The problem is not with debugging, I wrote this code just to deliver my idea to you. Since we have an open APIs any user in the system can get token and begin to send you whatever he want using a lot of tools like Postman. So we need to protect ourself.
you can read this if you want: https://dba.stackexchange.com/questions/98118/composite-primary-key-in-multi-tenant-sql-server-database
You didn't catch my problem, if I use the function as bellow: public async Task CreateTicket(CreateTicketInput input) { await _ticketRepository.InsertAsync(ObjectMapper.Map<Ticket>(input)); }
Is there guaranty that the sent id of the Status is belong to the current tenant? not for another tenant? in case of my app hacking. :) that is my question... thanks for your time.
Thanks guys
good evening @bobingham, suppose that I have the following Dto: CreateTicketInput{Id, Title, StatusId, PriorityId, UserId}
and the the following function to create ticket:
public async Task CreateTicket(CreateTicketInput input) {
// The following three lines will throw exception if IDs not belong to the current tenant
// I need to do this checking on create and update
var status = _statusRepository.Get(input.StatusId);
var priority = _priorityRepository.Get(input.PriorityId);
var user = _userRepository.Get(input.UserId);
var ticket= ObjectMapper.Map<Ticket>(input);
await _ticketRepository.InsertAsync(ticket);
}
is there any efficient way to do those three checks? how your solution can help me?
Thanks
"Yes, implement an IQueryable for your query and then execute with the ToList() or await ToListAsync()." Could you explain your solution more later.
Good night...
Thanks for your reply, I am trying to solve the following problem may you can help me thinking about it. I have Ticket entity with the following properties: {Id, TenantId, Title, StatusId, PriorityId, UserId} every time we post/put new Ticket from Angular to the APIs we have to check if the selected {StatusId, PriorityId, UserId} is related to the current tenant so I need to hit the database three times to check that every item is related to the current tenant right? Is there any method to prevent those three hits? Since composite key will let the sql server do that since we add foreign key to both ** (Id, TenantId) ** in Status table and the same thing for the other Priority and User. No need to reference the Tenant table because tenant id is maintained by the framework and there no chance to be for other tenant.
Thank you Support for your reply. We are using ASPNET Zero.
Can you give us your advice on the best approach to achieve this in the Framework? We are not asking about the exact steps or Code, Just some guidelines from your core knowledge in the Framework.
We appreciate your support.
Regards,
<cite>ismcagdas: </cite> Hi,
Can you share your setting definition ?
Hello,
Thank you for your reply,
Here is the line we are adding in the following class:
public class AppSettingProvider : SettingProvider
new SettingDefinition(TimeFormat.TimeFormatSettingName, ConfigurationManager.AppSettings[TimeFormat.TimeFormatSettingName] ?? "12 Hour", scopes: SettingScopes.User)
and here is the full code section:
public class AppSettingProvider : SettingProvider
{
public override IEnumerable<SettingDefinition> GetSettingDefinitions(SettingDefinitionProviderContext context)
{
var defaultPasswordComplexitySetting = new PasswordComplexitySetting
{
MinLength = 6,
MaxLength = 10,
UseNumbers = true,
UseUpperCaseLetters = false,
UseLowerCaseLetters = true,
UsePunctuations = false,
};
return new[]
{
//Host settings
new SettingDefinition(AppSettings.General.WebSiteRootAddress, "http://localhost:6240/"),
new SettingDefinition(AppSettings.TenantManagement.AllowSelfRegistration,ConfigurationManager.AppSettings[AppSettings.TenantManagement.UseCaptchaOnRegistration] ?? "true"),
new SettingDefinition(AppSettings.TenantManagement.IsNewRegisteredTenantActiveByDefault,ConfigurationManager.AppSettings[AppSettings.TenantManagement.IsNewRegisteredTenantActiveByDefault] ??"false"),
new SettingDefinition(AppSettings.TenantManagement.UseCaptchaOnRegistration,ConfigurationManager.AppSettings[AppSettings.TenantManagement.UseCaptchaOnRegistration] ?? "true"),
new SettingDefinition(AppSettings.TenantManagement.DefaultEdition,ConfigurationManager.AppSettings[AppSettings.TenantManagement.DefaultEdition] ?? ""),
new SettingDefinition(AppSettings.Security.PasswordComplexity, defaultPasswordComplexitySetting.ToJsonString(),scopes: SettingScopes.Application | SettingScopes.Tenant),
//Tenant settings
new SettingDefinition(AppSettings.UserManagement.AllowSelfRegistration, ConfigurationManager.AppSettings[AppSettings.UserManagement.UseCaptchaOnRegistration] ?? "true", scopes: SettingScopes.Tenant),
new SettingDefinition(AppSettings.UserManagement.IsNewRegisteredUserActiveByDefault, ConfigurationManager.AppSettings[AppSettings.UserManagement.IsNewRegisteredUserActiveByDefault] ?? "false", scopes: SettingScopes.Tenant),
new SettingDefinition(AppSettings.UserManagement.UseCaptchaOnRegistration, ConfigurationManager.AppSettings[AppSettings.UserManagement.UseCaptchaOnRegistration] ?? "true", scopes: SettingScopes.Tenant),
//User Settings
new SettingDefinition(DateFormat.DateFormatSettingName, ConfigurationManager.AppSettings[DateFormat.DateFormatSettingName] ?? "European", scopes: SettingScopes.User),
new SettingDefinition(TimeFormat.TimeFormatSettingName, ConfigurationManager.AppSettings[TimeFormat.TimeFormatSettingName] ?? "12 Hour", scopes: SettingScopes.User)
};
}
}
<cite>ismcagdas: </cite> Hi,
We haven't got such an error before. It might be because of referencing different versions of same dll in different projects in your solution.
Can you share your custom repository, domain service and app service methods ? So, we can try to catch same exception.
Thank you for your reply, Actually we thought first that this might be due to different DLL versions, yet the problem was resolved by rewriting the Domain and Application service classes following step by step the guide.
Thank you for your help, much appreciated. Moe