To address the issue of large cookie sizes when implementing refresh tokens in Blazor Server with ABP, consider the following best practices:
Avoid Storing Tokens in Cookies:
Use Reference Tokens:
Adjust Cookie Authentication Options:
context.Services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(60); // Set as needed
options.SlidingExpiration = true;
});
Use the "offline_access" Scope Only When Needed:
Consider Server-Side Token Storage:
Review Official Guidance:
By following these practices, you can avoid large cookies and ensure compatibility with application gateways and browsers.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To request a cancellation and refund within the 30-day window, you should contact ABP support directly through your support portal or the original purchase channel. Based on the referenced support ticket, refunds are processed upon request if you are within the eligible period.
If you have already submitted your request via the support portal, the ABP team will process your refund and confirm the cancellation. No further action is required on your part unless additional information is requested by support.
Source:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
The EmailSettingProvider class in the ABP Framework is marked as internal, which means it is only accessible within the Volo.Abp.Emailing assembly and cannot be overridden or accessed directly from outside that package.
This is a deliberate design choice by the ABP team to encapsulate the internal logic of how email settings are provided and managed. Instead of overriding EmailSettingProvider, ABP encourages developers to use the settings system (via ISettingProvider or ISettingManager) to customize or provide email settings. You can define your own settings providers or use the built-in mechanisms to set and retrieve email configuration values.
If you need to customize email settings, the recommended approach is to use the ABP settings infrastructure, not by overriding EmailSettingProvider directly.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
Yes, it is possible to have both MAUI and React Native projects in the same ABP solution. ABP Studio supports creating solutions with either MAUI or React Native as the mobile application type, but only one can be selected during the initial solution creation. However, you can manually add a React Native project to your existing solution.
To add a React Native project to your current ABP solution (which already has a MAUI project):
Create a new React Native project using the ABP React Native template:
MyApp with your desired project name):
abp new MyApp -u react-native
Move the generated React Native project folder (e.g., MyApp) into your existing solution directory, typically alongside your angular, aspnet-core, and maui folders.
Add the new React Native project to your solution's source control and documentation for consistency.
Update your solution documentation and team workflow to reflect the presence of both mobile projects.
Each mobile project (MAUI and React Native) will be independent, but both can consume your backend APIs and share the same authentication and business logic via the API layer.
For more details on mobile application types in ABP Studio:
Best Regards
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To create a completely custom UI for your ABP pages, you have several options depending on your UI framework (Angular, Blazor, MVC). Below is a step-by-step approach for Angular and Blazor, which are the most common:
For Angular UI:
angular.json to include the new styles and scripts.app.component.html) to use your new components and structure.For Blazor UI:
For login and other special pages, you can override the default pages by creating new Razor or Angular components and placing them in the correct folder structure.
For all UI types, you can add your own logos, colors, and branding by updating the relevant CSS and image files.
Sources (validated):
These guides provide detailed, step-by-step instructions for fully customizing your ABP application's UI.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To set a tenant-specific connection string for a non-default (module-specific) database in ABP SaaS, but not require a "Default" connection string, you are running into a limitation of the current validation logic in the SaaS module UI. The validation enforces that the "Default" connection string is required unless "Use Shared Database" is checked, even if you only want to provide a module-specific connection string (e.g., for your DthOrderDb).
As a temporary workaround, you can provide a valid but unused connection string in the "Default" field (e.g., point it to a harmless or empty database). This will satisfy the validation, and your module-specific connection string will be used by your custom DbContext.
If you control the source, you can patch the validation logic in your fork or override the relevant Blazor component to relax the requirement for the "Default" connection string when at least one module-specific connection string is provided.
Example (pseudo-code for validation):
protected virtual void ValidateDefaultConnectionString(ValidatorEventArgs e)
{
var hasAnyModuleConnectionString = ConnectionStrings.ModuleConnectionStrings.Any(x => !x.Value.IsNullOrWhiteSpace());
e.Status = (!ConnectionStrings.UseSharedDatabase && ConnectionStrings.Default.IsNullOrWhiteSpace() && !hasAnyModuleConnectionString)
? ValidationStatus.Error
: ValidationStatus.Success;
e.ErrorText = e.Status == ValidationStatus.Error ? L["The {0} field is required.", L[$"DisplayName:{nameof(ConnectionStrings.Default)}"]] : null;
}
This would allow saving if at least one module-specific connection string is present.
The ABP team is aware of this limitation. You can follow or contribute to the discussion and possible fix here:
This is a known gap in the current SaaS module UI logic. Until it's addressed in the framework, the above workarounds are recommended.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
When multiple users are logged out simultaneously (such as due to inactivity), you may encounter the AbpDbConcurrencyException with a 409 error. This is caused by ABP's optimistic concurrency control, which is used to ensure data consistency when multiple operations attempt to modify the same data concurrently. In your case, the issue occurs during OpenIddict token operations, where multiple requests try to update or delete the same token record at the same time.
This is a known scenario with OpenIddict and ABP, especially when tokens are being revoked or deleted in parallel (e.g., mass logout or session expiration). The concurrency exception is thrown because the database operation expects to affect one row, but the row may have already been modified or deleted by another concurrent operation.
