Thanks @ismcagdas !
I wasn't aware of those capabilities. That's awesome.
Learning something new in ABP / ANZ! -Brian
Hi @shedspotter,
If you are running your application locally or using just a single instance/service/server, you can access that Logs.txt file through the HOST Administration interface, under Administration > Maintenance (WebLogs tab)
-Brian
Hi @RenuSolutions,
SMTP settings aren't configured in a file. These are settings configured through the User Interface
Here is the ANZ documentation: https://docs.aspnetzero.com/en/common/v11.2.0/Features-Angular-Host-Settings#email
Once you have those settings configured, there should be a "Test Email" capability at the bottom of that Administration > Settings page. Once you have a valid test email sent and delivered, that should be confirmation that your environment is now configured to create a new Tenant.
Cheers, -Brian
Hi @RenuSolutions,
Thank you very much. The error is stated in that application log snippet.
Within the Tenant provisioning endpoint, the code attempts to send the activation email to the admin
user.
It appears that email sending is failing, and there isn't anything that is catching that Exception within the endpoint.
As a result, the UnitOfWork is failing / cancelling, and the endpoint is returning a 500 Internal Server Error response to the browers:
If you are running the applicaiton locally, go to this line in your TenantAppService and put a breakpoint there, and then if you step through the code execution, you'll see the exception occurring.
AnyCollect.Application\MultiTenancy\TenantAppService.cs:line 59
Do you have your SMTP email configured in this instance?
-Brian
Hi @kansoftware,
This is an interesting problem.
I'm just offering some thoughts here.
If you are open to manual intervention in the backend, you could login to the HOST, click on Tenants. Then for the Tenant, click Actions > Edit, and extend their subscription end date, so that they can log back in to renew their subscription. You could also set them in a Trial period if that would help at all.
I don't think there is a way to force their tenancy to accept user logins, but only allow access to the Renew / Upgrade interface.
I hope that helps, -Brian
Hi @RenuSolutions,
Have you done anything with your logging configuration? Is this a local environment or is this a deployed environment running on a hosting provider?
If this is running locally or a single node/server deployed on a hosting provider, you should be able to get your web logs, under the Administration menu.
If you click on Administration > Maintenance, that page should show you 2 tabs, 1 for Caches and another for Web Site Logs
If you click on the Web Site Logs tab, there should be a button to "Download All"
I would start there to see what the server-side logging states. If you can find a section of log statements that corresponds to the time that you produce that error, post it here and I'll see if I can identify anything that might help.
Cheers! -Brian
In performing a security audit of an application I manage, I observed that in the AbpUserConfiguration/GetAll
endpoint, in the response json, under "setting.values", all of the application settings are returned. In reviewing the custom AppSettings that I have added to this platform, there are several that I do not want returned to any public / anonymous external client. Additionally, I have some settings that I do not want returned to authorized / authenticated clients either. These settings are strictly accessible under the Administration UI for setting management, which are then used only server-side for processing and execution.
As an idea, I was thinking either in the AppSettings
or in SettingDefinition
, adding the ability to add an authorization boundary, similar to MultiTenancySides, and then a set of optional required permissions.
The authorization boundary would drive AbpUserConfiguration
for retrieving settings, and would only return those settings that were appropriately defined (or attributed).
So when loading the login page, I would only load those settings that were made available to anonymous visitors.
Then when loading an authenticated page, I would only load those settings that were available anonymous and authorized visitors, and that matched the current user's permissions set.
I do recognize for AbpUserConfiguration
that I can define my own Controller to customize this behavior. That being said, I thought that this could be a valuable feature to include in the base ABP or ANZ frameworks.
Thoughts?
Thanks! -Brian
Thank you @ismcagdas.
Unfortunately, I was working with a newly generated v11.2.0 project for my test.
I will pull the latest source code of ABP 7.3.0 and see if there is a way to step through the Castle registration process and why the Abp.AspNetCore.Configuration.AbpAspNetCoreConfiguration
service might not be registered
Hi @ismcagdas,
The main thought behind this is for the publicly available endpoints (AllowAnonymous). For methods like TokenAuthController.Authenticate or AccountAppService.IsTenantAvailable, I think it's a reasonable consideration to want to rate-limit these endpoints.
Obviously there can be preventative measures in-place for upstream networking & security devices and rules, such as an Azure Application Gateway WAF, to implement DDoS attack prevention.
The "AspNetCoreRateLimit" project can work. I was hoping more for an Attribute-driven approach, similar to [AbpAuthorize] or [RequireFeature]. Additionally, I wasn't sure how this projects implementation of the IDistributedCache interface vs Abp's CacheManager would potentially conflict.
Thanks! -Brian
Hi @Astech,
The "UserFriendlyException" class and exception modal that you are showing in your code snippet and screenshot are generic, so in order to implement something like this you would need to provide a custom implementation.
An easy way to do this would be to define your own custom exception class, such as UserCountMaximumReachedException
.
Then in your UI code, you would need to modify the http-interceptor
behavior.
I'm not sure if this implementation has changed since the version I'm working with, but in my Angular typescript code, there are classes under MyProject.Web.Host > src > shared > common > interceptors.
You can breakpoint this code while developing locally to see how it works, and to see how you could potentially handle a custom response in the Angular UI to your custom Exception class.
I hope that helps! -Brian