Activities of "auxo-devsu"
- ABP Framework version: v8.1.0
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): tiered
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hi,
I'm replacing ABP's AuthServer with Auth0. I can authenticate users on Auth0, but that's the easiest part. To make things easier, I'm tackling one problem at a time. Please, note that I have looked at the docs and I didn't find anything pointing me in the right direction.
**I want to log into Admin Web Portal using my Auth0 user **
I have successfully configured the authentication to switch from Auth0 to Auth Server - both can authenticate, but only Auth Server authorises users.
**My questions are: **
- How do I let the authenticated user see the links and menus post-authentication?
- How do I ensure that ICurrentTenant has the correct tenant post-login?
- How do I ensure that CurrentUser.IsAuthenticated gets updated correctly? I can see that HttpContext.User.IsAuthenticated is equals true, but CurrentUser.IsAuthenticated is always false.
Thanks in advance.
- ABP Framework version: v8.0.0
- UI Type: Angular / MVC / Blazor WASM / Blazor Server
- Database System: EF Core (SQL Server)
I'm struggling to get around how to manage permissions, permissions no longer used and permissions per role.
- I would like to delete the permission groups above. What are the options I have for doing that?
- I would like to define the permissions of a given role. What are the options I have for doing that?
- How do I ensure that new tenants being created always get the latest set of default permissions for the application?
- Can I disable the out-of-the-box admin role?
Thanks!
- ABP Framework version: v8.0.0
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): separated
Hi,
Over the last 11 months, we've been using ABP, and we are happy about it. However, I have been ignoring some key security alerts emitted by GitHub Dependabot and I'd like to know if the ABP team is currently using something along the lines and, also, when there will be an update to the following vulnerabilities:
HIGH
- uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) via IPv4-mapped IPv6 addresses.
- @volo/account@8.0.0 requires uppy@^1.16.1 via @abp/uppy@8.0.0.
- Patched version is 2.3.3
- This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
- @volo/abp.aspnetcore.mvc.ui.theme.leptonx@3.0.0 requires glob-parent@^3.1.0 via a transitive dependency on chokidar@2.1.8 @volo/account@8.0.0 requires glob-parent@^3.1.0 via a transitive dependency on chokidar@2.1.8 @volo/abp.aspnetcore.mvc.ui.theme.leptonx@3.0.0 requires glob-parent@^3.1.0 via a transitive dependency on glob-stream@6.1.0 @volo/account@8.0.0 requires glob-parent@^3.1.0 via a transitive dependency on glob-stream@6.1.0
- Patched version is 5.1.2
MEDIUM
- ReDoS in Sec-Websocket-Protocol header - A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server.
- @volo/account@8.0.0 requires ws@~6.1.0 via a transitive dependency on engine.io-client@3.3.3
- The earliest fixed version is 6.2.2.
LOW
- sweetalert2 v11.6.14 and above contains potentially undesirable behavior - sweetalert2 versions 11.6.14 and above have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme
Please, let me know how I can ensure my apps are up-to-date and compliant with the latest security standards. Thanks!
- ABP Framework version: v8.0.0
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): Tiered
- Exception message and full stack trace:
- Steps to reproduce the issue:
I'm using background jobs to perform certain tasks. One of them is to create tenants based on our requirements.
The issue I'm dealing with is authorising my processes to use **IEditionAppService **and ITenantAppService, which require certain policies ("Saas.Editions" and "Saas.Tenants")
Given that my process is initiated in the background, obviously it is not authenticated when trying to call those endpoints resulting in Abp Auth Exception.
Question: What's the best way for me to bypass the need for authorisation on those services or for me to call them as if they could "allow anonymous"? Using context.Services.AddAlwaysAllowAuthorization(); is not an option unless we could do it just in the context of the background jobs.
If possible, provide me with examples on how I can elevate the privileges of my background processes to run as 'admin'.
Thanks!
- ABP Framework version: v8.0.0
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server separated
Hi,
Where does ABP store Tenant Feature Settings & Edition Feature Settings?
I'm considering adding some defaults as part of the EF Migration.
Thanks
- ABP Framework version: v8.0.0
- UI Type: MVC / Blazor WASM / Blazor Server
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): tiered, auth server separated
Hi,
I'm having a hard time trying to migrate to .NET 8 using the tutorials on the ABP from the website such as https://docs.abp.io/en/abp/8.0/Migration-Guides/Abp-8_0 and https://blog.abp.io/abp/announcing-abp-8-0-release-candidate
I noticed there are no v8.0.0 (not even in the release candidate versions) for the packages 'Volo.Abp.Account.Pro.*. Are they in the process of being migrated to .NET8? What to do with them in the meantime?
Thanks
- ABP Framework version: v7.0.0
- UI Type: MVC
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
- Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server separated (modular approach)
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hi,
We are running a multi-tenanted solution using ABP Commercial, and we are considering replacing the Auth Server module with a third-party Identity Management Platform such as Auth0.
I read something about the use of external logins on the Auth Server, but I would like to have an actual single sign-on solution and let a single identity potentially have access to multiple tenants, as that's something very common in our industry.
Could you please give me some instructions on what things I should do and consider to make this happen?
Thanks!