Understand Optimistic Concurrency: ABP uses optimistic concurrency by default for aggregate roots and entities implementing IHasConcurrencyStamp. When a concurrency conflict is detected, an exception is thrown to prevent data loss.
OpenIddict Token Concurrency: When multiple logout or token revocation requests happen at the same time, only one will succeed in updating/deleting the token, and the others will fail with a concurrency exception. This is expected behavior to ensure token integrity.
User Experience: The 409 error page is shown to the user because the exception is not handled gracefully. You can catch the AbpDbConcurrencyException globally and show a more user-friendly message or redirect the user to the login page.
Example (in your exception handling middleware or global error handler):
app.Use(async (context, next) =>
{
try
{
await next();
}
catch (AbpDbConcurrencyException)
{
// Redirect to login or show a custom message
context.Response.Redirect("/Account/Login");
}
});
No Data Loss: This exception does not cause data loss; it only prevents conflicting updates. The user should simply retry the operation or re-authenticate.
Further Reading and Community Discussion: This issue and its handling are discussed in the ABP support forum:
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
To distinguish cache data between your backend and public site, setting a unique KeyPrefix via AbpDistributedCacheOptions is correct. This ensures cache isolation, but it does not provide automatic cache synchronization between applications.
For feature management and other cross-app cache scenarios, ABP’s distributed cache (e.g., Redis) does not natively propagate cache invalidation events across different applications or key prefixes. This means that when a feature value changes (such as via the SaaS feature system), the cache in the public site will not be immediately updated unless the cache entry expires or is manually cleared.
To address this, ABP v9+ introduces HybridCache (AbpHybridCache), which combines local (in-memory) and distributed cache with automatic synchronization. When a cache entry is updated in one instance, HybridCache can notify other instances to invalidate their local cache, ensuring more immediate consistency across your backend and public site.
To use HybridCache in ABP:
AbpHybridCacheOptions in your modules.IHybridCache<T> instead of IDistributedCache<T> for shared cache scenarios.Example configuration:
Configure<AbpHybridCacheOptions>(options =>
{
options.GlobalHybridCacheEntryOptions = new HybridCacheEntryOptions
{
Expiration = TimeSpan.FromMinutes(20),
LocalCacheExpiration = TimeSpan.FromMinutes(10)
};
});
Example usage:
public class FeatureAppService : ApplicationService
{
private readonly IHybridCache<FeatureCacheItem> _hybridCache;
public FeatureAppService(IHybridCache<FeatureCacheItem> hybridCache)
{
_hybridCache = hybridCache;
}
public async Task<FeatureCacheItem> GetFeatureAsync(string key)
{
return await _hybridCache.GetOrCreateAsync(key, async () =>
{
// Load feature from source
});
}
}
For broader cache synchronization (not just features), use HybridCache for any shared data that must be consistent across applications. This approach ensures that cache invalidation and updates are propagated efficiently.
If you remain on distributed cache only, you must implement manual cache clearing or use shorter expiration times, but this is less efficient and can lead to stale data.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
The issue is caused by the Angular frontend being hosted at the root (client.StageDomain.com) and the API (HttpApi.Host) being hosted under a sub-path (client.StageDomain.com/api). ABP's ServiceProxyScript and other dynamic endpoints (like /Abp/ServiceProxyScript and /Abp/ApplicationConfigurationScript) are expected at the root of the API application, but when hosted under /api, the Angular app tries to load them from /Abp/ServiceProxyScript instead of /api/Abp/ServiceProxyScript.
This results in 404/500 errors and MIME type issues, as seen in your console logs, because the requests are routed incorrectly or the server returns an HTML error page instead of the expected JavaScript.
ABP's official documentation and templates assume that the API is either on a separate domain/subdomain or at the root of a site, not under a sub-path like /api. Hosting the API under a sub-path is not officially supported and leads to these issues.
To resolve this:
api.StageDomain.com) or at the root of a different site./api, but this is not recommended and not officially supported.For more details, see the official IIS deployment documentation:
In summary: Move your API to a root or subdomain, not a sub-path, for full ABP functionality.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
ABP Suite currently allows you to edit and customize code generation templates through the "Edit Templates" feature. These templates are embedded resources managed by the Volo.Abp.Commercial.SuiteTemplates package, and you can switch between UI and database provider templates as needed. However, there is no official community sharing area or "app store" for user-contributed templates at this time. Your suggestion aligns with common requests from the community, and it would be beneficial for collaborative template maintenance and sharing. You can follow updates on this feature in the official documentation and support channels.
Regarding your request for a template that uses a "filter" object (DTO) on the backend instead of multiple function-based filters: The current ABP Suite-generated code typically passes individual filter parameters to backend methods. Your approach—using a single filter DTO and AutoMapper for mapping—would indeed simplify maintenance and is a recognized best practice for complex filtering scenarios. While this is not the default behavior in ABP Suite, you can customize the templates to implement this pattern. If a community sharing platform for templates is introduced, it would make it easier to distribute and maintain such improvements collaboratively.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
