I wrote a nice website using Abp 1.0. Since I was only focusing on it at the time, my solution has the usual layout:
SLN Application (IDomainService, IApplicationService) Core (Entity) EntityFramework (AbpDbContext, IRepository) Web Api
Now I have a new project - a Windows Service - that uses the same database. Hence, I could reuse Core and EntityFramework, however I don't need Abp for a Window Service. Therefore, the exact same entities and dbContext can't be shared.
Also, both Web and Windows Service have similar services but in the latter I don't have IDomainService/DomainService or IApplicationService.
I'd like to have neutral projects that implement Core without Entity, EntityFramework using the regular DbContext, my own Install code that registers with Castle Windsor and common Services that don't need to inherit from DomainService.
I know that sound like I should just dump Abp from the web, however Abp makes working with Angular really nice. I just want to include my neutral Core, EntityFramework and Service projects (and register them with Castle Windsor using plain Castle instead of Abp's wrappers) in the Web and also use them in my Windows Service.
I've read all the Abp documentation and still don't know how to do this.
According to [https://www.codeproject.com/tips/826753/removing-sharp-from-url-in-angularjs]), we can get rid of the # from our routes.
I need this to happen because my corporate authentication system removes everything after a # so the call back to my site can't deep link.
The tip on codeproject doesn't seem to work with Abp. I'm using Abp 1.0.0.0. What is your way to make this happen?
I'm using vanilla Abp and am trying to secure my public AppService methods. The PermissionChecker I defined is getting ignored.
I have a couple of permissions defined
public class MyAuthorizationProvider : AuthorizationProvider
{
public override void SetPermissions(IPermissionDefinitionContext context)
{
context.CreatePermission("CurrentState");
context.CreatePermission("UpdateState");
}
}
In PreInitialize() of my AppService module, I add it to the configuration
Configuration.Authorization.Providers.Add<MyAuthorizationProvider>();
I implemented IPermissionChecker
public class PermissionsChecker : IPermissionChecker, ITransientDependency
{
public Task<bool> IsGrantedAsync(string permissionName)
{
return CheckAccess(permissionName);
}
public Task<bool> IsGrantedAsync(UserIdentifier user, string permissionName)
{
return CheckAccess(permissionName);
}
}
and put AbpAuthorize attribute on an AppService method
[AbpAuthorize("CurrentState")]
public CurrentState GetCurrentState(int Id)
{
// do stuff
}
Neither IsGrantedAsync methods get called. The method just executes. (AbpSession.UserId is correctly set via the NameIdentifier claim.) I've looked over the guide <a class="postlink" href="http://aspnetboilerplate.com/Pages/Documents/Authorization">http://aspnetboilerplate.com/Pages/Docu ... horization</a> but can't see what I'm missing.
In my company, all on premises web servers are behind a web-based authenticator (web single sign on). Once signed on, my request header comes with my employee id. e.g. var userid = HttpContext.Current.Request.Headers['employeeid']. If the header exists and is not blank, that means authentication is successful.
How do I inform AbpZero that authentication is complete and to find my userid in the headers, and also thereby to not display the login page?
I have a class that isn't an ApplicationService but still needs to use one of my repositories. I can't have a constructor so I figured to use manual resolving.
public class Q : ISingletonDependency
{
public IThingRepository thingRepository { get; set; }
public Q()
{
this.thingRepository = IocManager.Instance.Resolve<IThingRepository>();
}
[UnitOfWork]
public List<Thing> GetDbThings(List<Thing> claims, long uid)
{
// look up more things in the database
var thingQ = from t in thingRepository.GetAll()
where t.UserID == uid
select new UOR { ...properties... };
foreach (var t in thingQ)
{
// do things with t
}
return newlistofthings;
}
}
The problem is that when I use thingRepository, I get the following exception:
The operation cannot be completed because the DbContext has been disposed
There must be something simple I'm missing?
Recently, I started over with the ABP project generator in order to excise ABPZero from my solution. I created a brand new solution and added all my files back. Something went wrong and now my repositories won't work because of the following runtime error. What does it mean?
