Hi, setting the .tpl files as embedded is not enough. You should also, ensure that your csproj file;
Microsoft.Extensions.FileProviders.Embedded NuGet package<GenerateEmbeddedFilesManifest>true</GenerateEmbeddedFilesManifest> into the <PropertyGroup>...</PropertyGroup> section of your .csproj file.Then, also check that the ConfigureServices method of your module has the following configuration:
Configure<AbpVirtualFileSystemOptions>(options =>
{
options.FileSets.AddEmbedded<UnionManagementModule>();
});
Regards.
Thank for you suggestion. So in option 1 do I need to configure post logout url which goes to OpenIddictApplications tables PostLogoutRedirectUris column? And do you talking about this where I need to configure redirect uri?https://github.com/abpframework/abp/blob/8.3.4/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Logout.cshtml.cs So instead of setting my appplication logged-out path to post redirect logout uri I set auth servers /Account/Logout to same redirect path?
Yes, you're right. In option 1, you should redirect the user to the auth server's /Account/Logout endpoint with a returnUrl parameter that points back to your app.
This ensures the logout happens on the correct domain where the __tenant cookie is set, and then brings the user back to your application.
The return URL (https://application-test.ab.app/logged-out in this case) must be registered in the PostLogoutRedirectUris column of your OpenIddictApplications table — otherwise, the redirect won’t be accepted.
Hi, when you use pro modules, we are using the nuget.abp.io website and the URL structure is: https://nuget.abp.io/{{apikey}}/v3/index.json
By getting and downloading the .nupkg packages, you don't need to login through ABP CLI. The URL, is enough, you can even directly download it through URL.
You can find your apikey from https://abp.io/my-organizations and use it in NuGet.Config file.
Hi, when you define separate connection strings per module, you should either write a connection string for all of them or also define a "Default" connection string, so the other modules can use it:
So, you should either pass the "Default" connection string, so other modules can use it, or you can define the file-management module connection string by following the documentation (and also separate db for your file management module): https://abp.io/docs/latest/framework/fundamentals/connection-strings
Regards.
Hi, did you check this thread, it seems it's same with your question?
Hey, okay great!
Is it in any release notes? I couldnt find any info on this subject. But good to know!
Thank you!
Hi, for the pro-releases we share their PR description in our website: https://abp.io/pro-releases
Here is the related PR: https://abp.io/pro-releases/pr/18919
Hi, first of all, thanks for the detailed explanation.
I know that I cannot delete cookie from another domain. So do you have any solution to forget selected tenant. I only need to do this for tenants which are not using local login.
You're correct: cross-domain cookies cannot be deleted by client-side code running on a different domain. Since the __tenant cookie is set on auth.application-test.ab.app, deleting it from application-test.ab.app has no effect.
For the solution, these are what came to my mind:
To fully clear the tenant cookie, you can redirect the user to the auth-server logout endpoint. After logout, redirect them to the login page and they can select a tenant again, or login as a host user (if they can).
If the first option is not applicable to you, then you may customize your auth-server's login logic to check if the __tenant cookie is present and then implement a tenant selection page?
The first approach is definitely, easier than the second one, if it's applicable for you, I suggest to go with the first option.
Regards.
Hi @batuhankara,
I just started using session management with openiddict, now everything looks ok. but when I enabled LogoutFromSameTypeDevices I find that all session has same Device on DB (AbpSessions) so I wonder why and how to control what value is passed to db
There is a class called OpenIddictCreateIdentitySession (handles the ProcessSignIn event of OpenIddict module), which gets the randomly generated sessionId and stores it in the database.
When you enable the LogoutFromSameTypeDevices option, then the IdentitySessionManager kicks in and revokes the other device sessions and removes them from the database and cache.
second question is it possible to make custom rule about it? for example if client is Web only 1 login allowed, if client is "Mobile" you can 5 or unlimited token etc. ?
Currently, we don't provide such an option. There are only three options: Disabled, LogoutFromSameTypeDevices and LogoutFromAllDevices. For custom scenarios, you should override the code and implement it yourself. If you want to customize, then you can refer to the How it works? section in the documentation and update the relevant places.
Regards.
Hi, yes, this is expected behavior. We made some design enhancements to Account Pages, and this is one of these enhancements. Along with the UI changes, this was one of the core implementation points. We require email verification before setting two-factor authentication because sthe ystem checks all 2fa providers in the background.
Regards.
Hi, it seems this question is similar to a previous question that you asked. So, please check this answer first, and if you have further question then I can assist you.
Regards.
