I couldn't check permissions in my business logic in "Service 2" (see our current workflow picture attached below). Both services have connection to the same DB. I've attached pictures in my first post, where you can notice that property CurrentUser of AppService object doesn't contains any roles for this user. But If I open AuthorizeService in my controller, access token is parsed and claims with roles are present (see picture in prev post).
Hi,
I'm not using swagger in this case. I built Angular application based on ABP template. This application can authorize user and send request to several services. As you can see below in the picture, access token has been parsed and information about user and their roles is present. What is the reason IPermissionStore may return incorrect result?
You are right. I'm using separate Identity Server. All Identity Server configuring has been done.
I'm using simple Authorize attribute without any permission as extra parameters and I didn't find any mistakes in my log related to Identity Server. Looking forward for your findings.
Yes, it's there:
OK, thanks. Where the refresh_token lifetime is set?
I refrain from making everything suggested there, even though we do in fact use the same ng build options as described in the article. But as to angular.json file, we are using the settings suggested by ABP:
"assets": ["src/favicon.ico", "src/assets"]
instead of the ones suggested in the article:
"assets": ["/assets"]
So we would prefer to use ABP settings (or even hooks to resolve some confirmed issues, but suggested by your team instead of guys not related to ABP framework development).
So is there some solution or workaround related to correct /assets path in the published site? I asked on ABP github, but got no reaction...
Thank you! The problem with popup seems to be gone. However, I cannot close the ticket yet, since there are still the issues related to paths.
For instance, if I am getting exception while trying to use "Forgot password", I am represented the following page:
However, the link to "Go to the homepage" is incorrect - it points to the root folder (https://XXXXXX.cloudapp.azure.com) instead of Angular website (https://XXXXXX.cloudapp.azure.com/CentralTools). Is there a dedicated settings for this link? Because seems like I provided Angular website name in many places, as required...
Another issue is related to /assets path, it is also missing web application name:
Hi, I am using MailKit + hashed password text and still have the following error:
using the following setup:
public class CentralToolsSettingDefinitionProvider : SettingDefinitionProvider
{
public override void Define(ISettingDefinitionContext context)
{
//Define your own settings here. Example:
//context.Add(new SettingDefinition(CentralToolsSettings.MySetting1));
context.Add(
new SettingDefinition("Smtp.Host"),
new SettingDefinition("Smtp.Port"),
new SettingDefinition("Smtp.UserName"),
new SettingDefinition("Smtp.Password", isEncrypted: true),
new SettingDefinition("Smtp.EnableSsl"),
new SettingDefinition("Smtp.Domain")
);
}
}
appsettings.json below:
UPDATE: gave up and just used a plain password storage. I dunno, why Decrypt method does not work...
Hi. I am back. Regarding #3 - please, have a look: 'IdentityServer' part is missing in the constructed path, so pressing "Switch" button causes the error and the dialog is not opened (as I found out, it's due to the problem in abp.js, as mentioned before):
Hi. Thank you for assisting. I took another look at the existing code and have managed to make Login work. But it's rather a temporary solution with some hardcode changes. So I would like to clarify the following questions:
how to install a 'normal' free development SSL certificate on the published Azure site so the browser considered it 'correct' and did not raise relevant exceptions? Current temporary solution which I don't like is the following change in HttpApiHostModule:
options.JwtBackChannelHandler = new HttpClientHandler
{
//TODO: use valid certificate in future and change the logic
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
if I manage to install a normal certificate and would need to issue custom claims - do I need to add this:
var securityStampClaimType = new ClaimsIdentityOptions().SecurityStampClaimType;
var claims = new List<Claim>()
{
...
new Claim(securityStampClaimType, abpUser.SecurityStamp)
};
there is the following issue in the IdentityServer - because of it, it's not possible to open tenant switching popup (path by default is incorrect). Is it a bug or there is a way to set up 'IdentityServer' web app name somehow instead of hardcoding it?
