Activities of "dev1_premierpoint"
Yeah, i got it to work by adding this code to AccountController.cs:
The View for the Login page already had a check for the DisableTenantChange property of the ViewBag. So, no change in Login.cshtml was necessary.
As far as your documentation goes, later that day it occurred to me that I was probably being too hard on you. I was just frustrated that I was having to keep digging on my own. Then I realized that is one of the reasons that there is a job description named "Developer". :)
The application we are developing is a multi-tenant application using the Single Deployment - Single Database model for multi-tenancy.
One of the features of the application for a tenant is the ability to create and schedule background jobs that handle data processing functions they need to do. So, we have to provide an interface that will give them CRUD capabilities for all of their background jobs.
What would be the recommended approach to using Hangfire in this type of multi-tenant application? All of the Abp dbs are "tenant-aware", but the Hangfire dbs are not, as best as I can tell.
Can you give me some guidance on the approach you would take to developing this capability in an Abp-based application?
I have been thinking about this topic and studying the sample you referred me to and have come to the conclusion that what I really want to do in my AspNetZero app is different than what I originally thought I wanted to do.
I think that what I really need to do is use the Azure AD "Password SSO" integration pattern described here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications
With this approach, I am thinking that my SaaS customers will set up my application as an "Enterprise Application" in Azure AD and configure it to do Password SSO with my AspNetZero app.
It appears that this approach will allow Azure AD to store the user name and password from my AspNetZero app in order to facilitate SSO.
The only requirement for the AspNetZero SaaS app is that it supports forms authentication - which it does.
Using this approach, my thinking as far as "onboarding" of a new tenant and that tenant's users is currently something like this:
- We manually add the new tenant in AspNetZero (or provide a new tenant registration page\process for self-service)
- We manually add the initial Admin user for the tenant (or provide an Admin user self-service registration process)
- The new Tenant Admin user would need to be an Azure AD admin as well and would then configure our AspNetZero app in their Azure AD tenant as an "Enterprise Application" and configure it for Password SSO.
- Then, the AspNetZero Tenant Admin can manually create AspNetZero Tenant Users in our AspNetZero application and those Tenant User's user names and passwords will be synchronized back to Azure AD for purposes of SSO with our AspNetZero app.
Do you think I am on the right track here? If so, it doesn't sound to me like there is any work for me to do in AspNetZero to make it ready for this approach to SSO. Correct?
Your documentation provices this guideance for publsihing to Azure App Service:
Our AspNetZero app is a multi-tenant app that uses a custom domain name.
This is what we use and it works when publishing to our internal IIS staging server using ASPNETCORE_ENVIRONMENT = Staging:
<span class="colour" style="color: rgb(46, 117, 182);">"App"<span class="colour" style="color: rgb(0, 0, 0);">: {</span></span> <span class="colour" style="color: rgb(163, 21, 21);"><span class="colour" style="color: rgb(0, 0, 0);"> </span><span class="colour" style="color: rgb(46, 117, 182);">"WebSiteRootAddress"</span><span class="colour" style="color: rgb(0, 0, 0);">:</span> "https://{TENANCY_NAME}.internaldomainname.com"</span> }
This is what we are trying to use when publishing to an Azure App Service that has ASPNETCORE_ENVIRONMENT = Production:
<span class="colour" style="color: rgb(46, 117, 182);">"App"<span class="colour" style="color: rgb(0, 0, 0);">: {</span></span> <span class="colour" style="color: rgb(163, 21, 21);"><span class="colour" style="color: rgb(0, 0, 0);"> </span><span class="colour" style="color: rgb(46, 117, 182);">"WebSiteRootAddress"</span><span class="colour" style="color: rgb(0, 0, 0);">:</span> "https://{TENANCY_NAME}.premierpointonline.com"</span> }
The application never works on Azure - we just get 500 Internal Server Error with no other details:
What do we need in the appsettings.production.com to get this to work in Azure App Service?
Thanks for pointing out that I did not specify my version.
Here it is:
AspNetZero 7.2.0 - Asp.Net Core MVC & jQuery AspNetCore 2.2.0 Targeting .Net Framework 4.6.1
Once I learned a little bit about AspNetZero's approach to logging and found the log file, it turned out that the problem was that the Azure Service App could not connect to the Azure Sql Database.
The reason for that was that your documentation page about publishing to Azure App Service (https://docs.aspnetzero.com/en/aspnet-core-mvc/latest/Deployment-Mvc-Core-Azure) does not really address how the Azure App Service and the Azure Sql Database need to be configured to communicate.
It turns out that there are lots of different options for getting an Azure App Service to talk to an Azure Sql Database and the level of security goes from poor to good depending on which option you choose to set up.
I chose one of the "good" security options, but its more complicated to configure and I didn't quite get it right. So, that turned out be be my problem.
FYI, the "easy", but "poor security" option is to enable this setting in your Azure Sql Server:
The reason this option offer poor security is that when you turn it on, all of Azure (ie. every Azure customer in the Region) can access the SQL Server through its firewall. Of course, they need a good user name and password to login, but still its a bad practice to leave your SQL Server open to this.
The more difficult to set up, but good approach to security is to set up a Vnet for the Azure App Service and Azure SQL Server to use for private communication. I've got that working now in my deployment.
Also, for the record, there was nothing wrong with my appsettings.production.json configuration. It is correct as it is shown above. This all had to do with the Sql Connection problem.
Also, one thing I did that may or may not have been required is to add ASPNETCORE_ENVIRONMENT = Production as a envrionment variable to my Azure App Service using the Azure Portal.
It would be nice to have a standard SCIM (System for Cross-domain Identity Management) endpoint included in AspNetZero since it is the SaaS-industry standard for identity synchronization between SaaS providers.
Microsoft offers this page as an example of how to custom build an endpoint:
Seems like this would be best as a standard component of AspNetZero, though.
Is this anywhere on the roadmap?
Is there any easy way in the Datatables grid to format a column's display to handle sensitive data type fields? Ideally, would display the column value in stars (*) and then have a eyeball type of control to click on to show the actual value.
Thank you.