Hello,
no, we use VS 2019.
I sent you an email with related info.
Ok I think I understand. Thanks for these explainations ; it was really confusing because of the code with AbpAutoValidateAntiforgeryTokenAttribute in startup.cs and the boilerplate documentation.
Sorry, but :
Thanks for your response,
ok I got what you say, no problem.
But I still wonder why, in this case, the AspnetZero template adds the AbpAutoValidateAntiforgeryTokenAttribute in startup.cs ? https://aspnetboilerplate.com/Pages/Documents/XSRF-CSRF-Protection#integration-2
In ASP.NET Zero Angular applications, cookie is not being used
I do see a cookie for the application (and I have the "cookie consent" widget)
Hello,
so why is there the code to configure AbpAutoValidateAntiforgeryTokenAttribute in startup.cs ? And, why in the doc : https://docs.abp.io/en/abp/3.3/CSRF-Anti-Forgery there is a chapter about Angular, stating that "Since ABP Framework follows the ASP.NET Core conventions, it changes this value to RequestVerificationToken in the core package" ? I don't understand.
CORS is a different thing ; if an attacker forges a link to, say, "myapp/grant-permission-touser?userid=xxx", then send that by email, CORS are totally off topic there.
Hello,
(I'm a customer as you are, but I already faced this kind of issue :)
Are you 100% sure the code does enter your method ? The 500 error may be related to something else, like invalid EntityDto<> parameter. Can you post the error log (in the "App_Data\Logs\logs.txt" file) ?
Ok, thanks for answer.
I'll implement it in our application ; maybe I'll add a warning modal to address the point about related data.
Hello,
of course I noticed it can be disabled, but what about deleting it ? all other entities can be deleted (ok, soft-deleted actually, but you understand what I mean). I think if the user is able to create a new entity, he should be able to remove it also.
So I wonder if there would be a side-effect I should be aware of, if I implement the delete functionality myself ; in other terms, why did'nt you implement it ? Is there a particular reason ?
Ok,
So I managed to get it work by adding a claim mapping between preferred_username (sent by microsoftonline) and unique_name (needed by aspnetzero).
So it works, thanks.
Hello, I still need help.
I tried also with Microsoft OpenIdConnect implementation. The aspnetzero "Microsoft" Extenral Login does work. With the same microsoft application, access via OIDC does not work from our application. The returned payload does include name & email claims, I can see it when I decrypt the token. The error is the same than for google : "Sequence contains no matching element", meaning another claim is missing, I suppose.
==> can you please provide us with the right, full, precise list of claims needed for aspnetzero OIDC client to work ? ==> can you improve the documentation ? You can notice than I'm not the only one to face these problems.
I think that Google, Microsoft, Github etc. are not very "exotic" servers, it should work without having to dig into internet 10's of hours, asking support etc.
