Windows Defender
When downloading v6.3.1 from the ASPNETZERO site, Windows reports AspNetZeroRadTool.dll is affected by the Win32/Cloxer.D!cl trojan. I have re-downloaded v6.2.1 and no issues are reported.
Has anyone else had this issue?
Hi,
If nobody in the community is able to assist with the query, I would like to know what environment the developers are using when working with the ASP.NET ZERO repo?
Thanks in advance.
Hi,
I am curious to know what IDE and setup people are using for ASPNETZERO running with .NET CORE and jQuery. We are running VS 2017 Enterprise with Resharper with the application hosted in IIS. My PC is in i7 with 32GB and an SSD.
The development experience is VERY slow and laggy. Also, the solution takes roughly 1 minute to build and usually fails due to VS not being able to access the application pool. I then have to restart the application pool and build again.
Now, I am not suggesting that this is the fault of ASPNETZERO, but I am curious as to what over devs are using, whether they have had speed issues with the solution and what tricks they have used to increase the responsiveness and speed of the writing and debugging code.
Thanks in advance.
I am experiencing this issue when I publish the site to production running under IIS.
Steps taken:
Result:
{"result":null,"targetUrl":null,"success":false,"error":{"code":0,"message":"Login failed!","details":"Invalid user name or password","validationErrors":null},"unAuthorizedRequest":false,"__abp":true}
I assume that you are not supposed to run the yarn job after publish as that doesn't make sense to me.
It looks as though this build is broken.
The following tests are failing when run locally and on Bitbucket Pipelines:
Should_Link_User_To_Already_Linked_User Should_Link_User_To_Default_Tenant_Admin Should_Link_User_To_Host_Admin
This is on an unmodified version of ASP.NET ZERO.
Thank you , however this is not a exactly duplicate issue.
The issue you have referenced does not address the questions of why the .NET Core version comes bundled with a different version of the Metronic theme than the MVC 5 vesion, when will Metronic 5 be added to the MVC 5 version and when will the stable version of Metronic v5 (without the CSS bug during install) be added to the Zero download page.
Additionally, this post <a class="postlink" href="https://keenthemes.com/forums/topic/problem-running-gulp/">https://keenthemes.com/forums/topic/pro ... ning-gulp/</a> suggests there is a problem with v5.1.
We are running ASP.NET Zero v5.3.0, MVC 5 / JQuery which seems to come with Metronic v4.x. We would like like to upgrade to Metronic v5.1 so we downloaded the zip from the ASP.NET Zero download page. However, the contents of this zip seem to share no resemblance to the existing structure of the Metronic folder in the root of the web application. The documentation on the Metronic site also does not seem to match what is in the zip.
Hi,
We have had a penetration test run against our ASP Zero installation and a security vulnerability has been highlighted. This medium level vulnerability relates to certain ABP Settings being visible through javascript prior to logging in to the application. The settings of concern are:
Abp.Zero.UserManagement.IsEmailConfirmationRequiredForLogin:"false"
Abp.Zero.UserManagement.TwoFactorLogin.IsEmailProviderEnabled:"true"
Abp.Zero.UserManagement.TwoFactorLogin.IsEnabled:"false"
Abp.Zero.UserManagement.TwoFactorLogin.IsRememberBrowserEnabled:"true"
Abp.Zero.UserManagement.TwoFactorLogin.IsSmsProviderEnabled:"true"
Abp.Zero.UserManagement.UserLockOut.DefaultAccountLockoutSeconds:"300"
Abp.Zero.UserManagement.UserLockOut.IsEnabled:"true"
Abp.Zero.UserManagement.UserLockOut.MaxFailedAccessAttemptsBeforeLockout:"5"
They are of concern as they relate to security and could potentially be used by a attacker to better craft their attack strategy.
Are we able to alter the settings scope (IsVisibleToClients = false) or will this break the login process? If we are unable to change this scope then how would you advise us to modify the login process so that these settings are not required on the client side prior to authentication.
Thanks,
Sean Duffy