I am not sure whether to report this under 4.2 or 4.1. I just generated a new project using Suite. My ABP CLI and Suite are version 4.1.2. After creating a new tiered MVC project, I am getting a bunch of errors about missing Volo.CmsKit.Pro* packages.
Severity Code Description Project File Line Suppression State Error NU1101 Unable to find package Volo.CmsKit.Pro.HttpApi. No packages exist with this id in source(s): ABP Commercial NuGet Source, BlazoriseMyGet, Microsoft Visual Studio Offline Packages, nuget.org, OtisEd NuGet Source IronGlass.HttpApi C:\AppDev\IronGlass\IronGlass\aspnet-core\src\IronGlass.HttpApi\IronGlass.HttpApi.csproj 1
Here is an excerpt from the *.Domain csproj file. <ItemGroup> <PackageReference Include="Volo.Abp.Emailing" Version="4.2.0" /> <PackageReference Include="Volo.Abp.Identity.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.PermissionManagement.Domain.Identity" Version="4.2.0" /> <PackageReference Include="Volo.Abp.IdentityServer.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.PermissionManagement.Domain.IdentityServer" Version="4.2.0" /> <PackageReference Include="Volo.Abp.BackgroundJobs.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.AuditLogging.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.FeatureManagement.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.SettingManagement.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.BlobStoring.Database.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.LanguageManagement.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.LeptonTheme.Management.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Saas.Domain" Version="4.2.0" /> <PackageReference Include="Volo.Abp.TextTemplateManagement.Domain" Version="4.2.0" /> <!-- <TEMPLATE-REMOVE IF-NOT='CMS-KIT'> --> <PackageReference Include="Volo.CmsKit.Pro.Domain" Version="4.2.0" /> <!-- </TEMPLATE-REMOVE> --> </ItemGroup>
Beyond the obvious issues. Why does Sutie v4.1 generate a project with 4.2 references?
In that case, the Account Linking option should not show up when the authentication method is openid. The user experience is broken! The end user sees an option which works (links their account on the backend), but breaks their ability to return to the front end and does not actually change their logged in account for the front end application.
A further note on this. While the account profile pages show the new user, if you manually change the URL in the browser to the client app, the logged in user changes back (or stays depending on your perspective) to the original user account.
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
Login in as User A to Tenant B
Go to Account profile
Go to Link users
Login as a linked user (different tenant, in case that matters)
**The user is now logged into the new account, but the Return to application button has disappeared. **
The user is now stranded in the MVC application for the identity management with no way back to the client application.
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
I am running into 2 issues which may be lack of knowledge.
When I add the RequiresFeature to a method or app service class, I cannot figure out how to get the application tests to work. It fails with a permissions issue since the feature is not "enabled" for the test case. Trying to add programmatically enable the feature has not worked so far. Is there an example available for how to test a service which requires a feature?
When a feature has permissions associated with it, how do I only show the permissions when it is enabled for a tenant? I added a feature check before adding the permissions in the Permission definition provider, but this causes errors if you log out of a tenant who has the feature and then log into a client which does have the feature. The call to AbpConfiguration is not reset and the permissions are not listed there. Is there an example available for how to correctly hide permissions behind a feature?
The issue with the persisted keys does not occur when the API is the root application of a website. I backed up and decided to attempt combining the applications so that the API is at the root and the angular client is deployed as a subfolder within the API.
In the Startup.cs file of the HttpApi.Host project, I added the following code to the ConfigureServices method:
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "client";
});
In the Configure method, I added the following:
app.UseSpaStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(
Path.Combine(env.ContentRootPath, "client")),
RequestPath = "/client"
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "client";
});
I created a local environment in Angular with the URI settings needed for this configuration, ran ng build for the new environment with a base-href value of /client/ and then used xcopy to place resulting dist files in my API project.
With this configuration, I can access both the client and the API locally. However, while the login/logout process works and the GET methods from the API work for the client, as soon as I attempt to post something from the client, I get an error which is not sent by the server and the following entry in the log files.
[ERR] The required antiforgery header value "RequestVerificationToken" is not present.
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
We are looking to deploy our application on an IIS web server which is behind a load balancer with SSL terminated at the load balancer. This is a common deployment strategy for our clients. I am testing this setup with a prototype (single set of CRUD pages) generated using Suite 4.0.0 and later upgraded to 4.0.2.
Question: Does the API require a separate website or can I deploy it as an application within a website? Ideally, I want to deploy the API and the Angular client as as single website, but this isn't going to work if the API must be deployed at the root of a website. Normally, I would create a webite and then deploy the Angular client at the root and the API as a sub application within the website.
2021-01-12 15:54:35.018 +00:00 [INF] Hosting environment: Production 2021-01-12 15:54:35.018 +00:00 [INF] Content root path: {location}\Portal.Api 2021-01-12 15:54:35.036 +00:00 [INF] Request starting HTTP/1.1 GET http://{mywebsite}/portal-prototype-api/Account/Login?ReturnUrl=%2Fportal-prototype-api - - 2021-01-12 15:54:36.956 +00:00 [INF] Executing endpoint '/Account/Login' 2021-01-12 15:54:37.026 +00:00 [INF] Route matched with {page = "/Account/Login", action = "", controller = "", area = ""}. Executing page /Account/Login 2021-01-12 15:54:37.028 +00:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2021-01-12 15:54:37.795 +00:00 [INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnGetAsync - ModelState is "Valid" 2021-01-12 15:54:37.819 +00:00 [INF] Executed handler method OnGetAsync, returned result . 2021-01-12 15:54:37.822 +00:00 [INF] Executing an implicit handler method - ModelState is "Valid" 2021-01-12 15:54:37.822 +00:00 [INF] Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult. 2021-01-12 15:54:38.006 +00:00 [ERR] An exception was thrown while deserializing the token. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted. ---> System.Security.Cryptography.CryptographicException: The key {ac856cb7-2721-43c2-820b-6df7287dbb9a} was not found in the key ring. at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext) 2021-01-12 15:54:38.190 +00:00 [WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
Upgrading to version 4.0.2 and recreating the project fixed the issue
After being directed to this from https://support.abp.io/QA/Questions/626/Bugs--Issues-v4X#answer-756752d8-cea0-580d-5ede-39f9883c69d9
which directed me to a proposed temporary solution at https://support.abp.io/QA/Questions/626/Bugs--Issues-v4X#answer-756752d8-cea0-580d-5ede-39f9883c69d9
I added the resolution section to packages.json, deleted the yarn.lock file, ran yarn and deleted all local cookies and storage.
The behaviour of the application has not changed, but I get a different error message.
I am having issues getting the angular web client to work when creating a new solution with Suite 4.0.1.
Steps to reproduce.
This does not happen with projects created with Suite 3.3.1.