@enerjisauretim, Every aspnetzero project has a built in identityserver host. It doesn't mean they are identityserver client. You will need to modify one of the projects as an identityserver client. And no, permissions or roles doesn't store in the project you set as identityserver host. Roles and permissions are project based; they keep their own roles and permissions.
Hello @enerjisauretim,
This is related with distributed systems and varies on use cases. It is kinda framework independent. If I understand correctly, you want to create other projects (in zero or not) and use the user store of your main application; passing claims to side projects. Roles are list of permissions, set on the main project. So passing roles won't make sense to other projects since resources you want to authorize are different. You will have to tweak your main app identity with roles having appname, permissions having appname; saving permissions of side projects to main app and cache them etc.
For authentication, using main app authentication scheme to authenticate your side app; use authorization as you like. Or using microsoft identity; you can use external login to your main application as default and register your users automatically if they're logging first time with a small tweak to your side app.
Keep on mind that aspnetzero is developed as monolithic. To adapt a distributed environment; you will need to manually tweak. Also, your use case can lead to many different paths which would require different solutions to overcome.
I hope it was helpful.
Helloe @robmasango,
Heroku CI-CD pipeline is completely out of my scope, I am sorry. This seems a pipeline specific problem, if Azure gives support about CI-CD, Heroku should be providing too. Did you contact to Heroku about this or checked their forums about the pipeline error?
Hello @-bitman, it is like trying a key-value pair across different files/dbs. I don't think you can magically change the process.
However, you can create something like AppUserTenantService keeping unique username as key and tenantId as value in a cache (even on redis) so you can speed up the process in a large margin by asking to cache which tanenant does the username belong.
Though it will require some extra work (like adding new registered users to cache, invalidating inactive users etc) but would worth the extra work if you are planning your application in a large scale.
I hope it was helpful.
Nice to hear your problem is solved. Closing the issue. Feel free to create a new one when you need to.
Hello @timmackey, can you observe your RAM usage while this error occurs?
Hello @jtallon,
Yes, AbpUserLogin (based on Microsoft Identity) is the table you need to check out.
Hello,
Did you try adding [AbpAllowAnonymous]
attribute to your controller or related method? More info can be found here.
Hello @jtallon; Most of the openid providers doesn't allow 3rd party signout. This means, if you integrated google login to your application, when login with google account and logout; you won't be able to logged out of google account but your application only. That is something up to openid providers.
For AzureAD you should be able to logout from AzureAD. After you signout from your cookie and openid schemes, you need to make a request to https://login.microsoftonline.com/tenant-id/oauth2/logout?post_logout_redirect_uri=<optional_uri>
.
Here is a sample that can help you out https://github.com/Azure-Samples/active-directory-dotnet-web-single-sign-out.
I hope it was helpful.
Hello robmasango,
Can you try changing the line after RUN dotnet restore "VuyisaTech.Easy2Comply.Web.Mvc/VuyisaTech.Easy2Comply.Web.Mvc.csproj"
COPY . .
to COPY . ./