Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC

Activities of "fgonzalez"

Question

Hi

  • My product version: v9.3.0
  • My product type: Angular
  • My framework type: .net core

I am implementing SQL Always Encrypted, according to Microsoft documentation I need to add an additional connection parameter (Column Encryption Setting = enabled) in the connection string Default in appsettigns.json, to be able to perform the encryption and decryption tasks for tenants with shared database in main DB .

When adding the parameter to the connection string and run the project I get the following error:

Application startup exception: System.ArgumentException: Keyword not supported: 'column encryption setting'. at System.Data.Common.DbConnectionOptions.ParseInternal(Dictionary`2 parsetable, String connectionString, Boolean buildChain, Dictionary`2 synonyms, Boolean firstKey) at System.Data.Common.DbConnectionOptions..ctor(String connectionString, Dictionary`2 synonyms) at System.Data.SqlClient.SqlConnectionString..ctor(String connectionString) at System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String connectionString, DbConnectionOptions previous) at System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(DbConnectionPoolKey key, DbConnectionPoolGroupOptions poolOptions, DbConnectionOptions& userConnectionOptions) at System.Data.SqlClient.SqlConnection.ConnectionString_Set(DbConnectionPoolKey key) at System.Data.SqlClient.SqlConnection.set_ConnectionString(String value) at System.Data.SqlClient.SqlConnection..ctor(String connectionString) at Hangfire.SqlServer.SqlServerStorage.<.ctor>b__6_0() at Hangfire.SqlServer.SqlServerStorage.CreateAndOpenConnection() at Hangfire.SqlServer.SqlServerStorage.UseConnection[T](DbConnection dedicatedConnection, Func`2 func) at Hangfire.SqlServer.SqlServerStorage.UseConnection(DbConnection dedicatedConnection, Action`1 action) at Hangfire.SqlServer.SqlServerStorage.Initialize() at Hangfire.SqlServer.SqlServerStorage..ctor(String nameOrConnectionString, SqlServerStorageOptions options) at Hangfire.SqlServer.SqlServerStorage..ctor(String nameOrConnectionString) at Asincro.Camaleon.Web.CamaleonWebCoreModule.PreInitialize() in /Users/jsierra/Projects/Camaleon/aspnet-core/src/Asincro.Camaleon.Web.Core/CamaleonWebCoreModule.cs:line92 at Abp.Modules.AbpModuleManager.<>c.<StartModules>b__15_0(AbpModuleInfo module) at System.Collections.Generic.List`1.ForEach(Action`1 action) at Abp.Modules.AbpModuleManager.StartModules() at Abp.AbpBootstrapper.Initialize() at Abp.AspNetCore.AbpApplicationBuilderExtensions.InitializeAbp(IApplicationBuilder app) at Abp.AspNetCore.AbpApplicationBuilderExtensions.UseAbp(IApplicationBuilder app, Action`1 optionsAction) at Asincro.Camaleon.Web.Startup.Startup.Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory) in /Users/jsierra/Projects/Camaleon/aspnet-core/src/Asincro.Camaleon.Web.Host/Startup/Startup.cs:line205 at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.&lt;Build>b__0(IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.Configure(IApplicationBuilder app) at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<&gt;c__DisplayClass0_0.&lt;Configure&gt;g__MiddlewareFilterBuilder|0(IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.WebHost.BuildApplication() Unhandled exception. System.ArgumentException: Keyword not supported: 'column encryption setting'. at System.Data.Common.DbConnectionOptions.ParseInternal(Dictionary`2 parsetable, String connectionString, Boolean buildChain, Dictionary`2 synonyms, Boolean firstKey) at System.Data.Common.DbConnectionOptions..ctor(String connectionString, Dictionary`2 synonyms) at System.Data.SqlClient.SqlConnectionString..ctor(String connectionString) at System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String connectionString, DbConnectionOptions previous) at System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(DbConnectionPoolKey key, DbConnectionPoolGroupOptions poolOptions, DbConnectionOptions& userConnectionOptions) at System.Data.SqlClient.SqlConnection.ConnectionString_Set(DbConnectionPoolKey key) at System.Data.SqlClient.SqlConnection.set_ConnectionString(String value) at System.Data.SqlClient.SqlConnection..ctor(String connectionString) at Hangfire.SqlServer.SqlServerStorage.<.ctor>b__6_0() at Hangfire.SqlServer.SqlServerStorage.CreateAndOpenConnection() at Hangfire.SqlServer.SqlServerStorage.UseConnection[T](DbConnection dedicatedConnection, Func`2 func) at Hangfire.SqlServer.SqlServerStorage.UseConnection(DbConnection dedicatedConnection, Action`1 action) at Hangfire.SqlServer.SqlServerStorage.Initialize() at Hangfire.SqlServer.SqlServerStorage..ctor(String nameOrConnectionString, SqlServerStorageOptions options) at Hangfire.SqlServer.SqlServerStorage..ctor(String nameOrConnectionString) at Asincro.Camaleon.Web.CamaleonWebCoreModule.PreInitialize() in /Users/jsierra/Projects/Camaleon/aspnet-core/src/Asincro.Camaleon.Web.Core/CamaleonWebCoreModule.cs:line92 at Abp.Modules.AbpModuleManager.<>c.<StartModules>b__15_0(AbpModuleInfo module) at System.Collections.Generic.List`1.ForEach(Action`1 action) at Abp.Modules.AbpModuleManager.StartModules() at Abp.AbpBootstrapper.Initialize() at Abp.AspNetCore.AbpApplicationBuilderExtensions.InitializeAbp(IApplicationBuilder app) at Abp.AspNetCore.AbpApplicationBuilderExtensions.UseAbp(IApplicationBuilder app, Action`1 optionsAction) at Asincro.Camaleon.Web.Startup.Startup.Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory) in /Users/jsierra/Projects/Camaleon/aspnet-core/src/Asincro.Camaleon.Web.Host/Startup/Startup.cs:line205 at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.Invoke(Object instance, IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConfigureBuilder.<>c__DisplayClass4_0.&lt;Build>b__0(IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.Configure(IApplicationBuilder app) at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<&gt;c__DisplayClass0_0.&lt;Configure&gt;g__MiddlewareFilterBuilder|0(IApplicationBuilder builder) at Microsoft.AspNetCore.Hosting.WebHost.BuildApplication() at Microsoft.AspNetCore.Hosting.WebHost.StartAsync(CancellationToken cancellationToken) at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String startupMessage) at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String startupMessage) at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token) at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host) at Asincro.Camaleon.Web.Startup.Program.Main(String[] args) in /Users/jsierra/Projects/Camaleon/aspnet-core/src/Asincro.Camaleon.Web.Host/Startup/Program.cs:line12

<br> What I found on the web was that this error occurs when using the System.Data.SqlClient library, and it is recommended to use Microsoft.Data.SqlClient https://stackoverflow.com/questions/59826833/net-core-3-1-always-encrypted

It is important to mention that for tenants with databases other than the main one, SQL Always Encrypted works perfectly because the mentioned parameter was added in the CS of each tenant without problem.

Please could you give me some guidance on this?

Question

Hi

  • My product version: v9.3.0
  • My product type: Angular
  • My framework type: .net core

<br> I need help with reference to JWT, a customer reported a possible security risk of sending the token over http or https, with the possibility that the token could be stolen.

Questions:

  • Is it possible with the ABP to use an alternative mechanism to transmit session tokens or some more secure way?
  • What mechanisms does ABP have to prevent user access or API calls with a stolen token?

<br> Best regards.

Showing 1 to 2 of 2 entries