https://github.com/aspnetboilerplate/module-zero-core-template/blob/master/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Core/Authentication/External/ExternalAuthManager.cs
From the Extensions menu in VS you can manage extensions and disable auto-updates.
Since it already auto-updated for me (as far as I know it can't be downgraded although surely there is a way in VS?), I was forced to upgrade our AspNetZero to 10.2 since I was in the middle of something heavily depending on the "radtool" and it suddenly stopped working. I'm very concerned to see that the extension would actually do this, especially without developers' control/awareness as to the timing of the update.
Version: 10.0 angular & .net5 Power Tools extension: v2.7.7 (apparently just updated on 3/25/21)
AspNetZeroRadTool seems to have had some breaking changes which are occurring only recently, and the main .DLL itself is somehow updating, along with all the FileTemplates. The new templates seem to use a structure that is not compatible with the angular source that I am using.
Given that the Power Tools extension just updated on 3/25 (since unfortunately extension auto-updates were turned on), while I understand it as merely a UI, it appears to be updating AspNetZeroRadTool and the associated file templates.
Is it possible to reverse (and keep reversed) the version of the RadTool DLL and/or the templates? Any time I generate a new entity the DLL and templates are replaced.
The file templates assume a structure that is simply not present in the angular UI for v10.0. The primary issue I have seen is with: aspnet-core\AspNetZeroRadTool\FileTemplates\Client\Angular\ModuleTemplate\MainTemplate.txt aspnet-core\AspNetZeroRadTool\FileTemplates\Client\Angular\ModuleTemplate\PartialTemplate.txt
Which result in modules (previously there were only components), with these import lines:
import { AppSharedModule } from "@app/shared/app-shared.module"; import { AdminSharedModule } from "@app/admin/shared/admin-shared.module";
But no such modules exist. Is Power Tools only set up to assume some particular version of AspNetZero? Is it at all possible to back up to the VS extension's prior version? Shouldn't/count the extension (or the underlying RadTools) be aware of the versioning for the AspNetZero project it is modifying? (Updating aspnetzero itself to 10.2 is on our radar but is by no means practical right now. I can see that it has the two modules in question).
How can you acquire more than one DbContext instance for the same database? I was expecting to be able to inject multiple repositories into a service and have each use their own DbContext.
The purpose is so that we can run some "parallel" select queries (async/awaiting the SQL response) where concurrency is not a big concern. But this cannot be done if the underlying DbContext is the same instance.
Some simplified code to illustrate:
// Repository implementation. Note: IMyRepository includes a GetDbContext() public class MyRepositoryBase<TEntity> : EfCoreRepositoryBase<MyDbContext, TEntity, long>, IMyRepository<TEntity> where TEntity : class, IEntity<long> { public MyRepositoryBase(IDbContextProvider<MyDbContext> dbContextProvider) : base(dbContextProvider) { } }
and elsewhere:
// Testing from service
var firstRepo = IocManager.Instance.Resolve<IMyRepository>();
var secondRepo = IocManager.Instance.Resolve<IMyRepository>();
bool theseMatch = object.Equals(firstRepo.GetDbContext(), secondRepo.GetDbContext());
// Since DBContext is same instance, cannot await these as they run concurrently...
var gotDispatches = firstRepo.GetAllListAsync();
var gotDeliveries = secondRepo.GetAllListAsync();
await Task.WhenAll(gotDispatches, gotDeliveries);
`
How can I enforce that the repositories each have their own DbContext, as though they were separate API requests. From looking at ABP source it seems like the IDbContextProvider injected into the repository base is going to always provide the same DbContext for the same unit of work. Is there no way to configure it otherwise?
In terms of dependency injection, I want the DbContexts to be transient just like the service implementations, with one new instance per resolve. Would I need to create a custom IDbContextProvider that just always provided a new DbContext? Is there a better/easier way? What might this break?