An unhandled exception of type 'Castle.MicroKernel.ComponentNotFoundException' occurred in Castle.Windsor.dll
Additional information: No component for supporting the service Scorecard.EntityFramework.ScorecardDbContext was found
In Global.asax, I create a name claim and set it to the Thread and HttpContext principals.
Before leaving BeginRequest, I confirm that p.Identity is a ClaimsIdentitythat has Name = "45678" and IsAuthenticated=true.
protected override void Application_BeginRequest(object sender, EventArgs e)
{
SetupPrincipal();
base.Application_BeginRequest(sender, e);
}
private static void SetupPrincipal()
{
var uid = HttpContext.Current.Request.Headers["userid"];
if (uid == null) uid = "45678";
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, uid)
};
var id = new ClaimsIdentity(claims, "wsso");
var p = new ClaimsPrincipal(id);
Thread.CurrentPrincipal = p;
HttpContext.Current.User = p;
}
Then I have my custom AbpSession that DI creates after BeginRequest. When I access the UserId:
public long? UserId
{
get
{
var cp = ClaimsPrincipal.Current;
return 12345; // TODO how to get this from cookie!
}
}
ClaimsPrincipal.Current.Identities
is of WindowsIdentityand Name="" and IsAuthenticated=false. The claims collection is empty.
Why did APB destroy my Principal? How am I supposed to feed my user id into AbpSession?
The documentation [http://aspnetboilerplate.com/Pages/Documents/Abp-Session]) says I can implement my own AbpSession but it doesn't say how to register it.
As a side note, I need to retrieve the authenticated user id which is in a cookie. Is the session the right place to do this?
I implemented it like this
public class AbpSession : IAbpSession
{
public Abp.MultiTenancy.MultiTenancySides MultiTenancySide
{
get { return Abp.MultiTenancy.MultiTenancySides.Host; }
}
public int? TenantId
{
get { return 1; }
}
public long? UserId
{
get
{
return 12345; // TODO how to get this from cookie!
}
}
}
but now when I inject IAbpSession in an ApplicationService, an error is thrown; part of which is pasted below.
"innerException":{"message":"An error has occurred.","exceptionMessage":"Can't create component 'Scorecard.UserDomain.UserApplicationService' as it has dependencies to be satisfied.\r\n\r\n'Scorecard.UserDomain.UserApplicationService' is waiting for the following dependencies:\r\n- Service <span style="color:#FF0080">'Abp.Runtime.Session.IAbpSession' which was not registered</span>.\r\n",
I got the idea from reading other posts in this forum that I can provide Identity & Authorization to ABP using my own interface implementations instead of using Zero. My User and Role stuff isn't quite like what Zero wants. I see that there are two articles in ABP's documentation that hint at what I need to do but I still don't know exactly what to do. I also have the idea that if I implement the interfaces correctly, I can use ABP's declarative permissions approach on the Application Services.
One of the core problems I have with the Zero table structure is that it assumes a User has a Role. In my company, a User may belong to more than one Organization and they may not have the same role in each Org. The Zero table structure and Permission methods don't take Organization into account.
For example, this method in AbpUserManager just needs User and Permission.
public virtual async Task<bool> IsGrantedAsync(long userId, string permissionName)
A method that I need would look like this
public virtual async Task<bool> IsGrantedAsync(long userId, int organizationId, string permissionName)
To completely replace AbpZero is too much work since it does a lot and is hard to follow. I hope that implementing _just_what ABP needs will be simpler. My table structures to support User-Organization-Role already exist.
While waiting for a response, I'll watch some Pluralsight courses on ASP.NET Identity & Authorization.
I upgraded to ABP 0.6.3.1 and Zero 0.6.3.4 and now I get an HTTP 500 at userManager.LoginAsync of AccountController.cs that carries this in the Response Body:
Exception Details: System.Data.SqlClient.SqlException: Invalid column name 'AuthenticationSource'.