Activities of "EngincanV"

Hi @SouravParia, we have a sample project named StoredProcedureDemo, maybe you can check AppUserRepository.cs in this sample project.

• In the sample project there is not any parameter passed to the stored procedure and you can update the related part like below.

using (var command = CreateCommand("<your_stored_procedure_name>", CommandType.StoredProcedure, new SqlParameter[] { /* your parameters: E.g. new SqlParameter("id", id) */ }))
{
    //your logic...
}

Configure<AbpAntiForgeryOptions>(options =>
{
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests
});

After I've configured the AbpAntiForgeryOptions as above, I could not send a successful GET request to my endpoints unless I provide a RequestVerificationToken header.

But if there is an interceptor and passes a RequestVerificationToken on behalf of me, I can successfully make a GET request as follow. (And we do it on Swagger UI)

So can you try to navigate the URL of one of your GET requests on the browser? I am not sure but "burpsuite" might be intercepting the request and passing the RequestVerificationToken automatically (maybe you can check the header that it passed).

Hi @Anjaneyulu, you're not sending requests via Swagger right?

Then you can create a middleware as below and get the generated cookie and pass it to the RequestVerificationToken header.

P.S. If your GET requests don't change the state (and it shouldn't in most cases), you don't need to add anti-forgery token validation, in my opinion.

public class SetRequestVerificationHeaderMiddleware
{
    private readonly RequestDelegate _next;
    private readonly IAbpAntiForgeryManager _abpAntiForgeryManager;

    public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAbpAntiForgeryManager abpAntiForgeryManager)
    {
        _next = next;
        _abpAntiForgeryManager = abpAntiForgeryManager;
    }

    public async Task Invoke(HttpContext context)
    {
        if (HttpMethods.IsGet(context.Request.Method))
        {
           var antiForgeryToken = await _abpAntiForgeryManager.GenerateToken();
           context.Request.Headers["RequestVerificationToken"] = antiForgeryToken;
        }
        
        await _next(context);
    }
}

//use middleware
app.UseMiddleware<SetRequestVerificationHeaderMiddleware>();

When you enabled auto validation for GET requests, you need to pass the RequestVerificationToken header with your requests. Unless you'll get an HTTP 400 error. But if you're making your requests via Swagger you won't get that error because a request verification token is set on behalf of you in every request. (https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js#L25-L29)

So try to send a request to one of your services via Postman or simply using a browser, you'll get the following error.

You can generate and set the cookie for your requests, useIAbpAntiForgeryManager.SetCookie() method.

I am closing the question since your problem seems resolved with this issue. Thanks @jhsanc

Hi @AlderCove, CMS Kit module does not support module entity extension for now. I've created an issue for it (#11525).

Is the list above the exhaustive list of modules that do support the feature?

In addition to this list, there is also ConfigureTenantManagement.

Hi @Anjaneyulu, I think you don't need to create a manual Anti Forgery Token Middleware. Instead, you can define AbpAntiForgeryOptions to enable auto validation for GET requests.

Configure<AbpAntiForgeryOptions>(options =>
{
    //By default only POST requests auto validate anti forgery tokens.
    //In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored.
    
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests
    
});

See CSRF Anti Forgery documentation for more information

Hi @zhongfang, you can update your UseAbpRequestLocalization middleware (under your *.HttpApiHostModule) as follows:

//list your supported cultures
var supportedCultures = new[]
{
    new CultureInfo("zh-Hans"),
    new CultureInfo("cs"),
    new CultureInfo("en"),
    new CultureInfo("tr"),
    //...
};

app.UseAbpRequestLocalization(options =>
{
    options.DefaultRequestCulture = new RequestCulture("zh-Hans"); //set default as zh-Hans
    options.SupportedCultures = supportedCultures;
    options.SupportedUICultures = supportedCultures;
    options.RequestCultureProviders = new List<IRequestCultureProvider>
    {
        // there are three culture providers
        new QueryStringRequestCultureProvider(),
        new CookieRequestCultureProvider(),
        new AcceptLanguageHeaderRequestCultureProvider()
    };
});

https://github.com/abpframework/abp/issues/2775 https://docs.microsoft.com/en-us/aspnet/core/fundamentals/localization?view=aspnetcore-6.0#localization-middleware

Volo.Filemanagement can't build on linux system, because the path is badly formed

Hi @brike.kuo@authme.com, this was a well-known problem and we've fixed it in the v5.1.3. So, please update your CLI version to v5.1.3 it will fix your problem.

dotnet tool update -g Volo.Abp.Cli

Can you open a new question for your second issue? Because it's hard to keep track of more than one issue in a question. Also in a separate question, your problem can be solved more quickly.