Learn More, Pay Less!
Limited Time Offer!

Activities of "Navneet@aol.com.au"

  • ABP Framework version: v9.0.1
  • UI Type: MVC
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Hello Abp team,

Hope I am giving you exciting challenges :-)

I need to pitch a Government Contract and I need to test two requirements before I send the proposal, as per my understanding OpenIddict do support RequireProofKeyForCodeExchange (PKCE) and a security feature Manual-Ltd https://www.rfc-editor.org/rfc/rfc8705

However, I don't know, how I can enable this feature in my ABP MVC Tieried Application.

Can you please suggest, how I can achieve this?

I am extending Openiddict to remove public string LogoUri { get; set; } and replace it with Filetype to allow my clients to upload images by themselves, what is the best way to achieve this to upload and save images in the database? maybe:

ConfigureOpenIddict(openIddict = {
    openIddict.ConfigureApplication(spp =>
        spp. AddOrUpdateProperty<File>(  ----> to show upload and show image?
        "ApplicationIcon"

Regards, Navneet

Thanks Maliming, this is exactly what I was looking for.

You are the best :-)

Hi Maliming,

Thanks for sharing resources, I will try to integrate them.

Sorry for asking again, I have found the class AbpIdentitySettingDefinitionProvider under Volo.Abp.Identity.Domain. Where can I find the file that contains the implementation of Get and Set to/from SettingManager, maybe in Volo.Abp.Identity.Application - sorry I cannot find it

Thanks, Navneet

hi

Is there any way I can check if Twilio is not enabled, and doesn't show a phone verification option?

You can inject the ISmsSender and check the instance if a TwilioSmsSender.


You can set IdentitySettingNames.SignIn.EnablePhoneNumberConfirmation to false for specific tenants.

Setting under Identity setting area.

Thanks,

I have found the class AbpIdentitySettingDefinitionProvider under Volo.Abp.Identity.Domain, however which service (or where can I find the file) is responsible for getting and setting this?

To extend the functionality of setting Twilio settings for each Tenant, I have looked at the class TwilioSmsSender.cs, the code with set the credentials has "lock (syncLock)" What is this for?

Do you see any issue if I reinitialise "TwilioClient.Init()" every time the application tries to send an SMS?

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info: 🧐 Hint: If you are using the ABP Studio, you can see all the information about your solution from the configuration window, which opens when you right-click on the solution and click on the Solution Configuration button.

  • ABP Framework version: vX.X.X
  • UI Type: MVC
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Hello Team,

  1. One of my Tenant's users was complaining that Phone verification is not working, upon checking, I never installed it in my project, but the application is still giving the option to verify the phone number, please see the screenshot below:-

Is there any way I can check if Twilio is not enabled, and doesn't show a phone verification option?

  1. Also, my tenant is now interested in activating Twilio, but upon checking it is a costly option, 20 SMS for $1, I am thinking of creating a Tenant based Twilio setting management, so that any tenant interested, Tenant can put their own Twilio credentials and use it, Is there any way can I use the same example of Ticket #8552 to get and set from MyTwilioService similar to CORS suggestions:
context.Services.RemoveAll(typeof(ICorsPolicyProvider));
context.Services.Add(ServiceDescriptor.Transient<ICorsPolicyProvider, MyCorsPolicyProvider>());


public class MyCorsPolicyProvider : ICorsPolicyProvider
{

Thanks, Navneet

Hi maliming,

Thanks for sharing the links, it is now crystal clear how CORS works in the backend with the request header.

PS:- I have also read your article on extending grant type, it was impressive - Good work mate!!

hi

For anonymous requests, there is no way to get the client ID.

The client id has to exist in a query string or form post.

You can try to inject the IHttpContextAccessor and call the GetOpenIddictServerRequest extension method.

var request = HttpContext.GetOpenIddictServerRequest()

but the OpenIddictServerRequest only exists in the openiddict request.

eg: connect/token or connect/authorize

Hi maliming,

you are correct, without authentication, client id cannot be accessed, however, I managed to get the client id by HttpContext.

  1. In your code, you have injected the below and didn't use it, do I need to get anything to enforce CORS by below:-
  private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
    private readonly CorsOptions _options;
  1. Also, when I browse the endpoint via Postman connect/token or connect/authorize I don't reach to MyCorsPolicyProvider method.

