Hello,
Thank you for posting the solution.
I was looking for the same, I have a synchronization system and in this case I want not to have my LastModificationTime/CreationTime updated.
It would be nice to have this kind of option to disable AbpConcepts in Abp Framework
Regards,
Thanks for your responses.
I finally make it working by following this answer: <a class="postlink" href="https://stackoverflow.com/questions/42075792/net-web-api-2-post-consuming-gzip-compressed-content/46282062#comment79550906_46282062">https://stackoverflow.com/questions/420 ... 6_46282062</a>
Implemented a delegate.
Result: Json from my mobile application is compressed and I add a header in the Content "gzip" On the Web the content is decompressed if the header is present.
Half of the size for my big call ! :)
Hi,
I was already have this configuration activated.
The problem was in ExternalLoginCallback, as the CurrentTenancyName was null and there is no tenant linked to the login Facebook, it was redirecting to the classic registration page. I change the code to handle that if there is no tenant for this login it should be link to the default one.
switch (tenants.Count)
{
case 0:
//Change this line because we want that by default any member that connect with Facebook be register as default tenant
//return await RegisterView(loginInfo);
tenancyName = Donaki.MultiTenancy.Tenant.DefaultTenantName;
break;
case 1:
tenancyName = tenants[0].TenancyName;
break;
default:
return View("TenantSelection", new TenantSelectionViewModel
{
Action = Url.Action("ExternalLoginCallback", "Account", new { returnUrl }),
Tenants = tenants.MapTo<List<TenantSelectionViewModel.TenantInfo>>()
});
}
After that I'm now able to register with facebook without the need to set a password.
Any news about this issue ?
Thank you, plz keep me in touch when you find a good solution to prevent this.
Actually I'm doing this in jtable as you suggest:
lastName: {
title: app.localize('LastName'),
width: '10%',
//TODO: Remove when XSS issue is fixed.
display: function (data) {
return $('<div/>').text(data.record.lastName).html();
}
},
No I didn't. I was expecting to have a mechanism that automatically makes it.
By checking again the template have actually this issue:
see: <a class="postlink" href="http://hpics.li/088a0c3">http://hpics.li/088a0c3</a>
Url: <a class="postlink" href="http://localhost:6240/Mpa/Users">http://localhost:6240/Mpa/Users</a>
and you get an alert js. That means that an attacker can potentially run js file with the context of the domain and steal sensitive information.
In the Angular part the entry is html safed.
Yes the data showing in jtable execute the html.
So when I set in my input field: t <script>alert('security breach');</script> click on save.
jtable refresh the table and execute the script.
So I get an js alert "security breach".
Hi,
Ok will dot it this way.
Thank you
Hello,
We have the Token Based authentification, but only for the standard login (so with username and password).
But that's ok, we take the /api/TokenAuth/ExternalAuthenticate implementation from the Core.Web project (in ASP.NET Core project of aspnet zero template) and copy it inside of AccountController of Web API project (inside on ASP.NET MVC Jquery project)
We test it from our Xamarin project and now it's ok.
We need to think now about a system of renew token and alternative to not store ProviderKey inside of the mobile app.
Best regards,
Hello,
I have the same need in my aspnet zero MVC / Jquery application but I don't have the api endpoint available.
What is the version of Abp Zero needed ?
Thanks