Activities of "omkarchoudhari"
Hello ,
We are working with an aspnetzero MVC/jQuery project with aspnetzero version 6.9. We have implemented basic chat functionality.
Following functionality is working fine where Chat icon is located next to user's profile image on top right corner of the page. The number in the red circle shows total unread chat message count.
When user clicks this icon, chat panel appears on the right of page.
Next Requirement:
• Proper documentation for implementing group chat.
• User can add new friends to a group by clicking the add person button which shown as a red mark in the figure.
How should be the DB Table structure: • For saving chat messages • For maintaining the group
what existing interface/service can we extend to achieve the above ? Please advise. Thanks
Thank you @ismcagdas. Let us try this approach and we will let you know.
Hello Ismail,
We have a client application build in ASP Net Zero framework version 10.1.0. We enabled built in chat functionality for one-to-one chat. After deploying the application on Azure , we are facing multiple signalR issues related with WebSocket , Jobprogress endpoint. I referred similar threads on this issue and according that we enabled ARR Affinity cookie as well but, still showing same errors. Most of the time due this continuous handshaking happening in background, our application becomes unresponsive intermittently.
main-es2015.f789065ca8e199479b03.js:1 WebSocket connection to 'wss://devmovescoutproapi.sirva.com//jobprogress?id=c-UH3K9W7oSaPPIJoC_MoQ' failed: 2023-03-17T06:05:53.384Z] Error: Failed to start the transport 'WebSockets': Error: There was an error with the transport.
Can you please suggest any workaround on this
Application Errors =>
ARR affinity cookie
Hi Ismail,
We are not getting token on negotiate In console, we are getting following
{negotiateVersion: 1, connectionId: "Ic0sCKP4k62GO0M2RBGwzQ",…} availableTransports: [{transport: "WebSockets", transferFormats: ["Text", "Binary"]},…] connectionId: "Ic0sCKP4k62GO0M2RBGwzQ" connectionToken: "tAcU-HSIIsCKWJSCozbpkQ" negotiateVersion: 1
hi Ismail,
Reopened this ticket again
We created a method which generates static token which is valid for 365 days by passign expiration time But, we can't use this token more than a day It is throwing error "Current user did not login to the application"
Can you please help me to resolve this issue?
Token error =>
Token Expiry date screenshot =>
Ismail,
I have written following code . So here I set Access token ExpireInSeconds property assigned to RefreshTokenExpiration value which is 365 days.
var accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User, refreshTokenKey: refreshToken.key),new TimeSpan(365,1,1,1));
return new AuthenticateResultModel
{
AccessToken = accessToken,
ExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
RefreshToken = refreshToken.token,
RefreshTokenExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
TwoFactorRememberClientToken = twoFactorRememberClientToken,
UserId = loginResult.User.Id,
TenantId = loginResult.Tenant?.Id,
ReturnUrl = returnUrl,
};
Looks like AbpAuthorize is not validating this access token validity . can you pl confirm.
[AbpAuthorize] public async Task<LeadOpportunityDetailDto> GetOpportunityDetail(string OpportunityId)
Hello Ismail,
We are using ASP net Zero template version "10.3.0"
As a part of Security Penetration Test, we ran the application in OWASP ZAP 2.12.0 tool. This tool give us some alerts regarding security headers and cookies.
We applied all required headers through backend ASP.NET application. Followed Link =>https://support.aspnetzero.com/QA/Questions/8144/How-to-add-a-custom-HTTP-response-header-in-AspNet-Zero All required security headers are applied to backend API application successfully. Even we applied same headers through angular web.config as well.
But when we ran the application in OWASP ZAP 2.12.0 , it is showing same header alerts We have **separate deployments for Front end and back end application. **
To ensure this, we deployed plain vanilla ASP net zero template version (10.3.0 ) to Azure. [ Separate UI and API deployment] We ran this website in OWASP ZAP 2.12.0 tool. We are receiving same alerts for this as well as like our client application.
Can you please help us to resolve UI alerts?
Please find attached screenshots for header alerts
- ASP net Zero plain vanilla template V(10.3.0) => ASPNetZero_Template_sceurity_Test.PNG
- Our application URL => ClientApp_Security_Test.PNG
In both screenshots you can see same numbers of Alerts . Can you please guide us to get rid of these security alerts.
We initiate request to client to migrate the template to new version but, this may take some time. So, if you could share us the code to apply security headers both at Front end (Angular) and Backend (Asp Net Core) , we can integrate those piece of code in our current application
Hello ,
I am using MVC Jquery Template (Version 12.0.0) and Xamarin for Android. I have a Microsoft login button on the Android app (registered in Azure). This is a single Tenant application - only with Default Tenant. When I click on it:
it takes me to the Microsoft login page (code written in LoginViewModel.cs)
I log in with my company credentials and get redirected back to my app.
