Is there a way to prevent concurrent logins by the same User? Under a subscription-based service my SaaS application is being sold with a specific number of user licenses based on the version they purchase. Users can get around this by simply sharing a login. Is there a way to prevent User2 from logging with User1's credentials if User1 is already logged in?
When creating a Tenant you can configure the default password requirements. All of the Security Features are handled on the Settings/Security Page. If you grant a Tenant access to that page, which may be important for them to control things like User Lockout and Two-Factor Authentication, you also give them the ability to change the password requirements. This means a Tenant could set up a 3 letter password requirement which compromises security for the entire application.
Is there a way to set or hardcode a minimum password requirement where the User cannot go below, for example 8 characters?
Another option would be to split off the Password Settings into a different Page Permission from Settings, that way the User still has access to the other parts of the Settings/Security but the Host could determine if Tenants can or cannot change the Password Complexity.
Thanks for your response. I understand that decisions have to be made about software and what version to support.
I do question your choice of <ins>only</ins> using the last two months of downloads and then making a broad claim that "2/3 of our customers are using Net Core/Angular." That data is slanted since it represents such a short time period. All you can say is that "2/3 of the customerssince May." I downloaded the 4.1 MVC 5 version and then learning that the new features were not in MVC 5, I downloaded the Net Core 4.1 version to do a test install to see the features so I am one of your 26.5%. But I am not going to completely redo my current application to move to Net Core.
I expect if you go back to the product release date you'll find a very different overall use pattern for your customers.
This is using the 4.1 Net Core MVC Version.
I'll follow up on this thread. It is disappointing that the Subscription Features in 4.1 are only being implemented in Net Core/Angular and that no future enhancements will be made for MVC 5. While Net Core is "cutting edge" it is also, just that - out on the edge. With Entity Framework Core still catching up <ins>even Microsoft</ins> isn't telling developers Microsoft to "abandon MVC 5 and only do Core." MVC 5 applications will be around for another ten years at least and it will be <ins>years</ins> before the huge amount of existing MVC 5 apps are ported over to Net Core, if ever. Most shops building enterprise apps are moving to Core slowly and sticking with the reliability of MVC 5 so I think it is a big mistake for Volosoft and for all your customers to ignore future feature updates to MVC 5.
Out of curiosity, how many users have downloaded copies of MVC 5 versus the Core version?
4.1 bug, just tested out Net Core version of 4.1 locally. I took the Standard Edition that comes from the default install and edited it from Free to Paid. Then I changed it back to Free and click Save. It says it saved successfully but it doesn't actually. If you click Edit edition again it still has Paid selected and the monthly and yearly pricing. If you go to the login page and click New Tenant it comes up as a Paid option with the Buy button rather than the Start button.
That is not my question. I already followed this post to get the 3 level menus -https://forum.aspnetboilerplate.com/viewtopic.php?f=5&t=745&p=9800&hilit=three+level+menu#p9800
What I need to do is manage the sorting of the Permissions. So when you click on Users/Permissions the Modal Window pops up and shows all of the menu items with Check boxes for Permissions set. By default all menu items are sorted Alpha but I need to set my own custom order.
