.net core MVC 9.x
I have the following code with my ZeroDbContext:
`
protected virtual long[] GetCurrentUserOrganizationUnitIds()
{
var userOuClaim = PrincipalAccessor.Principal?.Claims.FirstOrDefault(c => c.Type == ClaimsConstants.OrganizationUnitClaimKey);
if (string.IsNullOrEmpty(userOuClaim?.Value))
{
return Array.Empty<long>();
}
return userOuClaim.Value.Split(',', StringSplitOptions.RemoveEmptyEntries)
.Select(long.Parse)
.ToArray();
}
protected override Expression<Func<TEntity, bool>> CreateFilterExpression<TEntity>()
{
var expression = base.CreateFilterExpression<TEntity>();
if (typeof(OrganizationUnit).IsAssignableFrom(typeof(TEntity)))
{
if (IsOrganizationUnitFilterEnabled)
{
Expression<Func<TEntity, bool>> organizationUnitFilter = e => CurrentOUId.Contains(((IEntity<long>) e).Id);
expression = expression == null ? organizationUnitFilter : CombineExpressions(expression, organizationUnitFilter);
}
}
return expression;
}
`
The problem I have is that PrincipalAccessor.Principal?.Claims.FirstOrDefault(c => c.Type == ClaimsConstants.OrganizationUnitClaimKey); always returns null.
My working assumption is that filters are created only once when the context is first instantiated and there is no Principal at that time.
I believe other values used within the ZeroDbContext such as CurrentTenantId are provided to the context from the AbpSession.
Question How can I add an EF filter that is based on data that is within the PrincipalAccessor.Principal at the time the query is executed?
.net core MVC 9.x
I am looking for some assistance with a problem I have with creating a new claim on a ClaimPrincipal. As a quick background to what I am doing, we are enhancing the organization unit (OU) functionality in such a way that a user can only access OUs that they belong to. I have followed this guide: https://aspnetboilerplate.com/Pages/Documents/Articles\How-To\add-custom-data-filter-ef-core
However the guide assumes that a User HAS an OU, not is IN one or many OUs.
It is no problem to modifying the the UserClaimsPrincipalFactory::CreateAsync method to add a claim to describe the ID's of the OUs, but the problem I am having is ensuring the the User record that is passed in has the OrganizationUnits collection hydrated. If the user is not hydrated, I cannot add the claim.
I can of course load the OU's for that current user each time the CreateAsync method is called, but it seems unnecessary making an extra request to the database.
I would prefer to intercept the Repository in the UserStore and add an 'include' somewhere central.
The only way I have been able to do this is to override all the 'Find' methods in the UserStore and add in the include statement. This seems really rubbish.
Does anyone have any suggestions?
I notice that aspnetzero v10 rc-1 is build on .net 5. This raises a couple of questions:
If I understand correctly from Microsoft, full consilidation of the .net frameworks is not due until the end of next year with .net 5.
Version: 6.7, dotnet core, MVC and jQuery, multi-tenant.
I have been tasked with setting up Google and Microsoft sign-in providers with our instance of ASPNETZERO. The set up of the Google sign-in was almost trivial and we had it running in probably less than an hour. However, I have spent at 9 hours+ trying to get OpenID working with no success.
I set up the OpenID client ID in our Azuze Portal and I used the test solution found here : https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/archive/aspnetcore2-2.zip
I ran the test solution locally and everything worked ok.
But I am unable to get this working with ASPNETZERO.
I have tried numerous combination of settings, tenantID, return urls etc and the most I can get is an error coming back from the MS login that says:
https://login.live.com/err.srf?lc=2057#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+a+URI+which+matches+a+redirect+URI+registered+for+this+client+application.
"The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application."
I would really appreciate if anyone else could share their experiences with logging into ASPZNETZERO with a Microsoft account.
Thank you in advance.
I have upgraded to Zero v6.5 MVC. I have upgraded the ASP CORE SDK and Web hosting bundle to v2.2.1.
However when I host the web project from within Visual Studio in IIS Express, the following error occurs:
HTTP Error 500.21 - Internal Server Error Handler "aspNetCore" has a bad module "AspNetCoreModuleV2" in its module list
From within the web.config for the MVC project if I change the aspNetCore module to AspNetCoreModule rather than AspNetCoreModuleV2 then I am able to debug. However I am concerned this is a work around and not a fix.
Has anyone else experienced this issue?
When downloading v6.3.1 from the ASPNETZERO site, Windows reports AspNetZeroRadTool.dll is affected by the Win32/Cloxer.D!cl trojan. I have re-downloaded v6.2.1 and no issues are reported.
Has anyone else had this issue?
Hi,
I am curious to know what IDE and setup people are using for ASPNETZERO running with .NET CORE and jQuery. We are running VS 2017 Enterprise with Resharper with the application hosted in IIS. My PC is in i7 with 32GB and an SSD.
The development experience is VERY slow and laggy. Also, the solution takes roughly 1 minute to build and usually fails due to VS not being able to access the application pool. I then have to restart the application pool and build again.
Now, I am not suggesting that this is the fault of ASPNETZERO, but I am curious as to what over devs are using, whether they have had speed issues with the solution and what tricks they have used to increase the responsiveness and speed of the writing and debugging code.
Thanks in advance.
It looks as though this build is broken.
The following tests are failing when run locally and on Bitbucket Pipelines:
Should_Link_User_To_Already_Linked_User Should_Link_User_To_Default_Tenant_Admin Should_Link_User_To_Host_Admin
This is on an unmodified version of ASP.NET ZERO.
We are running ASP.NET Zero v5.3.0, MVC 5 / JQuery which seems to come with Metronic v4.x. We would like like to upgrade to Metronic v5.1 so we downloaded the zip from the ASP.NET Zero download page. However, the contents of this zip seem to share no resemblance to the existing structure of the Metronic folder in the root of the web application. The documentation on the Metronic site also does not seem to match what is in the zip.
Hi,
We have had a penetration test run against our ASP Zero installation and a security vulnerability has been highlighted. This medium level vulnerability relates to certain ABP Settings being visible through javascript prior to logging in to the application. The settings of concern are:
Abp.Zero.UserManagement.IsEmailConfirmationRequiredForLogin:"false"
Abp.Zero.UserManagement.TwoFactorLogin.IsEmailProviderEnabled:"true"
Abp.Zero.UserManagement.TwoFactorLogin.IsEnabled:"false"
Abp.Zero.UserManagement.TwoFactorLogin.IsRememberBrowserEnabled:"true"
Abp.Zero.UserManagement.TwoFactorLogin.IsSmsProviderEnabled:"true"
Abp.Zero.UserManagement.UserLockOut.DefaultAccountLockoutSeconds:"300"
Abp.Zero.UserManagement.UserLockOut.IsEnabled:"true"
Abp.Zero.UserManagement.UserLockOut.MaxFailedAccessAttemptsBeforeLockout:"5"
They are of concern as they relate to security and could potentially be used by a attacker to better craft their attack strategy.
Are we able to alter the settings scope (IsVisibleToClients = false) or will this break the login process? If we are unable to change this scope then how would you advise us to modify the login process so that these settings are not required on the client side prior to authentication.
Thanks,
Sean Duffy