No user id when embedded in an iframe #10827

daws created 2 years ago

What is your product version? 10.3
What is your product type (Angular or MVC)? Angular
What is product framework type (.net framework or .net core)? ?Net Core
What is ABP Framework version? 6.3.1

Hi,

I want to embed my angular aspnetzero application in an iframe on a customer website. To be able for them to access the data, I match my angular routes with tenant and language parameters. Example here

If you open the console, you see the tenancy and language (parsed from the url) and the user id (a public user is automatically created and logged in to store user preferences).

However, when I embed this page in an iframe on a website which is on a different URL, I can't get the user id with SessionService or abp.session.userId. Without a user id, my code will keep trying to login a new public user and reload the page in an infinite loop.

How can I get the user id when the page is embedded in an iframe ?

4 Answer(s)

0
musa.demir created 2 years ago
Hi @daws

It is because of the tracking protection mechanisms implemented by the major browsers and browser engines. You can not use cookie in the iframe. I can offer two solution for you.

Mark related cookies as SameSite=None and Secure

Use localstorage

Here is where auth code is https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Resources/Abp/Framework/scripts/abp.js#L175-L199. You should override it.

You can create new javascript in your project. Then add it to the angular.json's script sectionhttps://github.com/aspnetzero/aspnet-zero-core/blob/59d8a2e46e84f4a67b4ce369cf604847863bc107/angular/angular.json#L96.

abp.auth.setToken = function (authToken, expireDate) { localStorage.setItem(abp.auth.tokenCookieName, authToken); }; abp.auth.getToken = function() { return localStorage.getItem(abp.auth.tokenCookieName); }; abp.auth.clearToken = function() { localStorage.removeItem(abp.auth.tokenCookieName); }; // do the same for refresh token
0
daws created 2 years ago
Ok thank you. Your 2nd solution works...except for the language.

How can I also set the language in the session ?

So in the frontend I'm replacing this code :

abp.utils.setCookieValue( 'Abp.Localization.CultureName', language.name, new Date(new Date().getTime() + 5 * 365 * 86400000), // 5 year abp.appPath );

by this :

localStorage.setItem('Abp.Localization.CultureName', language);

But then, I can't find where the language is retrieved. I tried to change request headers in AppPreBootstrap but it didn't work.

Shall I change the backend culture provider ? If yes how so ?
0

musa.demir created 2 years ago

Hi @daws

What about replacing abp.utils.setCookieValue and abp.utils.getCookieValue ?
0

daws created 2 years ago

Seems to work fine. Thank you very much !

Have an answer to this question? Log in and write your answer.