Hello, Here are the steps that might help you to reproduce this.
Have settings to lock the user after x number of failed attempts.
Login with Invalid credentials multiple times and lock the account.
Once the user is locked, we can see a lock sign in the Users List
Now in point 1, we configured the time for locking the user. So, wait for that amount of time and try to log in with valid credentials for the same user.
User will be able to login properly without any errors.
Issue: If we log in as Admin and check the user list, the lock sign will still be there for that user.
Expected: Once the User has successfully logged in after getting locked out, the "lock sign" should also be removed from the user list.
https://github.com/aspnetzero/aspnet-zero-core/issues/5135
Hello,
When 2-factor authentication is enabled, the user enters their Username and Password and then completes 2-factor authentication.
Now, the issue is that the LoginAsync() method in AbpLogInManager, saves the success records in the ABPLoginAttempts table before verifying the 2FA code entered by the user.
So in the case where the username and Password are correct, but the 2FA code is incorrect, a user fails to log in, but the ABPLoginAttempts table shows success.
Here it just checks the Username/Password and saves the attempt as Success.
Hi ismcagdas, Thank you for the information.
Hi @ismcagdas Using HTTPS for securing GraphQL requests is indeed an essential measure as it encrypts the data transmitted between the client and server, preventing man-in-the-middle attacks and eavesdropping. However, relying solely on HTTPS might not be sufficient for all security needs. Here are several benefits of adding payload encryption on top of HTTPS for GraphQL requests:
Implementing payload encryption does come with its challenges, such as the overhead of encryption and decryption, managing encryption keys, and potentially more complex application logic. However, for applications handling sensitive data or operating in high-risk environments, these benefits can significantly outweigh the costs, offering a more robust security posture than HTTPS alone.
<br>
Hi, Is there an example of using Encryption middleware with GraphQL in Aspnet Zero for decrypting requests and encrypting responses?
Thanks!
It was a configuration issue that I tried to run the project without .net8 the first time that I downloaded and for some reason it deleted all the imports. I used the one that I downloaded initally with .net8 installed and it started to work again.
Hello It is angular 15 we are using ABP version 12
While following the version update guide provided at https://docs.aspnetzero.com/en/common/latest/Version-Updating, I encountered issues during the migration of the API. The aspnetzero version 13 that I downloaded does not execute and lacks any imports, leading me to question if this was an intentional design choice. Currently, my project is experiencing over 12,000 file conflicts, primarily due to the removal of imports in version 13. Is this a typical scenario, and are we expected to resolve all these conflicts manually?
My team has encountered an issue where, despite the lockout duration expiring, users remain locked out according to the admin dashboard's user table, although login is possible. Could this be a bug within the framework, or is it possible that we are misconfiguring the user settings?