Hi @blewis,
I am pretty stuck on this. I have no idea if you are receiving this notification, but if so I would be extremely grateful for some help.
Many thanks Phil
Hi @blewis,
I am currently about to embark on a similar task using Sustainsys.Saml2 (formerly Kentor).
Any code you can share would be very gratefully received.
Many thanks Phil
Hi,
I am currently running aspnet zero on MVC/jquery.
I am getting publishing warnings when pre-compiling cshtml files and would like to set the http runtime target framework to v4.6.1 in web.config. Could you please let me know the reason why the runtime framework is currently set at v4.5.1 whereas the compilation framework is set to v4.6.1?
Many thanks
HI,
Unfortunately, the bug is intermitent, and I have been unable to reproduce it at will. I have improved logging in this area, so will have more to go on if and when it happens again.
Please could I request that we keep this ticket open for the time being so that I can get back to you if I have any more information.
Many thanks.
Hi,
Yes, I am obviously aware that this is the purpose of Linked Users and Impersonation.
The problem we had is that the system displayed tenancy/user information in the header label that was not related to the tenancy/user that was linke to/impersonated. Although, the data displayed was for the correct tenancy.
Also worth mentioning, the correct user/tenancy label was displayed after a page refresh.
I have added some additional logging here to help diagnose the problem. So far, it has happened twice.
Regards
Hi,
Having been successfully hosting our Aspnet Zero based system for several years, we have just encountered a security problem.
A user logged on to a recently created tenancy only to find that the tenancy/user label in the top right corner was referring to a different user on tenancy to which he had no connection.
The menu items he reported seeing were consistent with the permissions of the user labelled in the top right corner, but the data he was seeing was correct for the tenancy to which he logged on.
Please note the following:
This is of great concern to us, and am hoping you would be able to shed some light on this.
Many thanks.
Additional information: I have just been informed by my client that the login mentioned above was done via the Linked User functionality. It has also happened once more, this time via an impersonation login
Hi,
The discussion in the linked issue referres to Aspnet Core. I am using Aspnet MVC. Is there any guidance for this, or can the solution discussed be tailored for MVC?
Regards
Hi,
I am using Aspnet Zero MVC/jQuery.
Please could you give me some guidance as to how I can apply versioning to my dynamic web api.
Many thanks
Hi,
I am able to add a permission to a user using method UserManager.GrantPermissionAsync
However, I cannot see a way to remove a permission from a user. Can you advise please?
Regards
Thank you. That worked.