Activities of "priyankasynapxe"

[maliming] said: hi

but on package creation it is coming

Can you share a test project to show it?

liming.ma@volosoft.com Thanks

Can you please confirm if I go by version 9 and above, will it work with .net 8 ?

Thanks, Priyanka

[maliming] said: hi

Your project doesn't reference the Volo.Abp.Cli package.
Can you share how you got the vulnerability details from your project?

Thanks.

I have the same query, If I see in nuget package list, Volo.Abp.Cli is not listed but on package creation it is coming so I wanted to confirm if there is any package which is internally using it ?

Thanks

[maliming] said: hi

I'm getting security vulnerability for the Volo.Abp.Cli 8.3.4

What are the vulnerability details?

Thanks.

It is blocked as per my company policy; I'm sharing CVE link- https://nvd.nist.gov/vuln/detail/CVE-2024-43483.

Thanks.

[maliming] said: hi

How can I reproduce this?

Can you share some code and steps

Thanks.

yes, to reproduce refer the below example, here my teams table is child table and its parent is user table, in first example I just updated isActive value from false to true and with that Modifier id and modification time was update but in second example I updated teams so Modifier id and modification time is not updated for user table, it is updated for user and team mapping table, audit information for parent table used to update earlier but it stopped updating after abp version update

{ "userId": "03a062cb-49b9-4b1e-94b9-69bfdb381a8f", "fullName": "test", "email": "testuser@test.sg", "isActive": true, "institutionId": 5, "remark": null, "roleId": "1d761946-076c-dfaa-832f-3a09ec002f59", "teams": [ 23 ] }

{ "userId": "03a062cb-49b9-4b1e-94b9-69bfdb381a8f", "fullName": "test", "email": "testuser@test.sg", "isActive": true, "institutionId": 5, "remark": null, "roleId": "1d761946-076c-dfaa-832f-3a09ec002f59", "teams": [ 23, 25 ] }

let me know if you need more details.

Hi,

Can you share how you configured your Background Jobs in your each application? Including .Web and .Web_Int

Normally, if you disable job execution, it shouldn't even be triggered. It seems some misconfiguration.

I checked, this is happening as my application layer is shared between both solutions, I believe I need to split both solutions.

Hi @priyankasynapxe, did you do that? What's the last status of this?

Hi, after splitting the solution, it is working fine, I cannot see hangfire in .Web_Int now, thanks for the support.

Hi,

Can you share how you configured your Background Jobs in your each application? Including .Web and .Web_Int

Normally, if you disable job execution, it shouldn't even be triggered. It seems some misconfiguration.

I checked, this is happening as my application layer is shared between both solutions, I believe I need to split both solutions.

Hi, can you please confirm how can we manage servers on which hangfire will run, in my case, I have 2 web solution (added screenshot below for reference), 1 is for application and other is for interface, on interface solution background job is disabled and I have not added any hangfire code on WebModule.cs of eFC.Web_Int, I have added code only in WebModule.cs of eFC.Web. My app server and interface servers are different. eFC.Web is deployed on e.g. AppServer1, AppServer2 and eFC.Web_Int is deployed on e.g. InterfaceServer1, InterfaceServer2. My expectation is all the jobs should be processed by AppServer1, AppServer2 but seems like it is going all Interface servers too. How can I restrict that? also, whenever it is going on interface server it is giving below error, which is causing delay in job execution which is why I don't want job to execute in interface server.

Hi,

no, I'm not able to apply this as I'm not using ClientId and ClientSecret in my application anywhere

Are you sure about that? There should be clientId and clientSecret in your code, to define the OIDC client so you can login through your auth-server. Please search it through your application. (ClientId is typically probably is your application name, and clientSecret can be 1q2w3E* if you haven't changed it but, you should check your HttpApiHost project or DbMigrator project's appsettings.json file)

we are using external login; can I use that ClientId and ClientSecret ?

yes, if you are login through an external login provider, then you should pass that.

