Hi Ismail,
Thanks for the answers.
WAF - we mean a Web Application Firewall on Azure (https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview)
Basically a proposed security architecture to us is to deploy a WAF in front, then an API-Manager (both in DMZ) and then ASP.NET zero solutions (internal network).
We know that you already support a number of social and external logins/authentication, however, the question is if possible to configure ASP.NET zero so that authentication is done by any of these two (WAF or API-Manager).
Thanks, Loizos
What is your product version? 12.1.0 What is your product type (Angular or MVC)? Angular 15 What is product framework type (.net framework or .net core)? .NET7
Hi support,
We are deploying our Application to Azure. We have a WAF protecting both the Application and the API service. These services are hosted on separate machines with a shared database. The WAF will do TLS termination.
We understand that JWT tokens is used as the authentication mechanism. However, we’re a little unclear on how the JWT token is used when accessing the API service. We are assuming the following scenario – are we correct please?
User accesses web application a. one-way TLS between the application and the WAF gives us an encrypted connection – i.e. the user is not authenticated to the WAF. b. user authenticates to the web application (username/password) and the web app returns JWT token.
User then calls the API service (which is on another machine) a. We assume that the JWT token has to be sent with the request to the API service? b. JWT authentication is then done at the API service i.e. authentication is done by the back-end machine?
Questions:
Do you have a basic design diagram showing the above interactions?
Can we configure the JWT service ?
Where is the JWT token stored? (we assume the shared DB?)
We would prefer it if the authentication was done nearer to the WAF and taken off the back-end service. We are considering an API-Manager between the WAF and the API service. a. Is it possible to configure our solution so that the JWT is handled by the API-Manager and not ASPNetZero? b. Do you have any examples of this architecture or do you think that this is not a good idea?
Thanks! Loizos
What is your product version? 12.1.0 What is your product type (Angular or MVC)? Angular 15 What is product framework type (.net framework or .net core)? .NET7
Hi support,
We are experiencing problems with login in (invalid user name or password) with host admin & default tenant admin users. Basically after upgrade to 12.1 we couldn't login to default tenant, we tried to impersonate host admin for this, it worked ok but then we realized that we cannot login to host admin. Something is completely messed up. Please advise!
Regards, Loizos
Hi @ismcagdas
No it's not an intranet app, will be fully exposed on internet. So, from security perspective is it enough to deploy both front & back ends behind a secure (HTTPS) port?
Thanks, Loizos
What is your product version? 11.4.0 What is your product type (Angular or MVC)? Angular 14 What is product framework type (.net framework or .net core)? .NET6
Hi support,
I would like to ask for some security recommendations on how to best expose front-end (Angular) and back-end web API on production environment. We know that due to it's an SPA application, both the front-end and back-end need to be accessible from the client side, but is it a good practice to deploy both in a DMZ zone? Is it secure? Please advise.
Thank you in advance!
Loizos
What is your product version? 11.4.0 What is your product type (Angular or MVC)? Angular 14 What is product framework type (.net framework or .net core)? .NET6
Hi support,
I would like to ask how to approach a use case that each tenant wants to have different set of data/fields for the same functionality i.e. store customer personal info, one tenant might want to start by storing 5 fields for their customers and other tenant 10 fields; I am talking about mandatory fields. How to approach this on back-end data model including SQL database. The same question for the front-end.
Also could the tenant later on modify this by adding/removing fields dynamically? Is there any build-in functionality that can handle such a case or do we have to develop a custom mechanism?
Thanks, Loizos
Thank you very much!
Hi ismcagdas,
I'm sorry, I have only checked the ngx-bootstrap components and there was nothing there for this purpose... so now I see that PrimeNG do support dropdown list here: https://www.primefaces.org/primeng/dropdown, which is pretty much similar to select2, so can I use this one instead of autocomplete?
Can I just import it in app.module.ts and use it, or you have to include it first in next releases? The same question goes for other components I see in PrimeNG list, can I just import them and use them?
Thanks, Loizos
What is your product version? 11.1.0 What is your product type (Angular or MVC)? Angular 13 What is product framework type (.net framework or .net core)? .NET6
Hi support,
I am struggling with select2 component can you please help on this? But I thought that most of the Metronic controls or at least the most common one - were included in asp.net zero, but it's not the case right? Do you have plans to add more?
Anyway, I followed instructions I found in several posts on how to install and use it in Angular but either npm commands not working so I had to use yarn, or module couldn't be found after I added it in app.module.ts, or my entire application was full with compilation errors after jquery and bootstrap installations... so I revert back all changes
Can you please advise on how to install and use it? Is there any other similar control that comes out of the box and I didn't realize/discover it?
Thanks, Loizos
Thank you @ismcagdas! All done, issue closed.