Yes, it is the same on the demo web site.
For example, after selecting Theme 7 in visual settings and then save settings to activate the theme, clicking on the 't6136491\admin' link at the top right next to the persons photo, no drop down menu appears.
For the ones where the alignment is wrong, an example shows the drop down user menu aligned to the right, not under the user menu link like the other themes (like Default). This may be OK for themes where the user menu is right aligned, but the drop down should be correctly aligned if it is a narrower theme where the user menu is not aligned to the right, like on Themes 2, 5 and 10.
Of course, I cant not include an image showing the menu as the menu won't display, but you can see where I am clicking to get the menu.
Here is an example of alignment issue;
Here is an example where the drop down user menu is not displaying:
Here is an example where it displays OK:
That works, thanks @ismcagdas!
I also see on GitHub that upgrading to Metronic v6 is a possibly scheduled as an ASPNET Zero v7 upgrade.
Thank you.
Sure, I will do that now, thanks. I'm relatively new to aspnet zero so thought I better ask the question on here first! Thanks.
Hi @ryancyq
I am using a relatively fresh copy of v6.7, AngulaJS, Core 2.2 with very little modification so far.
I have not made any modifications to my-setting view. I have checked the code in my local source version against the current aspnet zero GitHub repo and the code is the same.
Thanks.
@aaron thanks. Strangely I am on v6.4.0 but there seems to have been an issue commotting some of those changes to GIT when upgrading the framework!
Thanks @ismcagdas. I still think the ability to change the host name and default admin user would be a good future enhancement. however, I will close this off and leave that for the team to decide in the future.
Thanks.
I forgot to add that of course, there is also the option to enforce TFA on all host users. So I agree that while there are ways to make it 'secure' there are additional steps that could be taken to follow good/best practice that we cannot do due to those limitations.
@jims - I have looked at both of those and while you can use those to change other elements of the Admin user such as first name, last name, email etc, you cannot change the user name which is set from AbpUserBase.AdminUserName and the ABP documentation states "UserName of the admin. admin can not be deleted and UserName of the admin can not be changed."
@alper - of course you are correct from the perspective of a pure brute force attack. But that is not how sites are breached. Hackers can use a whole armoury of techniques from phishing to social engineering techniques to gain passwords. Once they have the password, they are in. Unless of course they also needd to know other secrets that where specific to that site, such as the host tenant ID and user name.
For example, an online banking service would NEVER secure access to online accounts only using a password. The customer would also need to set other 'secrets'. These are not even bank account details such as account number or sort code, as these can be easily discovered. They are other secrets such as a user name, a passcode AND a password.
So my main point is that ABP and ASPNET Zero is enforcing that on the template users. The ability to specificy a host tenant ID, or change the default Admin user name seems sensible, then it is the clients decision on if / how they use that ability. Especially if they are using the template for storing sensitive data (perssonal or financial or both) for other tenants.
I will look in to the suggestion of making the 'Admin' passive and creating another user with full permissions which at least may give 2 out of 3 elements.
Thanks
Thank you for your help.
