Base solution for your next web application
Open Closed

Access to the Abp.AspNetZeroCore.Web source code #11723


User avatar
0
mdepouw created

I'm confused as to why we don't have access to the source code for Abp.AspNetZeroCore.Web. Shouldn't that source be available in one of the private repo's in https://github.com/aspnetzero? If we have an active license don't we have access to the source code?

What am I misunderstanding?


reference other posts about this topic:

https://support.aspnetzero.com/QA/Questions/4571#answer-86b1a766-de44-49d6-aa29-fa0f014f9e5d

yeah this package is closed source due to licensing purposes.

and https://support.aspnetzero.com/QA/Questions/8511/Access-to-the-AbpAspNetZeroCoreWeb


8 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mdepouw

    This library contains license control code and because of that, it is close sourced, see https://aspnetzero.com/Faq#provides-full-source-code. If you need to access business code in this library, please send an email to [email protected]

  • User Avatar
    0
    mdepouw created

    Hi @ismcagdas 👋

    1. The solution also has a closed-source NuGet package that is used to protect ASP.NET Zero's license rules. source

    That part makes sense 👍. If the source was available for license checking then one could subvert the rules & modify that code. But, anything outside of that, why make that closed source? 🤔


    For example, I'm extending ASP.NET Zero to support multiple OpenID providers in one tenant & I wanted to understand how Abp.AspNetZeroCore.Web.Authentication.External.ExternalAuthManager is behaving.

    Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔


    Not a huge deal, just trying to understand 😊, thanks!

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Thanks :). ExternalAuthManager currently supports only one OIDC provider. It basically creates an external

    public IDisposableDependencyObjectWrapper<IExternalAuthProviderApi> CreateProviderApi(string provider)
    {
    	ExternalLoginProviderInfo providerInfo;
    	if (_externalAuthConfiguration.ExternalLoginInfoProviders.Any(infoProvider => infoProvider.Name == provider))
    	{
    		providerInfo = _externalAuthConfiguration.ExternalLoginInfoProviders
    			.Single(infoProvider => infoProvider.Name == provider)
    			.GetExternalLoginInfo();
    	}
    	else // if not exist in new version, use old one
    	{
    		providerInfo = _externalAuthConfiguration.Providers.FirstOrDefault(p => p.Name == provider);
    	}
    	
    	if (providerInfo == null)
    	{
    		throw new Exception("Unknown external auth provider: " + provider);
    	}
    
    	var providerApi = _iocResolver.ResolveAsDisposable<IExternalAuthProviderApi>(providerInfo.ProviderApiType);
    	providerApi.Object.Initialize(providerInfo);
    	return providerApi;
    }
    

    For OIDC, it uses OpenIdConnect text. So, you may create a new OIDC provider with OpenIdConnect2 for example to support second OIDC provider.

  • User Avatar
    0
    mdepouw created

    So, you may create a new OIDC provider with OpenIdConnect2 for example to support second OIDC provider.

    That's the path I was heading down 😊! The issue I came across when doing that was on ExternalAuthManager.GetUserInfo(). The provider is not passed through to OpenIdConnectAuthProviderApi.GetUserInfo().

    In the returned object, I can see the Provider is hardcoded 😢. I ended up overriding the Provider after calling the method. i.e.

    var userInfo = await _externalAuthManager.GetUserInfo(model.AuthProvider, model.ProviderAccessCode);
    // ugly!
    userInfo.Provider = model.AuthProvider;
    return userInfo;
    

    Decompiled code snippet of OpenIdConnectAuthProviderApi:

    public class OpenIdConnectAuthProviderApi : ExternalAuthProviderApiBase
    {
    	public override async Task<ExternalAuthUserInfo> GetUserInfo(string token)
    	{
    		...
    		return new ExternalAuthUserInfo
    		{
    			Provider = "OpenIdConnect",
    			ProviderKey = validatedTokenResult.Token.Subject,
    			Name = fullNameParts[0],
    			Surname = ((fullNameParts.Length > 1) ? fullNameParts[1] : fullNameParts[0]),
    			EmailAddress = emailClaim.Value,
    			Claims = validatedTokenResult.Principal.Claims.Select((Claim c) => new ClaimKeyValue(c.Type, c.Value)).ToList()
    		};
    	}
    
    }
    
  • User Avatar
    0
    mdepouw created

    Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔

    My question still stands though 😊

  • User Avatar
    0
    mdepouw created

    Next challenge, how can I add additional configuration fields to an OpenID Connect provider if that source code is not modifiable?

    I wanted to add Issuer and WellKnown to appsettings.json for supporting Azure AD B2C but I'm not seeing a way w/o hacking up the code. Seems like a pretty simple thing, add a few more fields to the config & modify the code that's reading it but that's not the case here.

    I'm not seeing it, what does "license control code" have to do w/ external authentication? 🤔

  • User Avatar
    0
    ismcagdas created
    Support Team

    Please see the screenshot below... the green I get & is properly related to licensing but the red, how does that related to licensing? 🤔

    These are the code blocks we selected to put into license control package. If license control pacakge doesn't have any source code used in the main app, so you can easily delete the reference of license packages and disable license control :)

    Authority in the appsettings.json is used as the Issuer. I'm not sure why do you need WellKnown.

    Did you configure OpenId section in appsettings.json and faced a problem while login via Azure AD ?

  • User Avatar
    0
    mdepouw created

    If license control pacakge doesn't have any source code used in the main app, so you can easily delete the reference of license packages and disable license control :)

    Ah, 🤦‍♂️, that makes sense! I see now, thanks!

    Did you configure OpenId section in appsettings.json and faced a problem while login via Azure AD ?

    I did but we're using Azure AD B2C not AD 😊. Please see this ticket for challenges (looks like lack of support) for configuring Zero w/ B2C.

    Closing this ticket, thanks!