Activities of "dmeagor"

• ABP Framework version: v5.3.0
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

When we do a restart of our production server, sometimes RabbitMq has not yet started, causing the application to never start. I'm not sure if this is something which should be handled in the abp code?

Volo.Abp.AbpInitializationException: An error occurred during the initialize Volo.Abp.Modularity.OnApplicationInitializationModuleLifecycleContributor phase of the module Volo.Abp.EventBus.Rebus.AbpEventBusRebusModule, Volo.Abp.EventBus.Rebus, Version=5.3.0.0, Culture=neutral, PublicKeyToken=null: An exception was thrown while activating λ:Rebus.Internals.ServiceCollectionBusDisposalFacility -> λ:Rebus.Bus.IBus -> λ:Rebus.Config.IBusStarter.. See the inner exception for details.
 ---> Autofac.Core.DependencyResolutionException: An exception was thrown while activating λ:Rebus.Internals.ServiceCollectionBusDisposalFacility -> λ:Rebus.Bus.IBus -> λ:Rebus.Config.IBusStarter.
 ---> Rebus.Injection.ResolutionException: Could not resolve Rebus.Bus.IBus with decorator depth 0 - registrations: Rebus.Injection.Injectionist+Handler
 ---> RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
 ---> System.AggregateException: One or more errors occurred. (Connection failed)
 ---> RabbitMQ.Client.Exceptions.ConnectFailureException: Connection failed
 ---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.

• ABP Framework version: v5.2.1
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

When trying to login into an account with Google SSO, when there's an existing email address in the system, it doesn't log in and instead is redirected to the register page.

This is related to this issue: https://support.abp.io/QA/Questions/2852/SSO-requires-the-user-to-register-using-the-login-page

I have opened this ticket on behalf of my developer who still cannot add tickets to this system. More screenshots will follow.

• ABP Framework version: latest
• UI type: identity server MVC

Abp's SSO implementation is completely broken and requires users to register using the login page. Existing users cannot login by SSO at all. Its a bug that I reported over a year ago and exists on your own website. There isn't even an SSO option on the register page. It is essentially unusable in its current form.

Standard SSO flow would be as below. Do you intend to fix this any time soon, if not how can I do this myself?

SSO authenticated

• single user email exists
  • Login to matching account
• multiple user emails exist
  • display tenant selector and login.
• email does not exist
  • Register new account

Example.

• ABP Framework version: v5.11
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

To allow our users to close their accounts properly, I set the tenant activation state to Passive, then try to sign them out with OAuthService.logOut, but get the following view. All pages in the identity server MVC show this message until the cookie expires.

ABP Framework version: 5.1.1 User Interface: Angular database provider: EF Core

When using the IdentityUserController and MaxUserCount has been set, the tenant is at the maximum number of users. Updating the details of an existing user is not possible.

If there a way to bypass this quickly?

Thanks in advance :)

[INF] Route matched with {area = "identity", controller = "User", action = "Update", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Identity.IdentityUserDto] UpdateAsync(System.Guid, Volo.Abp.Identity.IdentityUserUpdateDto) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi). 

[WRN] ---------- RemoteServiceErrorInfo ---------- 

Reached maximum allowed user count! This tenant is allowed to have a maximum of 3 users. 

[WRN] Exception of type 'Volo.Abp.BusinessException' was thrown.

  Volo.Abp.BusinessException: Exception of type 'Volo.Abp.BusinessException' was thrown
  . at Volo.Abp.Identity.MaxUserCountValidator.CheckMaxUserCountAsync()
   at Volo.Abp.Identity.MaxUserCountValidator.ValidateAsync(UserManager1 manager, IdentityUser user)
at Microsoft.AspNetCore.Identity.UserManager1.ValidateUserAsync(TUser user)
 at Microsoft.AspNetCore.Identity.UserManager1.UpdateUserAsync(TUser user)

• ABP Framework version: Any
• UI type: Any
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): Any

I have previously reported this as a bug here. https://github.com/abpframework/abp/issues/9467

ABP EFCore migrations are currently running N+1 loops with the tenant seeding without recreating the dbContext instance for each loop. This is against microsoft's EFCore guidence and causes severe slowdowns after a few hundred tenants. I believe this is due to change tracking.

This seems fairly simple to fix but it's not something we can do here. Possible fixes are.

• Don't do long iterations. Pull out permissions etc. in one query. Looking at PermissionDataSeeder.cs this seems like a quick change.
• Recreate the dbContext object inside of the loop for each iteration ( each tenant )
• Turn off change tracking for the dbContext instance or specific queries.

The quick fixes seem to be disabling change tracking or recreating the dbContext on each tenant loop. I also think pulling out the permissions in bulk rather than one at a time would make a big difference.

For our number of users is it entirelly impossible to migrate the database seeding (structural changes are fast though.)

I submitted this to github and to bugs and issues and got no response, just closed as stale.

