Hello Ismail,
We are using ASP net Zero template version "10.3.0"
As a part of Security Penetration Test, we ran the application in OWASP ZAP 2.12.0 tool. This tool give us some alerts regarding security headers and cookies.
We applied all required headers through backend ASP.NET application. Followed Link =>https://support.aspnetzero.com/QA/Questions/8144/How-to-add-a-custom-HTTP-response-header-in-AspNet-Zero All required security headers are applied to backend API application successfully. Even we applied same headers through angular web.config as well.
But when we ran the application in OWASP ZAP 2.12.0 , it is showing same header alerts We have **separate deployments for Front end and back end application. **
To ensure this, we deployed plain vanilla ASP net zero template version (10.3.0 ) to Azure. [ Separate UI and API deployment] We ran this website in OWASP ZAP 2.12.0 tool. We are receiving same alerts for this as well as like our client application.
Can you please help us to resolve UI alerts?
Please find attached screenshots for header alerts
In both screenshots you can see same numbers of Alerts . Can you please guide us to get rid of these security alerts.
Ismail,
I have written following code . So here I set Access token ExpireInSeconds property assigned to RefreshTokenExpiration value which is 365 days.
var accessToken = CreateAccessToken(await CreateJwtClaims(loginResult.Identity, loginResult.User, refreshTokenKey: refreshToken.key),new TimeSpan(365,1,1,1));
return new AuthenticateResultModel
{
AccessToken = accessToken,
ExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
RefreshToken = refreshToken.token,
RefreshTokenExpireInSeconds = (int)_configuration.RefreshTokenExpiration.TotalSeconds,
EncryptedAccessToken = GetEncryptedAccessToken(accessToken),
TwoFactorRememberClientToken = twoFactorRememberClientToken,
UserId = loginResult.User.Id,
TenantId = loginResult.Tenant?.Id,
ReturnUrl = returnUrl,
};
Looks like AbpAuthorize is not validating this access token validity . can you pl confirm.
[AbpAuthorize] public async Task<LeadOpportunityDetailDto> GetOpportunityDetail(string OpportunityId)
hi Ismail,
Reopened this ticket again
We created a method which generates static token which is valid for 365 days by passign expiration time But, we can't use this token more than a day It is throwing error "Current user did not login to the application"
Can you please help me to resolve this issue?
Token error =>
Token Expiry date screenshot =>
Hi Ismail,
We are not getting token on negotiate In console, we are getting following
{negotiateVersion: 1, connectionId: "Ic0sCKP4k62GO0M2RBGwzQ",…} availableTransports: [{transport: "WebSockets", transferFormats: ["Text", "Binary"]},…] connectionId: "Ic0sCKP4k62GO0M2RBGwzQ" connectionToken: "tAcU-HSIIsCKWJSCozbpkQ" negotiateVersion: 1
Hello Ismail,
We have a client application build in ASP Net Zero framework version 10.1.0. We enabled built in chat functionality for one-to-one chat. After deploying the application on Azure , we are facing multiple signalR issues related with WebSocket , Jobprogress endpoint. I referred similar threads on this issue and according that we enabled ARR Affinity cookie as well but, still showing same errors. Most of the time due this continuous handshaking happening in background, our application becomes unresponsive intermittently.
main-es2015.f789065ca8e199479b03.js:1 WebSocket connection to 'wss://devmovescoutproapi.sirva.com//jobprogress?id=c-UH3K9W7oSaPPIJoC_MoQ' failed: 2023-03-17T06:05:53.384Z] Error: Failed to start the transport 'WebSockets': Error: There was an error with the transport.
Can you please suggest any workaround on this
Application Errors =>
ARR affinity cookie
Thank you @ismcagdas. Let us try this approach and we will let you know.
Hello ,
We are working with an aspnetzero MVC/jQuery project with aspnetzero version 6.9. We have implemented basic chat functionality.
Following functionality is working fine where Chat icon is located next to user's profile image on top right corner of the page. The number in the red circle shows total unread chat message count.
When user clicks this icon, chat panel appears on the right of page.
Next Requirement:
• Proper documentation for implementing group chat.
• User can add new friends to a group by clicking the add person button which shown as a red mark in the figure.
How should be the DB Table structure: • For saving chat messages • For maintaining the group
what existing interface/service can we extend to achieve the above ? Please advise. Thanks
Hi we are having with signalR on the multi-instance production environment from error it seems like it get connected some times. but we not able to find exact issue and how to resolve this
It gets when we are using single instance but doesnot seem to be working for multiinstance
we are using default signalR provided by framework
Hi we are having with signalR on the multi-instance production environment from error it seems like it get connected some times. but we not able to find exact issue and how to resolve this