Thank you. So how does the security of .NET 6 compare to .NET 7?
Because I've just done some research, .NET 7 has faster performance indeed, but nowhere mentions the improvement of security between 2 versions, so I assume it's pretty much the same, doesn't it?
Hi, is there any update?
I tried to put modelBuilder.UseGuidCollation(string.Empty);
in DbContextModelCreatingExtensions
instead of DbContext
and run migration, the parameter collations for newly created column are all disappeared, which is good, but it also alters current columns collation:
Because current columns use default collation, their collation parameter shouldn't be added, and surely not ascii_general_ci
.
Could you guy take a look at this?
Perfect! QA's package is a bit different but I still managed to make it work. Thank you so much.
Can you send your package.json ? https://drive.google.com/file/d/1BcqXOAeBxPdKhjVqB_Gv9eOAXiQkucBE/view?usp=share_link
Hello,
Can you try after removing
yarn.lock
file andnode_modules
folder and installing packages with the yarn command?You can check the installed package version with
yarn why @abp/ng.components
I removed yarn.lock
, package-lock.json
files and node_modules
folder, then install with npm install --save --legacy-peer-deps
command as npm install
encountered unable to resolve dependency tree
error.
Now the local environment gets the same error likes the others.
Edit: The package-lock.json
is re-installed with many v5.3.5 packages, but the yarn.lock
file didn't get re-installed.
Hello,
I am able to reproduce the error. The bug is related to version 5.3.5. Can you add the following lines to your
package.json
?"resolutions": { "@abp/ng.components": "5.3.4", "@abp/ng.core": "5.3.4", "@abp/ng.setting-management": "5.3.4", "@abp/ng.theme.lepton-x": "1.0.0-beta.3", "@abp/ng.theme.shared": "5.3.4", "@volo/abp.commercial.ng.ui": "5.3.4", "@volo/abp.ng.account": "5.3.4", "@volo/abp.ng.audit-logging": "5.3.4", "@volo/abp.ng.gdpr": "5.3.4", "@volo/abp.ng.identity": "5.3.4", "@volo/abp.ng.identity-server": "5.3.4", "@volo/abp.ng.language-management": "5.3.4", "@volo/abp.ng.saas": "5.3.4", "@volo/abp.ng.text-template-management": "5.3.4", "@volo/abp.ng.theme.lepton": "5.3.4" }
Hi muhammedaltug, thank you for your supporting. But it doesn't work as I added the code and deployed it to the develop environment.
Am I missing something?
Hi, is there any update? Please look at it, this is very urgent.
There's nothing wrong with the data/API, only the UI is getting this error. But since I can't access the component as it belongs to the framework core, I'm not able to figure out what caused it.
Hi maliming,
I've changed SecurityStampValidatorOptions
as you suggestion as well as set IdentityServerDataSeedContributor
to default as below:
ClientName = name,
ProtocolType = "oidc",
Description = name,
AlwaysIncludeUserClaimsInIdToken = true,
AllowOfflineAccess = true,
AbsoluteRefreshTokenLifetime = 31536000, //365 days
AccessTokenLifetime = 31536000, //365 days
AuthorizationCodeLifetime = 300,
IdentityTokenLifetime = 300,
RequireConsent = false,
FrontChannelLogoutUri = frontChannelLogoutUri,
RequireClientSecret = requireClientSecret,
RequirePkce = requirePkce,
AccessTokenType = (int) AccessTokenType.Reference
Unfortunately, nothing happened.
I read the article you suggested, it's OK but still doesn't really help as SecurityStampValidatorOptions
and ExpireTimeSpan
are only able to re-issue when a request is made after halfway through the interval. What if the last request is made before of that?
I also did some research about token here, but it seems to be not applicable in my case. So until now, it's all about trial and error.
As I tested, the only 2 properties that actually affect to token's expiration are AccessTokenLifetime
and AbsoluteRefreshTokenLifetime
. Here are the steps:
options.ExpireTimeSpan = TimeSpan.FromSeconds(10);
to make sure the page will log-out after refresh token expires.AccessTokenLifetime
and AbsoluteRefreshTokenLifetime
= 60s.