Can you provide an example for this scenario?
I've tried many ways to either remove AbpResultFilter and add my extended Filter class, or make this filter class working conditionally.
In startup.cs file, services.Configure<MvcOptions> and PostConfigure methods not working, so that i was not be able to modify filters accordingly.
Hello,
I can list our needs:
These are the ones that I remember for the moment.
I found out that default implementation of AbpLoginManager does that, if an external login provider fails, it checks the user along with his password in our database. And if the password seems okay, it lets the user in: (which is an undesired behaviour for our case, we will probably throw an UserFriendlyException to prevent his login attempt on LDAP failure cases)
protected virtual async Task<AbpLoginResult<TTenant, TUser>> LoginAsyncInternal(string userNameOrEmailAddress, string plainPassword, string tenancyName, bool shouldLockout)
{
if (userNameOrEmailAddress.IsNullOrEmpty())
{
throw new ArgumentNullException(nameof(userNameOrEmailAddress));
}
if (plainPassword.IsNullOrEmpty())
{
throw new ArgumentNullException(nameof(plainPassword));
}
//Get and check tenant
TTenant tenant = null;
using (UnitOfWorkManager.Current.SetTenantId(null))
{
if (!MultiTenancyConfig.IsEnabled)
{
tenant = await GetDefaultTenantAsync();
}
else if (!string.IsNullOrWhiteSpace(tenancyName))
{
tenant = await TenantRepository.FirstOrDefaultAsync(t => t.TenancyName == tenancyName);
if (tenant == null)
{
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.InvalidTenancyName);
}
if (!tenant.IsActive)
{
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.TenantIsNotActive, tenant);
}
}
}
var tenantId = tenant == null ? (int?)null : tenant.Id;
using (UnitOfWorkManager.Current.SetTenantId(tenantId))
{
await UserManager.InitializeOptionsAsync(tenantId);
//TryLoginFromExternalAuthenticationSources method may create the user, that's why we are calling it before AbpUserStore.FindByNameOrEmailAsync
var loggedInFromExternalSource = await TryLoginFromExternalAuthenticationSourcesAsync(userNameOrEmailAddress, plainPassword, tenant);
var user = await UserManager.FindByNameOrEmailAsync(tenantId, userNameOrEmailAddress);
if (user == null)
{
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.InvalidUserNameOrEmailAddress, tenant);
}
if (await UserManager.IsLockedOutAsync(user))
{
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.LockedOut, tenant, user);
}
if (!loggedInFromExternalSource)
{
if (!await UserManager.CheckPasswordAsync(user, plainPassword))
{
if (shouldLockout)
{
if (await TryLockOutAsync(tenantId, user.Id))
{
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.LockedOut, tenant, user);
}
}
return new AbpLoginResult<TTenant, TUser>(AbpLoginResultType.InvalidPassword, tenant, user);
}
await UserManager.ResetAccessFailedCountAsync(user);
}
return await CreateLoginResultAsync(user, tenant);
}
}
Since we are calling webapi's from our other projects via server-to-server communication, this interceptor does not work for our case.
@maliming you are right, however, AspnetZero does inject the response type, which is wrong, either. The service should return the same structure as it promises to.
In my opinion, instead of wrapping results, RAD tool should generate wrapped object results (such as AbpPagedResult<T> ) so that Swagger will generate related structure.
It is 1.9.0, not the latest one
We needed this solution just because of a reverse proxy need actually. Our front-end deployment is open to the public internet, however, backend deployment is not. So, end users' browser cannot contact backend server via ajax requests.
Thank you.
@ismcagdas and @sedulen thank you.
Are we able to use IIS deploy, I couldn't understand the your answer :(