Hi @alper, I tried to put [DisableValidation] to CreateAsync in both Controller and AppService, it still does not work.
if the Password field has value, it hits the method -> the override is succesfully
if the Password is null/empty, the validation is triggered -> the [DisableValidation] is not working
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IdentityUserController))]
public class CustomIdentityUserController : IdentityUserController
{
public CustomIdentityUserController(IIdentityUserAppService userAppService) : base(userAppService)
{
}
[DisableValidation]
public override Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
{
return UserAppService.CreateAsync(input);
}
}
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IdentityUserAppService))]
public class CustomIdentityUserAppService : IdentityUserAppService
{
public CustomIdentityUserAppService(
IdentityUserManager userManager,
IIdentityUserRepository userRepository,
IIdentityRoleRepository roleRepository,
IOrganizationUnitRepository organizationUnitRepository,
IIdentityClaimTypeRepository identityClaimTypeRepository,
IdentityTwoFactorManager identityTwoFactorManager
) : base(userManager,
userRepository,
roleRepository,
organizationUnitRepository,
identityClaimTypeRepository,
identityTwoFactorManager)
{
}
[DisableValidation]
public override async Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
{
var user = new IdentityUser(
GuidGenerator.Create(),
input.UserName,
input.Email,
CurrentTenant.Id
);
input.MapExtraPropertiesTo(user);
(await UserManager.CreateAsync(user)).CheckErrors();
await UpdateUserByInput(user, input);
await CurrentUnitOfWork.SaveChangesAsync();
var userDto = ObjectMapper.Map<IdentityUser, IdentityUserDto>(user);
return userDto;
}
}
Hi @alper, yes, it hits the breakpoint inside the method.
Regarding fluent validation, can give me some insights how to by pass the [Required] data annotation validation? As I know, it still triggers the data annotation validation before hit the FluentValidation.
Thanks for your support.
Hi @maliming, I found it under Saas -> Tenants -> Manage Host Features", thank you.
Hi @maliming, thanks for your prompt reply.
With the coding solution, we need to add a quite number of policies and update the Authorize("new_policy") for all the AppService that we want to share the tenant data. If we introduce a new table then need to update code again.
can we achieve it without coding, or do we have any other alternative solution to configure permission to let another party securely retrieve/update our tenant data without using IS4 client?
Hi @maliming, thanks for your reply.
As I mentioned above, the Identity Server -> Client does not appear when I logged in as tenant admin, so I could not grant permission to this client on the tenant level.
Is there a way to achieve it without coding?
If we have to do the coding, the application service requires one policy for authenticated users:
[RemoteService(IsEnabled = false)]
[Authorize(testingAppPermissions.TestingTenancies.Default)]
public class TestingTenancyAppService : ApplicationService, ITestingTenancyAppService
the Authorize does not allow multiple policies, how to combine it with the custom policy for identity server client?
Hi @alper, I think the issue can be resolved by set the AbsoluteRefreshTokenLifetime to 30 mins instead of default 30 days, is there a way to achieve it?
Hi @maliming, if user is active in the site, we still need to refresh the token before expiration.
We just dont want to refresh token if user is inactive for a period of time (30 mins).
Hi @gterdem, sorry for taking too long to reply.
We already implemented the front-end to trigger logout if user is inactive for 30 mins and set the access token life time = 30 mins as well but it does not work for sometimes, we checked the logs and found that client side managed to call refresh token successfully.
As per Identity Server documentation, the default refresh token lifetime is 30 days: AbsoluteRefreshTokenLifetime Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days.
https://identityserver4.readthedocs.io/en/latest/topics/refresh_tokens.html
This client setting is not available in UI (Administration -> Identity Server -> Clients)
Is there any other way to configure it?
Hi @alper, thanks for the info.
Hi @maliming, thanks for your prompt reply, I will override this method as per screenshot, thanks.