Activities of "KPCS"
Hi Team,
While doing Vulnerability Assessment and Penetration Testing (VAPT) ASPNet zero application we found that Application is transmitting clear text password in Login page.
In this case attacker can use network sniffer tools to capture HTTP requests which contain user passwords.
Please see the attached screen shot for your reference.
Due to this our production deployment is gone on hold. Please look this issue on Priority and provide us the solution.
Thanks,
Kind Regards, Kumar Prashant
Hi Team,
Any update?
Kind Regards, Kumar Prashant
Hi,
Please see the following link to download the project:
###############################
Steps:
- Extract zip
- Open KPCSDemo.Web.sln in visual studio and run (first Get DB Setup using migration and then run Web.Host project. This will launch swagger UI. Here API GetAllCities() can be accessed.
- Open KPCSDemo.Receiver.App.sln in visual studio and run KPCSDemo.Receiver.App. This will call the above Service Method and will throw the mentioned exception.
Thanks,
Kind Regards, Kumar Prashant
Please use following github link to download the code:
https://github.com/kumaresop/MyApp-ReceiverApp-Exception
Thanks,
Kind Regards, Kumar Prashant
Hi,
Please refer following link for the code of GetAllStateOrProvinceForTableDropdown:
https://prorigosoftware.sharepoint.com/Shared%20Documents/Forms/AllItems.aspx?id=/Shared%20Documents/AspNetZeroSupport&p=true&originalPath=aHR0cHM6Ly9wcm9yaWdvc29mdHdhcmUuc2hhcmVwb2ludC5jb20vOmY6L2cvRWpXRldJTTBJUFpCbXhjU1Fsc3VxbW9CaEs3ME1qcGFxR05adS00aFcxc01UZz9ydGltZT1lS0hrcnFTZDJFZw
The details of the code are:
Interface/ and Implementation/ folders containing service, interface, dtos for City which is representative code of the service/method which is consumed in ReceiverApp
In ReceiverApp/ folder the code which does dependency injection of required City services and its inner dependecies and code to call the service is present. This is where we get the exception
The code is representative and not complete code, but only the relevant part in Interfaces/ Implementation/ this is done for privacy purpose (replacing project name, namespace etc.). Also a baseservice which is extended in CitiesAppService is not included. But this looks irrelevant to problem at hand.
We have ensured that GetAllCities() work correctly from Swagger UI which does http based call to the service method. Methods like this also work equally well from Angular UI which is again http based call mechanism.
In place of GetAllStateOrProvinceForTableDropdown , ​please refer to GetAllCities(). Syntactically it is exacly same.
Thanks,
Kind Regards, Kumar Prashant
Hi Team,
We are getting following issue. Request you to please provide the solution ASAP.
Exception: The source IQueryable doesn't implement IAsyncEnumerable<MyApp.MyDto.Dtos.AddressCountryLookupTableDto>. Only sources that implement IAsyncEnumerable can be used for Entity Framework asynchronous operations
We tried using .Net Core based console app with aspnetzero support. In that we tried to do dependency injection of the services from MyApp. We tried invoking method from AddressesAppService from MyApp.
Below are the details of MyConsoleAppModule.cs, MyConsoleAppDbContext.cs and Program.cs code
1) Below is the module MyConsoleAppModule.cs - DependsOn(typeof(AbpEntityFrameworkModule))] public class MyConsoleAppModule : AbpModule
a> In its PreInitialize() , we read appsettings.json and did
IConfigurationRoot configuration = builder.Build(); Configuration.DefaultNameOrConnectionString = //connection string for DB of MyApp
b> In its Initialize(), We did service registration for AddressesAppService and what it depends on as below-
IocManager.RegisterAssemblyByConvention(Assembly.GetExecutingAssembly()); IocManager.Register<IAddressesAppService, AddressesAppService>(DependencyLifeStyle.Transient); IocManager.Register<IRepository<Address, long>>(DependencyLifeStyle.Transient); IocManager.Register<IRepository<Country, long>>(DependencyLifeStyle.Transient); IocManager.Register<IRepository<StateOrProvince, long>>(DependencyLifeStyle.Transient); IocManager.Register<IAddressesExcelExporter, AddressesExcelExporter>(DependencyLifeStyle.Transient); IocManager.Register<ITempFileCacheManager, TempFileCacheManager>(DependencyLifeStyle.Transient);
2) Also, we had MyConsoleAppDbContext.cs -
public class MyConsoleAppDbContext : AbpDbContext where we added below DbSet for the tables needed by AddressesAppService as below public virtual IDbSet<Address> Addresses { get; set; } public virtual IDbSet<Country> Countries { get; set; } public virtual IDbSet<StateOrProvince> StateOrProvince { get; set; }
public MyConsoleAppDbContext() : base("Default") {
}
public MyConsoleAppDbContext(string nameOrConnectionString) : base(nameOrConnectionString) {
}
- With above, in Program.cs -
static async Task Main(string[] args) { using (var bootstrapper = AbpBootstrapper.Create<MyConsoleAppModule>()) { bootstrapper.IocManager .IocContainer .AddFacility<LoggingFacility>(f => f.UseAbpLog4Net().WithConfig("log4net.config"));
bootstrapper.Initialize();
{
//Test_Way_MyAppAsync(bootstrapper.IocManager);
var result = await Test_Way_MyAppAsync(bootstrapper.IocManager);
if (result != null)
{
Console.WriteLine(result.ToList().Count);
}
}
}
public static async Task<List<AddressStateOrProvinceLookupTableDto>> Test_Way_MyAppAsync(IIocManager iocManager)
{
var addressesAppService = iocManager.Resolve<AddressesAppService>();
//below was a sync result returning service method and it worked well
//var result = addressesAppService.Object.GetAll();
//Console.WriteLine(result.StateOrProvinceId);
//below was a async result returning service method and here we had the exception var result = await addressesAppService.GetAllStateOrProvinceForTableDropdown(); //return result; return await Task.FromResult(result.ToList()); } }
Thanks,
Kind Regards, Kumar Prashant
Any update?
