AuthServer
`public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration();
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("Sroi");
options.UseLocalServer();
options.UseAspNetCore();
});
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", configuration["AuthServer:CertificatePassPhrase"]!);
serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
{
options.EnableWildcardDomainSupport = true;
var domainsFormat = configuration.GetValue<string>("App:DomainsFormat");
if (!string.IsNullOrWhiteSpace(domainsFormat))
{
foreach (var domainFormat in domainsFormat.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
{
options.WildcardDomainsFormat.Add(domainFormat);
}
}
});
}
}`
Can you help me check where my system has misconfigured settings that allow public access?
https://imm.koimpact.tw/
Can a multi-tenant Angular app support logging in to the same auth server from different domains, while preventing switching to other tenants? Below is my Angular dynamic-env.json configuration.
{ "production": true, "application": { "baseUrl": "https://{0}.koimpact.tw", "name": "Sroi" }, "oAuthConfig": { "issuer": "https://auth-imm.koimpact.tw/", "redirectUri": "https://{0}.koimpact.tw", "clientId": "Sroi_App", "responseType": "code", "scope": "offline_access Sroi", "requireHttps": true }, "apis": { "default": { "url": "https://api-imm.koimpact.tw", "rootNamespace": "Aws.Sroi" }, "AbpAccountPublic": { "url": "https://api-imm.koimpact.tw", "rootNamespace": "AbpAccountPublic" } } }
Dear ABP Team,
Thank you for the detailed explanation regarding the ABP secret keys (ApiKey and AbpLicenseCode). I appreciate the clear instructions on how to handle these keys, especially in cases where they might be exposed.
Your support is invaluable, and I’ll be sure to follow the outlined steps if needed. Thanks again for your assistance!
Regarding the same issue, is it possible to reset the license code?
Thank you for the explanation. I also have a related follow-up question:
In case of a potential API key exposure, is it possible to reset the key? Also, what would be the impact on our live systems or those already deployed to client environments?
We typically divide the system into a backend and a public site, and use prefixes like AbpDistributedCacheOptions options.KeyPrefix = "MySitePublic:" to distinguish between different caches.
However, we’ve designed some FeatureDefinition configurations and use the SaaS feature system to manage tenant-specific functionality. The issue is that the public site’s cache doesn’t update immediately when these features change.
Are there any effective mechanisms to handle this problem—not just for Feature caching, but also for broader cache synchronization?
Yes, in earlier versions, the downloaded project included other source code I needed. However, in the latest version of the Angular project I downloaded, those source files are missing.
abp get-source Volo.Abp.LeptonXTheme Cannot find the related source code
import { LeptonXAbpCoreModule } from '@volo/abp.ng.lepton-x.core'; import { LpxModule, LpxOptions } from '@volosoft/ngx-lepton-x';
