Activities of "hra"

Thanks @ismcagdas,

feature request created here: https://github.com/aspnetboilerplate/aspnetboilerplate/issues/6691

Hi there,

I'm using AspNetZero core 10 with angular.

I wish to add ip restricted authentication to the platform. I have tracked the necessary code location to the LogInManager.LoginAsyncInternal overloads. These methods allow me to capture the identify, then lookup the IP whitelist for that tenant, before making a decision as to whether login should continue or not.

However, I can see a hurdle to extending this functionality is the AbpLoginResultType enum. There is no generic failure mode (i.e) FailedForOtherReason - and I really do not want to return an 'invalid password' failure - I want the user to know that the service is not available from their IP.

What's the most suitable way to go about this which doesn't involve forking entire chunks of AspNetBoilerplate?

Thanks,

Hi @simplexsrl,

Did you get any traction on this? I find myself in the same position - because Flaticons.com generates a CSS which is hardcoded to the namespace "flaticon-", adding a second collection to the application causes a namespace conflict. Obviously this can be resolved by manually editing the CSS generating by Flaticons.com to change the namespace, however avoiding thi manual step would be preferable.

I have contact Keenthemes, awaiting their response also.

Thanks,

Hi @edarib - thanks, I'm clear on that much. It seems to me there is zero functional purpose of this role existing, out of the box - beyond demonstration.

I simply wish to confirm that point. Perhaps a question for the vendor to confirm.

Thanks,

Hi,

I have scanned the documentation, but dont see an indepth explanation.

I am curious what the purpose of the "User" role is - given that it has no permissions out of the box? Is it purely demonstrative?

Thank you

We are working on a suite of mobile applications, and a (potentially) 3rd party accessible API.

The current error mechanism in AspNetZero, is fine - but a little opaque. Making client-side decisions based on the error information provided is not reliable - for several reasons.

1. returned errors are often only differentiated by their message, which is fine for providing an explanation to the user, but no good for making application flow decisions. e.g, AbpAuthorizationException can be returned for several reasons - tenant disabled, user account inactive, incorrect username/password, etc etc. I don't want to be parsing localized error messages in a client, to make application flow decisions.
2. HTTP result codes are course in their granularity, again making it impossible to handle specific scenarios to improve user experience

the ErrorInfo object returned in the AjaxResponse does have a "code" - but I have never seen it used/populated by ANZ. I can see that I only need to throw an exception that implements IHasErrorCode, to populate the "code" field - such as with "UserFriendlyException".

To my questions:

1. I figured all the above out myself, because there is no documentation under AspNetZero or AspNet Boilerplate. The "abp.io" product does document, what I can only assume is something similar, however, as ANZ/Boilerplate customers, we generally avoid ABP.io documentation as the product is different, and it can lead us astray.
2. Can we see the ANZ/ABP products better adopt this "code" field? I would like to see a const list of known exception cases and codes in the application server code - which would enable client applications to move to toward a functional error-handling practice, and avoid missing exception scenarios.

Of course - ANZ getting ABP.IO business-exception subsystem would be fantastic... https://docs.abp.io/en/abp/latest/Exception-Handling

Thanks,

Thanks @ismcagdas, I have done so here: https://github.com/aspnetzero/aspnet-zero-core/issues/4644

We have enabled "Microsoft" authentication, in our multi-tenant AspNetZero application to allow our customers to create accounts, and sign-in using their Microsoft organisational account.

From what I can tell, the default implementation will allow anyone from any Microsoft organisational to sign up.

Our customers will want to be able to "restrict" sign-ups to users from specific organisations.

For example, our customer "Acme" has also purchased business services from Microsoft under the organisation "Acme". They want to allow their users to sign up to our site, under the "Acme" tenant, using ONLY their "Acme" Microsoft credential.

1. Is there a mechanism in ANZ to allow for this today?
2. If not, is there a reason? Perhaps what I am wanting to do is achieve through other means?
3. If I need to roll this myself in ANZ - what's the high-level guidance?

Reading this: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens, apparently the "iss" component of the claims, identifies "the Azure AD tenant for which the user was authenticated". It also says "Your app should use the GUID portion of the claim to restrict the set of tenants that can sign in to the app, if applicable." - so I guess that's what we should be restricting.

Thanks!

Hi @ismcagdas, while putting together issue details, it is no longer reproducing. Very odd. I will close this ticket, and raise an issue via github if I can figure out repro steps.

Nevermind - offending change found!

An update to @types/lodash - version 4.14.187 published Nov 1, 2022 caused the breakage. It forced a dependency on TypeScript 4.1 functionality

https://github.com/DefinitelyTyped/DefinitelyTyped/issues/63022