I have updated my code with but I'm getting below error after deployment on sign in:

2025-04-16 17:42:47.809 +08:00 [INF] Error from RemoteAuthentication: Unable to unprotect the message.State.. 2025-04-16 17:42:47.810 +08:00 [ERR] An unhandled exception has occurred while executing the request. Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> Microsoft.AspNetCore.Authentication.AuthenticationFailureException: Unable to unprotect the message.State. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at eFC.Web.eFCWebModule.<>c.<<OnApplicationInitialization>b__15_0>d.MoveNext() in C:\DIM\AprilRelease\eFC\src\src\eFC.Web\eFCWebModule.cs:line 471 --- End of stack trace from previous location --- at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<<CreateMiddleware>b__0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task) 2025-04-16 17:42:47.810 +08:00 [INF] CORS policy execution successful. 2025-04-16 17:42:47.813 +08:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2025-04-16 17:42:47.813 +08:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). 2025-04-16 17:42:47.816 +08:00 [INF] Executing ViewResult, running view ~/Views/Error/500.cshtml. 2025-04-16 17:42:47.827 +08:00 [INF] Executed ViewResult - view ~/Views/Error/500.cshtml executed in 11.268ms. 2025-04-16 17:42:47.827 +08:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 13.6018ms 2025-04-16 17:42:47.827 +08:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2025-04-16 17:42:48.006 +08:00 [INF] Request finished HTTP/1.1 POST https://hisfincvsapp02/SIT/eFCApp/signin-oidc - 500 null text/html; charset=utf-8 199.4496ms 2025-04-16 17:42:48.036 +08:00 [INF] Request starting HTTP/1.1 GET https://hisfincvsapp02/SIT/eFCApp/__bundles/Lepton.Global.CB0D5B09BE6F106B497F8CE2353AE3CC.css?_v=638803933595759917 - null null 2025-04-16 17:42:48.036 +08:00 [INF] Request starting HTTP/1.1 GET https://hisfincvsapp02/SIT/eFCApp/__bundles/Lepton.Global.8C50097CE846D065D72E2542DAD1838D.js?_v=638803933601845153 - null null 2025-04-16 17:42:48.038 +08:00 [INF] Sending file. Request path: '/__bundles/Lepton.Global.CB0D5B09BE6F106B497F8CE2353AE3CC.css'. Physical path: 'N/A' 2025-04-16 17:42:48.039 +08:00 [INF] Sending file. Request path: '/__bundles/Lepton.Global.8C50097CE846D065D72E2542DAD1838D.js'. Physical path: 'N/A' 2025-04-16 17:42:48.045 +08:00 [INF] Request finished HTTP/1.1 GET

Hi,

no, I'm not able to apply this as I'm not using ClientId and ClientSecret in my application anywhere

Are you sure about that? There should be clientId and clientSecret in your code, to define the OIDC client so you can login through your auth-server. Please search it through your application. (ClientId is typically probably is your application name, and clientSecret can be 1q2w3E* if you haven't changed it but, you should check your HttpApiHost project or DbMigrator project's appsettings.json file)

we are using external login; can I use that ClientId and ClientSecret ?

Hi, for dashboard authorization please refer to our documentation: https://abp.io/docs/latest/framework/infrastructure/background-jobs/hangfire#dashboard-authorization

Hi, can you confirm if I'll update hangfire code, it will be applicable for all background jobs added in application ?

Yes. When you integrate Hangfire, it replaces the default background job manager, and Hangfire’s own job manager will be used instead.

Hi, I referred document, I added permission, but it is not working, I'm getting 401 status code on accessing the dashboard even if permission is added, it is working in local but after deployment as my UI and backend is deployed on different server, I'm not able to access, what is the possible solution with this scenario?

Did you apply the all steps described at https://abp.io/docs/latest/framework/infrastructure/background-jobs/hangfire#dashboard-authorization-in-api-projects?

1-)

2-)

---

If you applied, can you share the error log?

no, I'm not able to apply this as I'm not using ClientId and ClientSecret in my application anywhere, but it is expecting these 2 properties, can I skip it? or can you help me to understand what is the use of these properties?