I have followed the guide on this page, https://aspnetzero.com/blog/http-only-cookies-in-asp.net-zero-angular-ui, to support secure httponly cookies but I'm running into issues and I suspect it's because we are not using multi tenancy.
When running the project on the server it will not go beyond the login page. There are no errors on the console or network. It will simply redirect us back to the login page after logging in.
The only difference I can see from before and after making the change is that when it's calling /AbpUserConfiguration/GetAll the response coming back is missing data compared to what we had before. In the past the session section would have the userId but now it comes back as null. The theme information coming back is also different. I think it's coming back with the default values.
If we try to run the project locally, with IsHttpOnlyCookieEnabled set to false in the appsettings.json, we also ran into problems. In this case we could login but it would always take us to /app route while loading an improper theme. We found that we could fix this particular issue by ignoring the part of the guide where it wants to change getUserConfiguration() to stop setting the requestHeaders when calling /AbpUserConfiguration/GetAll. Adding the header back in at least fixed the behaviour locally.
Any ideas on how to fix this? We need to fix this within the next week for security reasons so any help would be appreciated.
<br>
private static getUserConfiguration(callback: () => void): any {
let requestHeaders = AppPreBootstrap.getRequetHeadersWithDefaultValues();
if(!abp.auth.isHttpOnlyCookieEnabled){
const token = abp.auth.getToken();
if (token) {
requestHeaders['Authorization'] = 'Bearer ' + token;
}
}
return XmlHttpRequestHelper.ajax(
'GET',
AppConsts.remoteServiceBaseUrl + '/AbpUserConfiguration/GetAll',
requestHeaders, //the guide wants to set this line to null but it causes issues
null,
(response) => {
let result = response.result;
_merge(abp, result);
abp.clock.provider = this.getCurrentClockProvider(result.clock.provider);
AppPreBootstrap.configureLuxon();
abp.event.trigger('abp.dynamicScriptsInitialized');
AppConsts.recaptchaSiteKey = abp.setting.get('Recaptcha.SiteKey');
AppConsts.subscriptionExpireNootifyDayCount = parseInt(
abp.setting.get('App.TenantManagement.SubscriptionExpireNotifyDayCount')
);
DynamicResourcesHelper.loadResources(callback);
}
);
I see in the documentation, https://docs.aspnetzero.com/aspnet-core-angular/latest/Features-Angular-Host-Settings, that there is a built in feature to prevent users from being able to re-use passwords. However, I do not see this setting appear on our UI. We have multi tenancy disabled. Is that why? If so how can we enable this feature for single tenancy?
Hi,
I'm trying to run the "ASP.NET CORE & Angular" version of the project within Docker but it's failing because the project is running in .Net 8 but the DockerFile references .Net 7.
I was able to get further by manually updating the DockerFile to reference .Net 8 instead which will start the project, but then I had trouble accessing it. I believe the issue is because the project is starting on port 5000 now instead of 80/443 like before. The only way I could get access to it was if I used the Kestrel override and specified the ports manually. That works but doesn't seem like the intended way. Do you know how this should be configured going forward in .net 8?
Marco
You can't install the ASP.Net Zero Power Tools in VS 2022. Are there plans to update it so it works with VS 2022? Is there a work around I could use in the meantime to get them to install?
Hi,
We are trying to get asp.net zero to detect the tenant based on the url but we can't get this to work. We are using the .net core angular solution.
Here are the settings we have for the angular side.
"remoteServiceBaseUrl": "https://svc.ourdomain.com", "appBaseUrl": "https://{TENANCY_NAME}.ourdomain.com",
And here are the settings on the service side.
"ServerRootAddress": "https://svc.ourdomain.com/", "ClientRootAddress": "https://{TENANCY_NAME}.ourdomain.com/",
Any idea what we are doing wrong?
Thanks