The default is
Admin Home Page Audit Log Languages
How would I change the display order to
Languages Audit Log Admin Home Page
Here are my files. I am running my app in a separate Area - \Areas\Incidents\
AppPermissions.cs
public const string Pages_Configuration = "Pages.Configuration";
//PersonNotified Menu
public const string Pages_PersonNotified = "Pages.PersonNotified";
public const string Pages_PersonNotified_Index = "Pages.PersonNotified.Index";
public const string Pages_PersonNotified_Create = "Pages.PersonNotified.Create";
public const string Pages_PersonNotified_Delete = "Pages.PersonNotified.Delete";
public const string Pages_PersonNotified_Details = "Pages.PersonNotified.Details";
public const string Pages_PersonNotified_Edit = "Pages.PersonNotified.Edit";
AppAuthorizationProvider.cs
//Configuration var configuration = pages.CreateChildPermission(AppPermissions.Pages_Configuration, L("Configuration"));
//PersonNotified
var personnotified = pages.CreateChildPermission(AppPermissions.Pages_PersonNotified, L("PersonNotified"));
personnotified.CreateChildPermission(AppPermissions.Pages_PersonNotified_Index, L("IndexPersonNotified"));
personnotified.CreateChildPermission(AppPermissions.Pages_PersonNotified_Create, L("CreatePersonNotified"));
personnotified.CreateChildPermission(AppPermissions.Pages_PersonNotified_Delete, L("DeletePersonNotified"));
personnotified.CreateChildPermission(AppPermissions.Pages_PersonNotified_Details, L("DetailsPersonNotified"));
personnotified.CreateChildPermission(AppPermissions.Pages_PersonNotified_Edit, L("EditPersonNotified"));
OE_Tenant.xml
<text name="Configuration" value="Configuration" /> <text name="PersonNotified" value="Person Notified" />
<text name="IndexPersonNotified" value="List" />
<text name="CreatePersonNotified" value="Add" />
<text name="DeletePersonNotified" value="Delete" />
<text name="DetailsPersonNotified" value="Details" />
<text name="EditPersonNotified" value="Edit" />
PageNames.cs
public const string Configuration = "Configuration"; public const string PersonNotified = "Configuration.PersonNotified";
IncidentNavigationProvider - used as in a separate Area from Mpa called Incidents
//CONFIGURATION .AddItem(new MenuItemDefinition( PageNames.App.Incidents.Configuration, L("Configuration"), icon: "fa fa-flag", requiredPermissionName: AppPermissions.Pages_Configuration )
//Person Notified
.AddItem(new MenuItemDefinition(
PageNames.App.Incidents.PersonNotified, L("PersonNotified"),
icon: "fa fa-sitemap",
requiredPermissionName: AppPermissions.Pages_PersonNotified
)
.AddItem(new MenuItemDefinition(
PageNames.App.Incidents.PersonNotified, L("IndexPersonNotified"),
url: "Incidents/PersonNotified/Index",
icon: "fa fa-list",
requiredPermissionName: AppPermissions.Pages_PersonNotified_Index))
.AddItem(new MenuItemDefinition(
PageNames.App.Incidents.PersonNotified, L("CreatePersonNotified"),
url: "Incidents/PersonNotified/Create",
icon: "fa fa-plus-square-o",
requiredPermissionName: AppPermissions.Pages_PersonNotified_Create))
)
Using NetZero 3.0 MVC Jquery version. I have my applications Role Permissions set up and working properly. When you go into the Permissions Modal all of the Permissions are sorted alphabetically by the 'highest parent.'
Is it possible to do more than 2 levels of nesting? I want to have a "dummy" permission called Configuration that holds the Permission for other Views. I have Configuration showing up but I can't get the proper 'children' underneath it because of the default alpha sort. Below is what I want to do with my dummy Configuration permission and the second and third levels I am trying to use. Below that is an example of the normal two-level permission
[ ]Configuration - Level 1 [ ] Notification - Level 2 [ ] Create Notification - Level 3 [ ] Edit Notification - Level 3 [ ] Person Notified - Level 2 [ ] Create Person - Level 3 [ ] Edit Person - Level 3 [ ]Department - Level 1 [ ] Create Department - Level 2 [ ] Edit Department - Level 2
This was an email verification for a host account, so most probably it doesn't contain a tenant id.
Here is the link: <a class="postlink" href="http://localhost:6240/Account/EmailConfirmation?userId=UOLEwSlB48CbDaGRVjAsWA%3D%3D&">http://localhost:6240/Account/EmailConf ... sWA%3D%3D&</a>**tenantId=&**confirmationCode=334064c4ba6c40759eb95e6d463f2c57
Looking at the tenantid query string param, it is empty. How can we fix this?
Here are the version of packages we are using:
<package id="Abp" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.AutoMapper" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Castle.Log4Net" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.EntityFramework" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.EntityFramework.Common" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.HangFire" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Owin" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.RedisCache" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web.Api" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web.Common" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web.Mvc" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web.Resources" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Web.SignalR" version="1.2.1.0" targetFramework="net461" />
<package id="Abp.Zero" version="1.2.0.0" targetFramework="net461" />
<package id="Abp.Zero.EntityFramework" version="1.2.0.0" targetFramework="net461" />
<package id="Abp.Zero.Ldap" version="1.2.0.0" targetFramework="net461" />
<package id="Abp.Zero.Owin" version="1.2.0.0" targetFramework="net461" />