Your Abp package version: .7.0.1 Your base framework: .Net Framework or .Net Core: .NET 6
When a user doesn't have the required permissions a AbpAuthorizationException is thrown and the user is being logged out. Is there a way to change this behavior? For example show an 'you don't have access to this page' screen rather than logging the user out?
My controller code:
[AbpMvcAuthorize(AppPermissions.Pages_CommunicationLog_Index)]
// GET: Incidents/CommunicationLogs
public ActionResult Index()
{
return View();
}
User is logged out if he doesn't have the Pages_CommunicationLog_Index permission and tries to visit the page.
WARN 2022-08-17 09:31:04,689 [orker] Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Required permissions are not granted. At least one of these permissions must be granted: Index
at Abp.Authorization.PermissionCheckerExtensions.AuthorizeAsync(IPermissionChecker permissionChecker, Boolean requireAll, String[] permissionNames)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
I am using 11.01 MVC .NET Core 6 but this recommendation applies to all versions.
Some UI elements that are short can be handled very effectively in a modal, for example creating a new User. Other things like Permissions can easily move into hundreds of rows of checboxes in a complex app. Out of the box ANZ has 50+ Permissions defined. I have another 450. This makes scrolling in a modal quite cumbersome and the user can never get a holistic picture of what Permissions exist. I know that there are instructions for how to turn modals into pages. I am suggesting that Volosoft adds a built-in configuration toggle in the Appearance settings to allow developers to select Modal or Page for all of 'out-of-the-box' modals.
Ver. 11.0 MVC .Net Core
I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?
11.0 MVC .net core
For importing Users with the Excel Template, there are only these fields listed: UserName* Name* Surname* EmailAddress* PhoneNumber Password* AssignedRoleNames (comma seperated)
A client has asked if things like Require Password Reset can be included. Currently after the import, this has to be done on each individual user record. Are there other fields which can be added to the Excel Template to bulk populate the AbpUser table?
We are using ASP.NET Zero v11 and we're running into an issue where the CreatorUserId is not being filled in.
The application doesn't use the service classes for its custom work. The entities inherit from FullAuditedEntity which includes CreatorUserId. In our code, we create such an entity using a mapping from a view model. In the below code, Statement is an entity that inherits from FullAuditedEntity. IStatementRepository gets injected. private readonly IStatementRepository _repoStatement;
var theEntity = _objectMapper.Map(model);
theEntity.Statement = model.Statement.CleanHtml();
await _repoStatement.InsertAsync(witnessStatementEntity);
The repo:
public interface IStatementRepository : IRepository<Statement, Guid>
{
}
<br>
public classStatementRepository : OE_TenantRepositoryBase<Statement, Guid>, IStatementRepository
{
public StatementRepository(IDbContextProvider<OE_TenantDbContext> dbContextProvider) : base(dbContextProvider)
{
}
}
<br/> In an old(er) version of the codebase, so based on an older version of ASP.NET Zero, without setting the value for the CreatorUserId, this seemed to work fine and so the framework set this value automatically. However, in the current version, this seems not to be the case anymore.
We can set the value manually before calling the insert on the repo but if the entity inherits from FullAuditedEntity, shouldn't this value be set automatically by the framework? If so (which it's not doing right now), can this be enabled somehow?
Using ASPNETZERO 11.0 .NET Core/Mvc
I need to integrate .resx files for localization in addition to the built-in xml localization files. My MVC app has over 100 entities with CRUD pages so managing multiple languages with single XML files is not practical. We have added a Blazor Mobile app to the solution and in that have implemented the ResXManager Visual Studio etension which automatically generates new resx files when a new language is added. I want to bring that approach over to the Mvc version. The .resx files will be stored in a /Resources folder using the path and filename of the View.
I have tried adding resx statements to Startup.cs. It builds but only displays the information inside the @Localizer["Term1"] and does not find the matching resx value.
Has anyone gotten .resx files to work? If so, I would appreciate seeing how you set it up in Startup.cs
Thanks
I am unable to install 11.0.0 rc-1. When trying to run Update-Database in the Package Manager Console I get an error:
An error occurred while accessing the Microsoft.Extensions.Hosting services. Continuing without the application service provider. Error: The configuration file 'secrets.json' was not found and is not optional. The expected physical path was 'D:\Data\Business\Git Repos\OE_Tenant_11_rc1\OE_Tenant\src\OE_Tenant.Web.Mvc\secrets.json'.
There is no such file in the downloaded Zip file and the installation instructions have not been updated to provide any guidance on how to install 11.0.0 rc-1 or what the secrets.json file does or how it is created
I see that 11.0.0 rc-1 is now available but the other dropdown for the .NET version only lists .NET 5.
Is 11.0.0 rc-1 for ASP.NET Core MVC & Jquery a .NET 6.0 solution?
10.3 MVC .net Core
Testing out the latest version to work out upgrading from 8.5. I am trying toi minimize the amoubnt of custom coding I need to do to make it easier to update future versions. One thing that is still set still hardcoded in the app is password length of 3 which is of course not an acceptable value. It would be really great if this essential security element could be set in appsettings rather than having to redo the code every time.
This is a multitenant application. I login as Host and then go to a Tenant and select a User to login as (User A). User A has a Role that allows for adding Users but not Roles. As User A role I can see all the Users in the User Grid. As User A I can click the Active button and select someone who is and Admin with higher levels of Permissions than I have and click Login as this User Admin B. Now I have full Admin permissions and see the Roles link which I did not have access to as User A. Then of course I can create new Roles and even extend User A's Permissions. In theory I should not be able to login as Admin B. Is that handled through the Login for Users permission? (the documentation doesn't explain what every checkbox does)
Rick