Activities of "amasanad"
Hi please mention the email to send
Hello we need your support to close this issue
i've set the secure flag from frontend but after deployment, the login didnt work correcttly the user click login and after login get redirected to home page, so i think there is issue on setting cookies
and try diffreent solution for setting the http only value and no one work
please help
Hello @ismcagdas
i've added reply there after testign it's not working, please need your support to close this issue
Thanks
Hello Thanks for response but i tried and nothing changed, what is the reason for that
i'm trying with the middleware but cant get the token i dont know what is the issue
var tokens = ctx.Request.Cookies["Abp.AuthToken"];** is always empty**
if (!tokenExpireDate) {
tokenExpireDate = new Date();
tokenExpireDate.setDate(tokenExpireDate.getDate() + 30);
}
// debugger;
document.cookie = "Abp.AuthToken=" + encodeURIComponent(accessToken) + "; expires=" + tokenExpireDate.toUTCString() + "; secure";```
public static class AuthTokenMiddleware
{
public static IApplicationBuilder UseHttpOnlyAuthToken(this IApplicationBuilder app)
{
return app.Use(async (ctx, next) =>
{
var tokens = ctx.Request.Cookies["Abp.AuthToken"];
//ctx.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
// new CookieOptions() { HttpOnly = false });
if (string.IsNullOrEmpty(tokens) == false)
{
ctx.Request.Headers.Add("Abp.AuthToken", tokens);
string path = ctx.Request.Path.Value;
//ctx.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
// new CookieOptions() { HttpOnly = false });
}
await next();
});
}
}
Hello can you please double check here
i've another question how to set HttpOnly flag as well to true
client app and backend apis are on the same domain, do i still need the middleware, and if you please help on how to add sample one what are changes on backend and angular
Hi i know this feature howecer this would only be valid from front end or while i'm using the angualr app but the issue came out as vulnerabilities, as the security team are testing the apis with different tools like Burp suite
please advise, how to do it from backend server side
Hello i followed this tutrial and token is now sent on header from angualr to backend https://www.c-sharpcorner.com/article/preventing-csrf-attacks-using-asp-net-core-javascript-and-angular/ the issue now i'm gettgin exception
INFO 2023-04-03 13:02:15,539 [13 ] idateAntiforgeryTokenAuthorizationFilter - Antiforgery token validation failed. The required antiforgery cookie "XSRF-TOKEN" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie "XSRF-TOKEN" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
please help, if you can include refrence for soltuion
Hi
i've try to do Synchronizer class for an entity when trying to add new enitty from tenant it goes through infinite loop of insertiaons, what is the issue ?
and i've another question how to handel primary keys on tenant for this case tenatn A can add new plan and with PK id = 1 tenatn B can add new plan and with PK id = 1 as they are on diffrenet databases, shall i add refrence to the PK like UserId on UserAccount ?
/// <summary>
/// Synchronizes a user's information to user account.
/// </summary>
public class InsurancePlanSynchronizer :
IEventHandler<EntityCreatedEventData<InsurancePlan>>,
//IEventHandler<EntityDeletedEventData<InsurancePlan>>,
//IEventHandler<EntityUpdatedEventData<InsurancePlan>>,
ITransientDependency
{
private readonly IRepository<InsurancePlan, int> _planRepository;
private readonly IUnitOfWorkManager _unitOfWorkManager;
/// <summary>
/// Constructor
/// </summary>
public InsurancePlanSynchronizer(
IRepository<InsurancePlan, int> planRepo,
IUnitOfWorkManager unitOfWorkManager)
{
_planRepository = planRepo;
_unitOfWorkManager = unitOfWorkManager;
}
/// <summary>
/// Handles creation event of user
/// </summary>
public virtual void HandleEvent(EntityCreatedEventData<InsurancePlan> eventData)
{
_unitOfWorkManager.WithUnitOfWork(() =>
{
using (_unitOfWorkManager.Current.SetTenantId(null))
{
_planRepository.Insert(new InsurancePlan
{
TenantId = eventData.Entity.TenantId,
NameAr = eventData.Entity.NameAr,
});
}
});
}
}
PlanAppService
[AbpAuthorize(AppPermissions.Pages_InsurancePlans_Create)]
protected virtual async Task Create(CreateOrEditInsurancePlanDto input)
{
var insurancePlan = ObjectMapper.Map<InsurancePlan>(input);
if (AbpSession.TenantId != null)
{
insurancePlan.TenantId = (int?)AbpSession.TenantId;
}
await _insurancePlanRepository.InsertAsync(insurancePlan);
await CurrentUnitOfWork.SaveChangesAsync();
}
Let's explain in more details.
Consider you have a tenant for telecommunication companies like Vodafone and Vodafone needs to manage their branches so they will create Organization unit for Istanbul, Ankara,...etc.
So, I need to create a Unit Admin for each unit he will be able to manage the unit users and add a user in this unit only.