Hi,
Do you mean to try that as a test?
The application is multi-tenant so that wouldn't work for all of the different clients.
Also, I ran some tests with this code and although it adds a cookie with the '.' prefix it doesn't prevent the site from crashing.
Limited Time Offer!
console.log("myleptonx.js loaded");
function setCookie(name, value, domain, day = 365) {
var expires = new Date();
expires.setTime(expires.getTime() + (day * 24 * 60 * 60 * 1000));
//prefix domain with '.' to make it work for subdomains
document.cookie = name + '=' + value + ';expires=' + expires.toUTCString() + ';domain=.' + domain + ';path=/';
}
// Remove default event listener from leptonx theme in global.js
document.body.removeEventListener('on', leptonx.AppearanceSettingEvent);
// Hardcode to app.localhost for local testing
setCookie("lpx_loaded-css", "dark", "app.localhost");
// Add new event listener to leptonx theme with subdomain cookie
//leptonx.AppearanceSettingEvent.on(document.body, evnet => {
// var theme = evnet.detail.theme;
// setCookie("lpx_loaded-css", theme, "app.localhost");
// setCookie("lpx_appearance", theme, "app.localhost");
//});
Subdomain tenant mapping is not working correctly after converting a Blazor Server to Blazor Web App.
Behavior Initially a user can login to the tenant as normal but after a couple minutes the session will force a logout.
Partial Console Logs:
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 warn: Volo.Abp.IdentityModel.IdentityModelAuthenticationService[0]
Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration.
(anonymous) @ dotnet.runtime.8.0.7.3bvrr6lyon.js:3
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 info: System.Net.Http.HttpClient.AbpMvcClient.LogicalHandler[100]
Start processing HTTP request GET https://redacted.com/api/abp/application-configuration?IncludeLocalizationResources=False&api-version=1.0
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 info: System.Net.Http.HttpClient.AbpMvcClient.ClientHandler[100]
Sending HTTP request GET https://redacted.com/api/abp/application-configuration?IncludeLocalizationResources=False&api-version=1.0
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 info: System.Net.Http.HttpClient.AbpMvcClient.ClientHandler[101]
Received HTTP response headers after 160.1ms - 200
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 info: System.Net.Http.HttpClient.AbpMvcClient.LogicalHandler[101]
End processing HTTP request after 188.2ms - 200
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 warn: Volo.Abp.IdentityModel.IdentityModelAuthenticationService[0]
Could not find IdentityClientConfiguration for AbpMvcClient. Either define a configuration for AbpMvcClient or set a default configuration.
dotnet.runtime.8.0.7.3bvrr6lyon.js:3 info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
Application Insights Logs
This issue does not present when logging into the main (admin) site. If subdomain tenant mapping is disabled the application works correctly.
Module Configuration
Redacted.Blazor
---> RedactedBlazorModule.cs
Here is our WebModule configuration.
PreConfigure<OpenIddictBuilder>(builder =>
{
_ = builder.AddValidation(options =>
{
_ = options.AddAudiences("SafetyPlusWeb");
_ = options.UseLocalServer();
_ = options.UseAspNetCore();
});
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
// In production, it is recommended to use two RSA certificates,
// one for encryption, one for signing.
_ = serverBuilder.AddEncryptionCertificate(
GetEncryptionCertificate(context.Services.GetConfiguration()));
_ = serverBuilder.AddSigningCertificate(
GetSigningCertificate(context.Services.GetConfiguration()));
});
var domainFormat = GetDomainFormatForEnvironment(hostingEnvironment);
PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
{
options.EnableWildcardDomainSupport = true;
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}");
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}/signin-oidc");
_ = options.WildcardDomainsFormat.Add($"https://{domainFormat}/signout-callback-oidc");
});
}
}
public override void ConfigureServices(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
var domainFormat = GetDomainFormatForEnvironment(hostingEnvironment);
Configure<AbpTenantResolveOptions>(options =>
{
options.AddDomainTenantResolver(domainFormat);
});
if (!configuration.GetValue<bool>("App:DisablePII"))
{
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
}
if (!configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata"))
{
Configure<OpenIddictServerAspNetCoreOptions>(options =>
{
options.DisableTransportSecurityRequirement = true;
});
}
if (!hostingEnvironment.IsDevelopment())
{
_ = context.Services.AddSignalR(options =>
{
options.AddFilter<AbpMultiTenantHubFilter>();
}).AddAzureSignalR();
}
ConfigureOptions(context, configuration);
ConfigureAuthentication(context);
ConfigureUrls(configuration);
ConfigureBundles();
ConfigureImpersonation(context, configuration);
ConfigureAutoMapper();
ConfigureVirtualFileSystem(hostingEnvironment);
ConfigureMultiTenancy();
ConfigureSwaggerServices(context.Services);
ConfigureExternalProviders(context, configuration);
ConfigureAutoApiControllers();
ConfigureBlazorise(context);
ConfigureRouter(context);
ConfigureMenu(context);
ConfigureCookieConsent(context);
ConfigureAuditingOptions(context);
ConfigureTheme();
Configure<SettingManagementComponentOptions>(options =>
{
options.Contributors.Add(new SafetyPlusWebSettingsComponentContributor());
});
if (!hostingEnvironment.IsDevelopment())
{
Configure<AbpTenantResolveOptions>(options =>
{
options.AddDomainTenantResolver(domainFormat);
});
}
}
```
We really need to understand better how to interact with the file management APIs so as to override them.
Managing permissions isn't the requirement here. We need support in applying permissions against the module.
Can we get some basic documentation and or explanation of how the module works?
The wiki is very limited on this module.
Hi
It makes sense how to add permissions but what we need help with is where do we apply the permissions on a file by file basis?
How do we mark a file as confidential for example and then based on a permission filter it out from being viewable in the directory tree?
Can you give some guidance on a good place to start interacting with the existing code?
Can we override any existing classes?
Hi Anjali
I see what you're saying but we need to apply permissions on a per folder and per file basis.
Yes that would be helpful.
Basically the goal is to reduce the number of clicks that a user has to do to change accounts across tenants.
So imagine a scenario where the user is on an invoices page and they want to enter invoices for one tenant and then quickly switch to another tenant and add invoices there as well.
The current navigation is kind of clicky and involves multiple steps to switch tenants.
The goal would be something that is a little bit more like say Gmail for example where you can switch back and forth with ease and few clicks.
And I understand that there are some technical challenges and limitations from what I initially asked.
Therefore with the goals that we have in mind are there any easy wins that we can implement as an alternative?
Is there any way we can streamline it or reduce the number of clicks? Any suggestions on how we can improve the user experience?
Basically can you think of any recommendations that we could apply in a reasonable fashion?
How are permissions mapped to File Management files and actions?