Yes, we are ok now.
We were able to get it working with a few tweaks. The missing part was that we needed to enable "withCredentials". Both in nswag and also in the XmlHttpRequestHelper.
The above fixed the login issues but we also had to manually set abp.auth.isHttpOnlyCookieEnabled to true in abp.js for the rest of the site to work correctly once the user is logged in. Neither the blog post nor the demo project have this set to true so we aren't sure if this setting should be getting read from the c# side automatically. If it was supposed to be read automatically then it was not happening when we were trying it. Can you let us know if this should be getting updated based on the setting on the c# side.
Hi,
We followed the steps with the AngularHttpOnlyCookieDemo project but it's not letting us login. We see in the console that there is an error relating to the AbpAutoValidateAntiforgeryTokenAuthorizationFilter.
Would it be possible to get on a call where we could share our screen? I believe we could solve this rather quickly doing that.
Hi,
We checked and the middleware is configured correctly. The issue is that the header is not being sent in by the angular side.
Could you explain how you got the api and angular side to work under the same port in localhost for AngularHttpOnlyCookieDemo so that we can see the login process working correctly locally. Perhaps that would give us some clues about what is different in our setup.
Hi,
We are trying this on our development server. We tried setting the domain as well. We set it to ".ourdomain.com" on the c# side when creating the cookies and we can see that the cookies have the correct domain on the browser side in the /authenticate response, but the issue persists in follow up calls where the auth header is not being sent.
~~I see that cookies are also set on the angular side in the abp.js file but I don't see a way to set the domain in there. I'm referring to the abp.utils.setCookieValue lines. Do you know how you would go about setting the domain there? We could try that.~~ On second look we do see a way to set the domain property in the abp.js file. We tried this but it did not make a difference.
As for running it locally to see it working; we aren't sure how you're managing to run both the api and the angular project in the same port. If you could explain how to configure that we can try it to rule that out.
Hi,
We downloaded the sample project on github. We enabled IsHttpOnlyCookieEnabled and tried running it but we are still seeing the same issue where the user logs in successfully but then ends up back on the login page. This was with the AngularHttpOnlyCookieDemo sample project.
The login process is working correctly. We can see the cookies being set.
But then in the follow up http calls there is no auth token being attached to the header of the requests. If we try with IsHttpOnlyCookieEnabled set to false then we see that the follow up calls do have the additional header value so we suspect this is the issue.
In your example I'm seeing that you're running everything under localhost but in our case the api and angular project are in the same domain, but different sub domains. For example api.domain.com and angular.domain.com. Could you confirm that this scenario works for you?
Hi. We have tried this but it did not work for us. Just to confirm are you running in single tenancy mode?
The theme/session issue mentioned is something we are seeing happening if we set IsHttpOnlyCookieEnabled to false but that isn't the important issue at the moment since we want to use the httponly cookie.
When we set IsHttpOnlyCookieEnabled to true then we cannot proceed past the login screen. We can see that it authenticated successfully but the user is forwarded back to the login screen right after. Do you know why this could be happening?
They do locally, but we are more concerned about what happens when we deploy to the server. In that case the angular website is hosted at admin.ourdomain.com and the api is located at api.ourdomain.com.
Thank you. While you're looking into this do you know if there is a way for us to enable this feature by manually changing the configuration settings (not via the UI)?
Hi,
I took a look at the documentation which shows how to create the images, but what I am trying to do is run the project using VisualStudio inside of Docker. When you do this it uses the Dockerfile in the project which has a base using aspnet:8.0.
