Hi, Could you suggest how to implement field level permissions using ASP.NET Boilerplate framework?
For example: I have entity Customer with fields Name, Address, Email. Some users should have permissions to read/modify Email field values.
I know how to check current user permission and how to show/hide appropriated fields on view. But what about service endpoint methods?
It would be great to have one place to specify these permissions, may be by attributes on entity's fields:
[ReadPermission("Customer.Email.Read")]
[ModifyPermission("Customer.Email.Write")]
public string Email {get; set; }
Then I need to have methods to control read/update permissions on field level:
string[] fields = Customer.Metadata.GetReadFields(User.Permissions);
_customerRepository.GetAllIncluding("Name", "Address");
var customer = customerInput.MapTo<Customer>("Name", "Address");
Thanks in advance!
Hi!
We have tried to integrate OData for project with 'ASP.NET Core & Angular 2+' template like described in the documentation: <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/OData-Integration">https://aspnetboilerplate.com/Pages/Doc ... ntegration</a>
When We added reference to Abp.Web.Api.OData package and specified depended module AbpWebApiODataModule to WebCoreModule (or WebHostModule) we have received exception on application startup:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseAbp(); <=EXCEPTION!
...
}
Message: System.NullReferenceException: 'Object reference not set to an instance of an object.' Source: mscorlib StackTrace: at System.Security.Permissions.FileIOPermission.CheckIllegalCharacters(String[] str, Boolean onlyCheckExtras)
It is posible to integrate OData with ASP.NET Core? What we are doing wrong?
Thanks
Hi,
I have simple data entity and appropriated dto entity
[Table("Packages", Schema = "Test")]
public class Package : FullAuditedEntity, IMustHaveTenant
{
public int TenantId { get; set; }
[Required]
[MaxLength(50)]
public string Name { get; set; }
}
[AutoMapFrom(typeof(Package))]
public class PackageDto : FullAuditedEntityDto
{
public int TenantId { get; set; }
public string Name { get; set; }
}
I have public (without authorization attribute) service:
public class PackageAppService : AppServiceBase, IPackageAppService
{
private readonly IRepository<Package> _packageRepository;
public PackageAppService(IRepository<Package> packageRepository)
{
_packageRepository = packageRepository;
}
public ListResultDto<PackageDto> GetAll()
{
var packages = _packageRepository.GetAll();
return new ListResultDto<PackageDto>(ObjectMapper.Map<List<PackageDto>>(packages));
}
}
When I call service method GetAll from host ( or public) context I receive list of all packages not filtered by tenantid null. When I use interface IMayHaveTenant instead of IMustHaveTenant all work correct. It's a bug?
Thanks.
Hi!
We have updated our project template to latest (ASP.NET Core & Angular v4.1.3), but have some problem with running unit tests.
We have found related issue #288 and fix
<a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/issues/288">https://github.com/aspnetzero/aspnet-ze ... issues/288</a> <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/commit/3eecf4758b79f020fb6950b4772b4b1efa6262ef">https://github.com/aspnetzero/aspnet-ze ... 1efa6262ef</a>
but it not fully resolve our issue. Now We receive another exception:
Message: System.NotSupportedException : SQLite does not support schemas. For more information, see <a class="postlink" href="http://go.microsoft.com/fwlink/?LinkId=723262">http://go.microsoft.com/fwlink/?LinkId=723262</a>
Yes, We have db tables/entities with not default schema dbo.
Any ideas how to fix this?
Thanks
What about using LocalDb for auto-tests? Or update DBContext to move schema part to table prefix (if not dbo) when running tests?
Hello.
I am using ASP.NET Zero (ASP net core & angular, full .net framework targeting, azure separate back and front end hosting).
I need to implement OAuth Authorization code flow for zapier - <a class="postlink" href="https://zapier.com/developer/documentation/v2/oauth-v2/">https://zapier.com/developer/documentation/v2/oauth-v2/</a>. While I was doing some investigation I found that ASP.Net Zero framework has already implemented Resource owner password flow.
As I understood I need to implement following components(to implement OAuth Authorization code flow for zapier) :
What can you recommend for easiest OAuth Authorization code with user credentials implementation? Maybe you can provide some example or tell what components are already implemented?
Hello.
I have downloaded:
For back-end - I opened solution(.\aspnet-core\Sperse.Platform.Web.sln) under VisualStudio 15.4.4 and changed in appsettings.json IdentityServer IsEnabled --> "true" than ran migrator and than started project Sperse.Platform.Web.Host under IIS Express.