Then I set the values for my model and then a method gets called (_accountService.LoginUserMicrosoftAsync).
var myUri = new Uri(ApplicationSetting.TenantUrl, UriKind.Absolute); PCA = PublicClientApplicationBuilder.Create(ApplicationSetting.ClientID) .WithIosKeychainSecurityGroup(ApplicationSetting.TenantId) .WithAuthority(myUri) .WithRedirectUri(ApplicationSetting.RedirectUrl) .Build(); private async Task RegisterMicrosoftAsync() { try { var authResult = await PCA.AcquireTokenInteractive(ApplicationSetting.Scopes) .WithParentActivityOrWindow(App.ParentWindow) .WithUseEmbeddedWebView(true) .ExecuteAsync(); //#1. External Authentication Model _accountService.CustomExternalAuthenticateModel.UserNameOrEmailAddress = authResult.Account.Username; _accountService.CustomExternalAuthenticateModel.ProviderKey = authResult.UniqueId; _accountService.CustomExternalAuthenticateModel.ProviderAccessCode = authResult.AccessToken; //Getting All Claims From Access Token claims = authResult.ClaimsPrincipal.Claims; foreach (var claim in claims) { if (claim.Type == "iss") { _accountService.CustomExternalAuthenticateModel.AuthProvider = claim.Issuer; break; } } //#2. Authenticate Model _accountService.AbpAuthenticateModel.UserNameOrEmailAddress = authResult.Account.Username; _accountService.AbpAuthenticateModel.Password = "123qwe"; //MessagingCenter.Send<String>(authResult.Account.Username, "MicrosoftMail"); await SetBusyAsync(async () => { await _accountService.LoginUserMicrosoftAsync(); }); } catch (Exception exp) { await Application.Current.MainPage.DisplayAlert("Alert", "Invalid Login Credentials, please try again.", "Ok"); Console.WriteLine(exp.Message); } }(_accountService.LoginUserMicrosoftAsync) This method in turn calls a method (_accessTokenManager.LoginMicrosoftAsync).
public async Task LoginUserMicrosoftAsync() { await WebRequestExecuter.Execute(_accessTokenManager.LoginMicrosoftAsync, ExternalAuthenticateSucceed, ex => Task.CompletedTask); } public async Task<CustomExternalAuthenticateResultModel> LoginMicrosoftAsync() { EnsureAccessTokenProvided(); using (var client = CreateApiClient()) { if (_externalAuthenticateModel.ProviderAccessCode != null) { client.WithHeader(_multiTenancyConfig.TenantIdResolveKey, _applicationContext.CurrentTenant.TenantId).WithOAuthBearerToken(_externalAuthenticateModel.ProviderAccessCode); } var response = await client .Request(LoginUrlSegmentMicrosoft) //LoginUrlSegmentMicrosoft = "api/TokenAuth/ExternalAuthenticate" .PostJsonAsync(_externalAuthenticateModel) //externalAuthenticateModel model had exact properties like ExternalAuthenticateModel .ReceiveJson<AjaxResponse<CustomExternalAuthenticateResultModel>>(); //CustomExternalAuthenticateResultModel model has exact properties like ExternalAuthenticateResultModel if (!response.Success || response.Result == null) { ExternalAuthenticateResult = null; throw new UserFriendlyException(response.Error.Message + ": " + response.Error.Details); } ExternalAuthenticateResult = response.Result; ExternalAuthenticateResult.RefreshTokenExpireInSeconds = DateTime.Now.Add(AppConsts.RefreshTokenExpiration).Second; return ExternalAuthenticateResult; } }This method sends a request To API; in TokenAuthController (api/TokenAuth/ExternalAuthenticate).
So, when this API is hit, the method, var externalUser = await GetExternalUserInfo(model) throws an exception/errors out, saying that Unknown External Auth Provider https://login.microsoftonline.com/{Tenant Id Of different organizations}/v2.0.
I tried every setting, even by setting the Auth Provider exactly the same as I am getting (in appsettings), but it didn’t work. I tried setting AuthProvider as Microsoft also, but this is not working. If I comment var externalUser = await GetExternalUserInfo(model) method, then the login works fine (as the user is already registered.). But with this method uncommented, it always checks user info and errors out. I want functionality that when a user tries to log in through different Microsoft accounts (e.g. Outlook, hotmail, etc.), and if a user doesn't exist then it should register it.
Please help urgently. Thanks in advance.