Base solution for your next web application

Activities of "amasanad"

Hi please mention the email to send

Hello we need your support to close this issue

i've set the secure flag from frontend but after deployment, the login didnt work correcttly the user click login and after login get redirected to home page, so i think there is issue on setting cookies

and try diffreent solution for setting the http only value and no one work

please help

Hello @ismcagdas

i've added reply there after testign it's not working, please need your support to close this issue

Thanks

Hello Thanks for response but i tried and nothing changed, what is the reason for that

i'm trying with the middleware but cant get the token i dont know what is the issue

var tokens = ctx.Request.Cookies["Abp.AuthToken"];** is always empty**


        if (!tokenExpireDate) {
            tokenExpireDate = new Date();
            tokenExpireDate.setDate(tokenExpireDate.getDate() + 30);
        }
        // debugger;
        document.cookie = "Abp.AuthToken=" + encodeURIComponent(accessToken) + "; expires=" + tokenExpireDate.toUTCString() + "; secure";```

 public static class AuthTokenMiddleware
    {
        public static IApplicationBuilder UseHttpOnlyAuthToken(this IApplicationBuilder app)
        {
            return app.Use(async (ctx, next) =>
            {
                var tokens = ctx.Request.Cookies["Abp.AuthToken"];
                //ctx.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
                //      new CookieOptions() { HttpOnly = false });

                if (string.IsNullOrEmpty(tokens) == false)
                {
                    ctx.Request.Headers.Add("Abp.AuthToken", tokens);

                    string path = ctx.Request.Path.Value;
                     
                    //ctx.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
                    //      new CookieOptions() { HttpOnly = false });
                }
                await next();
            });
        }
    }

Hello can you please double check here

i've another question how to set HttpOnly flag as well to true

client app and backend apis are on the same domain, do i still need the middleware, and if you please help on how to add sample one what are changes on backend and angular

Hi i know this feature howecer this would only be valid from front end or while i'm using the angualr app but the issue came out as vulnerabilities, as the security team are testing the apis with different tools like Burp suite

please advise, how to do it from backend server side

Hello i followed this tutrial and token is now sent on header from angualr to backend https://www.c-sharpcorner.com/article/preventing-csrf-attacks-using-asp-net-core-javascript-and-angular/ the issue now i'm gettgin exception

INFO 2023-04-03 13:02:15,539 [13 ] idateAntiforgeryTokenAuthorizationFilter - Antiforgery token validation failed. The required antiforgery cookie "XSRF-TOKEN" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie "XSRF-TOKEN" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)

please help, if you can include refrence for soltuion

Hi

i've try to do Synchronizer class for an entity when trying to add new enitty from tenant it goes through infinite loop of insertiaons, what is the issue ?

and i've another question how to handel primary keys on tenant for this case tenatn A can add new plan and with PK id = 1 tenatn B can add new plan and with PK id = 1 as they are on diffrenet databases, shall i add refrence to the PK like UserId on UserAccount ?

/// <summary>
    /// Synchronizes a user's information to user account.
    /// </summary>
    public class InsurancePlanSynchronizer :
        IEventHandler<EntityCreatedEventData<InsurancePlan>>,
        //IEventHandler<EntityDeletedEventData<InsurancePlan>>,
        //IEventHandler<EntityUpdatedEventData<InsurancePlan>>,
        ITransientDependency
    {
        private readonly IRepository<InsurancePlan, int> _planRepository;
        private readonly IUnitOfWorkManager _unitOfWorkManager;

        /// <summary>
        /// Constructor
        /// </summary>
        public InsurancePlanSynchronizer(
            IRepository<InsurancePlan, int> planRepo,
            IUnitOfWorkManager unitOfWorkManager)
        {
            _planRepository = planRepo;
            _unitOfWorkManager = unitOfWorkManager;
        }

        /// <summary>
        /// Handles creation event of user
        /// </summary>
        public virtual void HandleEvent(EntityCreatedEventData<InsurancePlan> eventData)
        {
            _unitOfWorkManager.WithUnitOfWork(() =>
            {
                using (_unitOfWorkManager.Current.SetTenantId(null))
                {
                        _planRepository.Insert(new InsurancePlan
                        {
                            TenantId = eventData.Entity.TenantId,
                            NameAr = eventData.Entity.NameAr,
                        });
                     
                }
            });
        }
    }

PlanAppService

        [AbpAuthorize(AppPermissions.Pages_InsurancePlans_Create)]
        protected virtual async Task Create(CreateOrEditInsurancePlanDto input)
        {
            var insurancePlan = ObjectMapper.Map<InsurancePlan>(input);

            if (AbpSession.TenantId != null)
            {
                insurancePlan.TenantId = (int?)AbpSession.TenantId;
            }

            await _insurancePlanRepository.InsertAsync(insurancePlan);
            await CurrentUnitOfWork.SaveChangesAsync(); 

        }

Let's explain in more details.

Consider you have a tenant for telecommunication companies like Vodafone and Vodafone needs to manage their branches so they will create Organization unit for Istanbul, Ankara,...etc.

So, I need to create a Unit Admin for each unit he will be able to manage the unit users and add a user in this unit only.

Showing 1 to 10 of 16 entries