentation about Developing ASP.NET Core Applications with Docker over HTTPS.
You can check LoggerConfiguration
under Program.cs and modify as you need. Here is a sample logging modification:
<br>
Log.Logger = new LoggerConfiguration()
#if DEBUG
.MinimumLevel.Debug()
#else
.MinimumLevel.Information()
#endif
.MinimumLevel.Override("Microsoft", LogEventLevel.Information)
.MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
.WriteTo.Async(c => c.File("Logs/logs.txt"))
.WriteTo.Async(c => c.Console())
.CreateLogger();
Your question is not related with ABP but general in domain driven design.
If you want to design and build your application in DDD:
a. why are we facing this cors issue
2021-06-18 09:52:38.256 +04:00 [ERR] The required antiforgery header value "RequestVerificationToken" is not present.
You are not facing cors issue, it is antiforgery error related with our post body. You are getting Http 400 error which means your frontend request to server is faulty.
b. is it recommended to have many to many relationship on entities that uses private constructors and use manager classes.
If you read the book above, there are very nice samples about ddd implementations including many-to-many relations.
Can you share the logs of your application (log.txt) located under Logs folder?
" Access to XMLHttpRequest at 'http://backend.domain.com/.well-known/openid-configuration' from origin 'https://frontend.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. " One thing we noticed is that the Origin header of the HTTP request to the backend is "https://frontend.domain.com" because the balancer is simply doing the redirection to HTTP but not changing the origin.
Just add both http and https frontend.domain.com without leaving empty space in appsettings.json.
<br>
"App": {
...
"CorsOrigins": "https://frontend.domain.com,http://frontend.domain.com"
},
<br> There may also be related configurations based on F5 load balancers which is completely out of our scope.
Do you have a file named AbpAccountAdminBlazorAutoMapperProfile.cs under Volo.Abp.Account.Pro.Admin.Blazor
?
Can you try renaming this (or create a new) file to GenieERPBlazorAzutoMapperProfile.cs like below: <br>
namespace Volo.Abp.Account.Pro.Admin.Blazor
{
public class GenieERPBlazorAzutoMapperProfile : Profile{
public AbpAccountAdminBlazorAutoMapperProfile()
{
}
}
We're investigating this behaviour.