Activities of "MellowoodMedical"

Hello, Here are the steps that might help you to reproduce this.

1. Have settings to lock the user after x number of failed attempts.

2. Login with Invalid credentials multiple times and lock the account.

3. Once the user is locked, we can see a lock sign in the Users List

   1. 

4. Now in point 1, we configured the time for locking the user. So, wait for that amount of time and try to log in with valid credentials for the same user.

5. User will be able to login properly without any errors.

Issue: If we log in as Admin and check the user list, the lock sign will still be there for that user.

Expected: Once the User has successfully logged in after getting locked out, the "lock sign" should also be removed from the user list.

https://github.com/aspnetzero/aspnet-zero-core/issues/5135

Hi ismcagdas, Thank you for the information.

Hi @ismcagdas Using HTTPS for securing GraphQL requests is indeed an essential measure as it encrypts the data transmitted between the client and server, preventing man-in-the-middle attacks and eavesdropping. However, relying solely on HTTPS might not be sufficient for all security needs. Here are several benefits of adding payload encryption on top of HTTPS for GraphQL requests:

1. Enhanced Data Security: Payload encryption adds an additional layer of security by encrypting the specific data within the request or response. This means that even if an attacker were to breach the HTTPS layer, they would still not be able to understand the encrypted data without the decryption key.
2. End-to-End Encryption: It provides end-to-end encryption, ensuring that data is encrypted from the point it leaves the client until it is decrypted by the intended server. This is particularly important in scenarios where the data traverses through various intermediaries that might not be fully secure.
3. Protection Against Certain Attacks: While HTTPS protects against many types of attacks, encrypting the payload can offer protection against more sophisticated threats, such as side-channel attacks that might infer sensitive information from encrypted data based on its size, timing, or other attributes.
4. Compliance and Data Privacy: Certain regulations and compliance standards require that sensitive data be encrypted both in transit and at rest. Payload encryption can help meet these requirements by ensuring that sensitive data is not readable at any point during transmission, not just when it is passing through public networks.
5. Selective Encryption: Payload encryption allows for selective encryption of sensitive fields within a request or response. This means that non-sensitive information can be left unencrypted for efficiency, while sensitive data is protected.
6. Reduced Risk of Data Leaks: In case of a security breach at any point in the network infrastructure (not necessarily at the endpoints), encrypted payloads reduce the risk of data exposure since the data remains encrypted and, hence, unintelligible to unauthorized parties.
7. Confidentiality and Integrity: Payload encryption ensures the confidentiality and integrity of the data. It can also include mechanisms for authentication and non-repudiation, ensuring that the data has not been tampered with and truly comes from the purported source.

Implementing payload encryption does come with its challenges, such as the overhead of encryption and decryption, managing encryption keys, and potentially more complex application logic. However, for applications handling sensitive data or operating in high-risk environments, these benefits can significantly outweigh the costs, offering a more robust security posture than HTTPS alone.

<br>

It was a configuration issue that I tried to run the project without .net8 the first time that I downloaded and for some reason it deleted all the imports. I used the one that I downloaded initally with .net8 installed and it started to work again.

Hello It is angular 15 we are using ABP version 12

Thank you!

Hi Ismcagdas, Thank you. This will help to configure SignalR on the client side. Is there a way to access SignalR configuration from the server side while initializing a Hub?

Hi @ismcagdas, We use Angular

Hi @musa.demir, sorry for the confusion I think I wrongly typed the version, it's 5.3.0 and the picture you attached from your response is correct.

Thanks