hi
The Remember me means keep your login status instead of your username.
We are expecting to have Username prepopulated in login page when user selcts the "Remember me" checkbox and login successfully.
You can customize the login page to get the username that already login.
https://support.abp.io/QA/Questions/240/How-to-customize-the-login-page https://community.abp.io/articles/how-to-customize-the-login-page-for-mvc-razor-page-applications-9a40f3cd
I think it is because the user's SecurityStamp has changed.
SecurityStamp: A random value that must change whenever a users credentials change (password changed, login removed)
- Remove sensitive data from the payload if it is not required - Not sure if this is possible and application will work
- Instead of placing sensitive data in the payload, use an indirect object reference which is resolved on the server side - Not sure if this is possible and application will work
You can remove some claims from the Factory.
https://github.com/abpframework/abp/blob/dev/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpUserClaimsFactory.cs https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/AbpUserClaimsPrincipalFactory.cs https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory
3.Encrypt the JWT payload using the JSON web encryption (JWE) scheme 4.Encrypt sensitive data within the JWT payload using a custom process.
I found some discuss about this.
https://github.com/DureSameen/IdentityServer4.JWE
i even tried return true alwas but no luck.
What's is results now?
https://samesite-sandbox.glitch.me/
Can you share your website url and user&password with me? liming.ma@volosoft.com
hi
I can't think of any possible reasons, we have followed Microsoft's documentation.
Can you try to use redis backplane in non-abp applications?
You should implement the IMultiTenant interface for your entities to make them multi-tenancy ready.
https://docs.abp.io/en/abp/latest/Multi-Tenancy
See https://github.com/abpframework/abp/pull/7509
The entity inherits IMultiTenant which means it is multi-tenant, and will try to get the connection string of the tenant.
hi
It is currently impossible. : )
is it correct behavior? When it needs to be triggered??
For instance, current tenant's company have bound licences, each of licence determines which UI pages ("modules") are accessible for current user.
You can create some permissions, Don't grant to users or user roles. Then your custom PermissionValueProvider will be triggered.
You can check the current tenant's company licences to return true or false, angular will show/hide the menu according to this value.
https://docs.abp.io/en/abp/latest/Authorization#advanced-topics