We're working on a project now which will be released in the next few months and we're wondering if any of the following are planned for the commercial product.

v4.4

Subscription system & payment integration for the SaaS module.

How will this work. We use Chargebee for recurring billing. Will we be able to create plugins for the main subscription invoicing systems (Chargebee, Recurly, Chargify, Stripe Billing)? It would be great if we could have our tenants edition switch to the matching Chargebee subscription plan when they order, cancel, expire. It would be good to tie in the Chargebee dunning process to your system so that users could be alerted that their card has failed when the login.

Tenant impersonation for the SaaS module. / Custom management

How does all of this fit together as a customer management system? Currently the tenant search is near useless as it doesn't appear to search by other fields (tenant user email, billing reference etc.)

This is important as our customer service agents need to quicly access someones account with we receive a support request or worse a Terms of service abuse report. They will not have tenant id and will need to bring up a list of tenants connected to an email address or some other field. Ideally this would include custom search function we could create.

Unchangable Default Roles for Tenants

If I understand correctly roles and permissions are created at the tenant level. If this is the case then I'm not sure how to practically use the roles feature as when we add new features our application we would have to choose between leaving them inactive for all users until enabled (really bad) or manually adding them to every role in every tenant(very, very bad as we don't know what the roles were created for, they might be read only or something like that.) We're not sure what to do about this as we role out new functionality every month or so and 99.9% of our customers would simply want it enabled by default.

I think the option to add Default / template tenant roles which cannot be edited except by the host would be highly desirable.

Please add roadmap/ discussions sticky to this forum for ideas etc.

It would be good to hear others opinions on the roadmap.

Not sure if you have a place for feature requests but I think your commercial package would benefit from a built in GDPR/data privacy feature for scheduling old data to be deleted from the admin UI (both at the host level and at the tenant level.) This would nicely complement the audit feature as something most businesses need.

• ABP Framework version: 4.2
• UI type: Blazor
• DB provider: EF Core
• Tiered (MVC) or Identity Server Seperated (Angular): yes

Aim

Import and consolidate the approx 250,000 users, from two different services (each has it's own server and database) into a new Tiered ABP solution.

Background

Our existing systems contain tables for Users and Organisations. Not all users are assigned to an organisation.

We aim to create Tenants for each user (single database multi-tenant model) based on either their organistion or individual User account if they are not part of an organisation. We are expecting to force users to reconfirm their accounts and generate new passwords (i've seen the article on passwordless logins which might help here.)

Question

Where are the methods to manage tenants, users, orgs?

Add tenants by code: Is it possible to create new tenants, users, organisations by code? If so can you please provide snippit of code that would create a new Tenant, Organisation, and Saas Users without triggering user welcome emails, and email validation etc. I want the validation to happen when they login, and not when we import. I know it's based on the ms identity/Signinmanager/IdS stuff but I've no idea how this all ties in with the Abp tenant/org/2fa code.

Delete old tenants (GDPR) Is there a proper way to delete tenants or do we have to hard code sql?

If you think this is the wrong approach and have a better idea then please let me know. We would consider SQL but the plan was for the Abp/Identity Server solution to run in a separate datacenter.

BTW. The identity docs are little more than headings and screenshots of the UI (you should just put this info into the UI itself!) Also are there .net API docs for your repositories, methods etc? I thought I saw some once but can't seem to find any now.

• ABP Framework version: 4.1.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Seperated (Angular): yes

Our ABP Angular tiered solution needs to integrate with an older .net framework MVC solution running separately.

This is the old Jwt code we use.

// from owinconfig.cs
public void ConfigureOpenAuth(IAppBuilder app)
{
//
    app.UseJwtBearerAuthentication(
        new JwtBearerAuthenticationOptions
        {
            AuthenticationMode = AuthenticationMode.Active,
            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidAudience = ConfigurationManager.AppSettings["JwtAudience"],
                ValidIssuer = ConfigurationManager.AppSettings["JwtIssuer"],
                IssuerSigningKey = ConfigurationManager.AppSettings["JwtSecurityKey"].ToSymmetricSecurityKey(),
                ValidateLifetime = true,
                ValidateIssuerSigningKey = true
            }
        });
}

//from JwtExtensions.cs
public static class SecurityExtensions
    public static SigningCredentials ToIdentitySigningCredentials(this string jwtSecret)
    {
        var symmetricKey = jwtSecret.ToSymmetricSecurityKey();
        var signingCredentials = new SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256);

        return signingCredentials;
    }

    public static SymmetricSecurityKey ToSymmetricSecurityKey(this string jwtSecret)
    {
        return new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSecret));
    }


}

edit: ive figured i need to generate a new rsa cert somehow as its using developer mode which isnt recommended for prod.

from what ive been reading the identityserver4 jwt packages are now incompatible with .net framework.

are you share some example code for processing the Jwt token on .net framework. (currently 4.6.x but can update if needed?). im not interested in the user table stuff, just getting the claims. is there anything in the old abpboilerplate code that might work?