Prerequisites:
I have noticed that a few of the ApplicationServices in OurProject.Application make use of the Aspnetcore AuthorizeAttribute
at class or method-leve, instead of AbpAuthorizeAttribute
, namely these:
DynamicPropertyAppService,
DynamicPropertyValueAppService,
DynamicEntityPropertyAppService,
DynamicEntityPropertyValueAppService
PaymentAppService
But it does not seem that this attribute can do anything at the service layer, since these are not aspnetcore controllers. In practice it appears that unauthorized calls can be made. Should I replace with AbpAuthorize? Other services seem to use this, and when used, unauthorized calls are rejected.
Using Version 10.0, Angular/Core
I have tested the two-factor auth (only with email) and am seeing some issues (haven't found these from searching so far).
TokenController.Authenticate
instead of at the time where the code is generated in TokenController.SendTwoFactorAuthCode
). From debug I find that the call to ITypedCache<string,TwoFactorCodeCacheItem>.Set()
does NOT actually set in values in memory, past a certain point in time.DefaultAbsoluteExpireTime
is set. In debug I can see that this is configured once on first instance of needing the 2-factor code cache. It is set to 2 minutes. So it seems like if an absolute expire time is set for the whole cache, no entries are settable or retrievable after that time. I don't know if this can be confirmed from the ABP code underlying but it seems to be what's happening. Why is DefaultSlidingExpireTime
not used instead? This seems to fix the issue, and allows a new expiration "per item" instead of one global/permanent expiration for all future cache entries. Could this be happening with other cache-based operations? I am only just getting started with our project.Still occurs. But apparently it comes from Microsoft.Extensions.Identity.Core.UserManager base class.
The line where the "new" code is generated is from TokenAuthController.SendTwoFactorAuthCode():
cacheItem.Code = await _userManager.GenerateTwoFactorTokenAsync(user, model.Provider);
I don't understand why it is the same number but it often is, perhaps depending on timing? Indeed responses here suggest it is (I assume aspnetcore equivalents came out of MVC). Also implies possibly some way to change it. Could just randomly generate a code some other way since it is generated & checked against a cache.
https://stackoverflow.com/questions/42369268/how-to-prevent-generation-of-the-same-otps-in-mvc-2fa
I find that I do not know what differences to expect nor how to operate properly when MultitenancyEnabled = false
is set. This seems to be a pandora's box of related questions but l will ask in order of immediate relevance:
In general it is looking like there is a lot to work around or step around when it comes to treating this as a single site without multi-tenancy. Admin users should be able to edit any settings like these (as examples) from one place, or at least from one login:
hostSettings.externalLoginProviderSettings.facebook.appId
hostSettings.userManagement.smsVerificationEnabled
hostSettings.userManagement.useCaptchaOnLogin
hostSettings.userManagement.sessionTimeOutSettings.isEnabled
settings.userManagement.useCaptchaOnLogin // ??
settings.security.useDefaultPasswordComplexitySettings
settings.userManagement.isNewRegisteredUserActiveByDefault
If we access Settings in the angular client from the "real"/host admin user, will these settings all be combined? The client seems to be built to assume a Tenant Id.
Errors involve missing QAUser. This is a test post and I'll delete it if I see it post.
Db update after deleting database doesn't seem to produce any differences. I also generated a migration but it was empty. I always get 2 admin users, one with Tenant ID == null, one with Tenant ID == 1. The Angular UI code suggests TenantID > 0 is what makes something multi-tenant. I can only login with the multi-tenant version of 'admin' (email address = [email protected], and TenantID == 1).
Once we turn off multi-tenancy, should new entities we create still need a TenantID? If so, should it be null, or 0, or 1? How do I login with the true 'admin'? How do I access settings such as hostSettings.userManagement.smsVerificationEnabled
which cannot be edited from the UI for the 'tenant' side? What kinds of settings are going to remain conceptually divided between 'tenant' and 'host'? The whole idea is that we should not have to write an API client that knows or cares about 'tenant' because there is only one host/tenant and that is the API as a whole. How can we properly work around, cover up, and step over this concept with as little complexity as possible?
Sorry, I can't post a new post because the forum posting seems to be broken for me. I'm not sure if I can even reply on this thread.