Activities of "liangshiwei"

Hi,

To achieve this, you can override the account layout and login pages.

Get the source code

You can use the ABP Suite to download the leptonx and account pro source code.

Override page

Copy pages to your project (Authserver) using the same folder path.

Here is the document how to override page: https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface

Hi,

Here is the logic: you have to enable local login and self-register both.

You can override the CheckSelfRegistrationAsync method if you needed

Hi,

Yes, it's tenant-level settings. You can log in as a tenant admin to set it.

Hi,

The value has come from the login callback.

This is the design that lets external users confirm their information.

You can override the register page to create a user in the OnGetAsnc method if you want.

For example:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(RegisterModel))]
public class MyRegisterModel : RegisterModel
{
    public override async Task<IActionResult> OnGetAsync()
    {
        ExternalProviders = await GetExternalProviders();

        if (IsExternalLogin)
        {
            await TrySetEmailAsync();
            var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync();
            if (externalLoginInfo == null)
            {
                Logger.LogWarning("External login info is not available");
                return RedirectToPage("./Login");
            }

            if (Input.UserName.IsNullOrWhiteSpace())
            {
                Input.UserName = await UserManager.GetUserNameFromEmailAsync(Input.EmailAddress);
            }
            user = await RegisterExternalUserAsync(externalLoginInfo, Input.UserName, Input.EmailAddress);
            
            await SignInManager.SignInAsync(user, isPersistent: true);

            // Clear the dynamic claims cache.
            await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);

            return Redirect(ReturnUrl ?? "/");
        }
        
        if (!await CheckSelfRegistrationAsync())
        {
            if (IsExternalLoginOnly)
            {
                return await OnPostExternalLogin(ExternalLoginScheme);
            }

            Alerts.Warning(L["SelfRegistrationDisabledMessage"]);
            return Page();
        }

        await SetUseCaptchaAsync();

        return Page();

        
        await TrySetEmailAsync();
    }
}

Hi,

This is a registration page for external users.

The user just needs to confirm his information

Hi,

You can try:

options.TokenValidationParameters = new TokenValidationParameters()
{
    ValidAudiences = new[] { "....", "...." }// add all audiences that you want to validate
};

I only get login to work when I set this setting to None. It doesn't feel right thing to do. But is there any other way? options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;

Are you using HTTPS?

Is there possibility to get login working without enabling self-registration when using Azure Entra Id?

Yes, you can disable self-registration, ABP will automatically register external users.

Hi,

It will be available in the next version

https://abp.io/support/questions/8864/New-Docker-support-added-Docker-compose#answer-3a186db6-09a7-007a-5a49-c044ee838458

We have explained how to run it in the README, so I think this change is unnecessary.

Hi,

This is because IOptions<..> will cache the option instance. So it will not trigger every time.

You can try another way:

.AddOpenIdConnect("AzureOpenId", "Azure AD", options =>
{
    options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
    options.ClientId = configuration["AzureAd:ClientId"];
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    options.CallbackPath = configuration["AzureAd:CallbackPath"];
    options.ClientSecret = configuration["AzureAd:ClientSecret"];
    options.RequireHttpsMetadata = false;
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("email");
    
    options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");

    // this event will call every time when redirect to azure.
    options.Events.OnRedirectToIdentityProvider = async redirectContext =>
    {
        redirectContext.ProtocolMessage.ClientId = "xxxx";
        redirectContext.ProtocolMessage.ClientSecret = "xxx";
    };
})

Hi,

This is the expected behavior, because ABP uses proxies to create interceptors for things like units of work, auditing log.

Instead, I recommend you use lazy injection.

See: https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ddd.Application/Volo/Abp/Application/Services/ApplicationService.cs#L57

They will only be loaded when first used to get better performance.