Hi Support Team,
We want to develop a re-usable component which will have its own Angular UI Pages/Components, Database Tables and Services, which can be shared across different AspNetZero applications.
In that, can the AspNetZero Plugin approach be used? (ref link https://aspnetboilerplate.com/Pages/Documents/Plugin ) Can the plugin contain an entire set of Modules similar to a typical AspNetZero application, like - DB Migration, EF, Services, Web.Core, Web.Host etc. on the service side? As well as, can the angular UI part of this module code be part of this Plugin.
Link 1) https://aspnetboilerplate.com/Pages/Documents/Module-System looks like limited to service classes only.
Waiting for your quick response.
Thanks,
Kind Regards, Kumar Prashant
Hi,
While integrating elsa in ASPNetZero we are getting an error. We are using following steps to setup ESLA. Please help us on solving this issue.
Steps :
Added the latest Elsa package on the Web.Host Elsa Elsa.Dashboard Elsa.Persistence.EntityFrameworkCore
Added Elsa home controller call in a KPCSWebHostModule public override void Initialize() { IocManager.RegisterAssemblyByConvention(typeof(ElsaProjectWebHostModule).GetAssembly());
Register(typeof(Elsa.Dashboard.Areas.Elsa.Controllers.HomeController).GetAssembly()); Register(typeof(Elsa.WorkflowDesigner.ViewComponents.WorkflowDesignerViewComponent).GetAssembly());}
private void Register(Assembly assembly) { //Controller IocManager.IocContainer.Register( Classes.FromAssembly(assembly) .BasedOn<Controller>() .If(type => !type.GetTypeInfo().IsGenericTypeDefinition && !type.IsAbstract) .LifestyleTransient() );
//Razor Pages IocManager.IocContainer.Register( Classes.FromAssembly(assembly) .BasedOn<PageModel>() .If(type => !type.GetTypeInfo().IsGenericTypeDefinition && !type.IsAbstract) .LifestyleTransient() ); //ViewComponents IocManager.IocContainer.Register( Classes.FromAssembly(assembly) .BasedOn<ViewComponent>() .If(type => !type.GetTypeInfo().IsGenericTypeDefinition) .LifestyleTransient() );}
Database call in a startup file
services // Add services used for the workflows runtime. .AddElsa(elsa => elsa.AddEntityFrameworkStores<SqlServerContext>(options => options.UseSqlServer(@"Server=localhost;Database=SampleElsaDb;User=sa;Password=Local;")))
// Add services used for the workflows dashboard. .AddElsaDashboard();
4: Error
ERROR 2020-11-04 17:53:20,889 [13 ] Mvc.ExceptionHandling.AbpExceptionFilter - Method not found: 'System.__Canon AutoMapper.IMapper.Map(System.Object)'. System.MissingMethodException: Method not found: 'System.__Canon AutoMapper.IMapper.Map(System.Object)'. at Abp.AutoMapper.AutoMapperObjectMapper.Map[TDestination](Object source) at KPCS.Sessions.SessionAppService.GetCurrentLoginInformations() in F:\ESOP\src\RuleEngine\KPCS\KPCS\src\KPCS.Application\Sessions\SessionAppService.cs:line 74 at lambda_method(Closure , Object ) at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult() at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.
Hi,
We checked on ELSA roadmap and it seems to be slow in evolving. Due to this issue "Mvc.ExceptionHandling.AbpExceptionFilter - Unable to cast object of type 'Castle.Proxies.SessionAppServiceProxy' to type 'Microsoft.AspNetCore.Mvc.Controller'." is not fixed yet on release.
Which other workflow engine have you seen integrating effectively with ASPNetZero?
Thnaks,
Kind Regards, Kumar Prashant