  2. Someresone get and set from cache is not working for me, could you please see if you can find any issue with my below code:

public class MyCorsPolicyProvider : ICorsPolicyProvider
{
    private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
    private readonly CorsOptions _options;

    private readonly IOpenIddictApplicationRepository _openIddictApplicationrepo;
    private readonly IDistributedCache<string> _cache;

    public MyCorsPolicyProvider(
        IOptions<CorsOptions> options,
        IDistributedCache<string> cache,
        IOpenIddictApplicationRepository openIddictApplicationrepo)
    {
        _options = options.Value;
        _cache = cache;
        _openIddictApplicationrepo = openIddictApplicationrepo;
    }

    public async Task<CorsPolicy?> GetPolicyAsync(HttpContext context, string? policyName)
    {
        //get domains from database, remember to cache it

        var httpContext = context;

        // Get the ReturnUrl from the query string
        var returnUrl = httpContext.Request.Query["ReturnUrl"].ToString();

        string clientIdFromUrl = "";

        if (!string.IsNullOrEmpty(returnUrl))
        {
            // Decode the ReturnUrl
            var decodedReturnUrl = HttpUtility.UrlDecode(returnUrl);

            // Check if the decoded URL contains a query string
            var uriParts = decodedReturnUrl.Split('?');

            if (uriParts.Length > 1)
            {
                var innerQueryString = uriParts[1]; // Extract the query string part

                // Parse the inner query string
                var queryParameters = HttpUtility.ParseQueryString(innerQueryString);

                // Extract the client_id
                clientIdFromUrl = queryParameters["client_id"];

            }
        }

        var CorsDomain = GetAsync(clientIdFromUrl);

        var domains = new List<string> { CorsDomain.ToString() };



        var builder = new CorsPolicyBuilder(Array.Empty<string>());
        builder
            .WithOrigins(
                domains.Select(o => o.Trim().RemovePostFix("/"))
                    .ToArray() ?? Array.Empty<string>()
            )

            .WithAbpExposedHeaders()
            .SetIsOriginAllowedToAllowWildcardSubdomains()
            .AllowAnyHeader()
            .AllowAnyMethod()
            .AllowCredentials();
        var result = builder.Build();

        return result;
    }

    private async Task<string?> GetAsync(string clientId)
    {
        var CorsFromCache = await _cache.GetAsync(clientId);

        if (CorsFromCache == null)
        {
            var CorsFromDb = GetFromDBAsync(clientId);

            await _cache.SetAsync(clientId,CorsFromDb.ToString());

            return CorsFromDb.ToString();
        }

        return null;
    }

    private async Task<string?> GetFromDBAsync(string clientId)
    {
        var appinfo = await _openIddictApplicationrepo.FindByClientIdAsync(clientId);

        return appinfo.AppCORS.ToString();
    }

}

hi

What is the process of your authentication?

After signing in to the website, you can get the client id.

Are you using the code flow to get token?

I have created an Application to use Allow Authorization Code Flow, below is the screenshot:

public class MyCorsPolicyProvider : ICorsPolicyProvider
{
    private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
    private readonly CorsOptions _options;
     protected IOpenIddictApplicationManager _ApplicationManager { get; }
     private readonly ICurrentClient _currentClient;

    public MyCorsPolicyProvider(
        IOptions<CorsOptions> options,
        IOpenIddictApplicationManager applicationManager,
        ICurrentClient currentClient)
    {
        _options = options.Value;
        _ApplicationManager = applicationManager;
        _currentClient = currentClient;
    }

    public async Task<CorsPolicy?> GetPolicyAsync(HttpContext context, string? policyName)
    {
        //get domains from database, remember to cache it

        var id = _currentClient.Id; // value is coming null
        
        var app = await _ApplicationManager.FindByIdAsync(id);

hi

I think your authserver indirectly dependent on openiddict domain module.

so you can inject the openiddict's repository.

authserver => EF core project => OpenIddict EF Core => OpenIddict Domain

Thanks Maliming,

I have injected "private readonly ICurrentClient _currentClient;" and _currentClient.Id is always null? I am not sure If I am missing anything.

hi

  1. Add MyCorsPolicyProvider to your AuthServer(web) project.

  2. You can inject the ICurrentClient, which has an Id property.

that make sense, however, If I add MyCorsPolicyProvider to AuthServer('web'), then how can I search as the authserver does not have direct to repository like:- private readonly IRepository<OpenIddictApplication, Guid> _OpenIddictApplicationRepository;"

to query like:- var selectedApplication = _OpenIddictApplicationRepository.GetAsync(id)

Showing 21 to 30 of 115 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on February 17, 2025, 05:40