For front-end - I restored packages via yarn and run npm start - after successful webpack compilation I opened a browser and went to localhost:4200 and after that I received an exception on back-end:
System.InvalidOperationException
Message:
You must either set Authority or IntrospectionEndpoint
StackTrace:
at Microsoft.AspNetCore.Builder.OAuth2IntrospectionOptions.Validate()
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.PostConfigure(String name, OAuth2IntrospectionOptions options)
at Microsoft.Extensions.Options.OptionsFactory1.Create(String name) at Microsoft.Extensions.Options.OptionsMonitor1.<>c__DisplayClass10_0.<Get>b__0()
at System.Lazy`1.CreateValue()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
Here is HTTP Raw Request data:
GET http://localhost:22742/AbpUserConfiguration/GetAll HTTP/1.1 Host: localhost:22742 Connection: keep-alive Pragma: no-cache Origin: http://localhost:4200 Abp.TenantId: null Authorization: Bearer null Content-Type: application/json Accept: application/json, text/javascript, /; q=0.01 Cache-Control: no-cache X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 .AspNetCore.Culture: c=null|uic=null Expires: Sat, 01 Jan 2000 00:00:00 GMT Referer: http://localhost:4200/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
HTTP/1.1 500 Internal Server Error Server: Kestrel X-SourceFiles: =?UTF-8?B?RDpcc291cmNlc1xBc3AuTmV0IFplcm9cQXNwLk5ldCBDb3JlICYgQW5ndWxhclw1LjAuNFxORVQgRnJhbWV3b3JrIDQuNi4xXFBsYXRmb3JtMlxQbGF0Zm9ybVxhc3BuZXQtY29yZVxzcmNcU3BlcnNlLlBsYXRmb3JtLldlYi5Ib3N0XEFicFVzZXJDb25maWd1cmF0aW9uXEdldEFsbA==?= X-Powered-By: ASP.NET Date: Mon, 18 Dec 2017 16:25:34 GMT Content-Length: 0
The problem in UI part:
.\angular\src\AppPreBootstrap.ts
private static getUserConfiguration(callback: () => void): JQueryPromise<any> { const cookieLangValue = abp.utils.getCookieValue('Abp.Localization.CultureName'); return abp.ajax({ url: AppConsts.remoteServiceBaseUrl + '/AbpUserConfiguration/GetAll', method: 'GET', headers: { Authorization: 'Bearer ' + abp.auth.getToken(), <---------------Without null Bearer it works---------------------------------------------------- '.AspNetCore.Culture': ('c=' + cookieLangValue + '|uic=' + cookieLangValue), 'Abp.TenantId': abp.multiTenancy.getTenantIdCookie() } }).done(result => { $.extend(true, abp, result);
HTTP raw request data:
GET <a class="postlink" href="http://localhost:22742/AbpUserConfiguration/GetAll">http://localhost:22742/AbpUserConfiguration/GetAll</a> HTTP/1.1 Host: localhost:22742 Connection: keep-alive Pragma: no-cache Origin: <a class="postlink" href="http://localhost:4200">http://localhost:4200</a> Abp.TenantId: null User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type: application/json Accept: application/json, text/javascript, /; q=0.01 Cache-Control: no-cache X-Requested-With: XMLHttpRequest .AspNetCore.Culture: c=null|uic=null Expires: Sat, 01 Jan 2000 00:00:00 GMT Referer: <a class="postlink" href="http://localhost:4200/account/login">http://localhost:4200/account/login</a> Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Server: Kestrel Access-Control-Allow-Origin: * X-SourceFiles: =?UTF-8?B?RDpcc291cmNlc1xBc3AuTmV0IFplcm9cQXNwLk5ldCBDb3JlICYgQW5ndWxhclw1LjAuNFxORVQgRnJhbWV3b3JrIDQuNi4xXFBsYXRmb3JtMlxQbGF0Zm9ybVxhc3BuZXQtY29yZVxzcmNcU3BlcnNlLlBsYXRmb3JtLldlYi5Ib3N0XEFicFVzZXJDb25maWd1cmF0aW9uXEdldEFsbA==?= X-Powered-By: ASP.NET Date: Mon, 18 Dec 2017 16:43:43 GMT
e3e {"result":{"multiTenancy":{"isEnabled":true,"sides":{"host":2,"tenant":1}},"session":{"userId":null,"tenantId":null,"impersonatorUserId":null,"impersonatorTenantId":null,"multiTenancySide":2},"localization":{"currentCulture":{"name":"en","displayName":"English"},"languages":[{"name":"de","displayName":"Deutsch","icon":"famfamfam-flags de","isDefault":false,"isDisabled":false,"isRightToLeft":false},{"name":"en","displayName":"English","icon":"famfamfam-flags gb","isDefault":true,"isDisabled":false,"isRightToLeft":false},{"name":"es-MX","displayName":"Español (México)","icon":"famfamfam-flags mx","isDefault":false,"isDisabled":false,"isRightToLeft":false},{"name":"es","displayName":"Español (Spanish)","icon":"famfamfam-flags es","isDefault":false,"isDisabled":false,"isRightToLeft":false},{"name":"fr","displayName":"Français","icon":"famfamfam-flags fr","isDefault":false,"isDisabled":false,"isRightToLeft":false},{"name":"it","displayName":"Italiano","icon":"famfamfam-flags it","isDefault":false,"isDisabled":false,"isRightToLeft":false},{"name":"pt-BR","displayName":"Português (Brasil)","icon":"famfamfam-flags ................ ................ ...............
Hi. I got null token before login.
As I understand, is this behaviour(asp.net zero angular UI sends Authorization: Bearer null in a request to API) is a bug?