Activities of "Anjaneyulu"

All Question Answer
Newest Oldest
How to enable Openiddict for multitenant #4404
Answer

Steps:

  1. Run the demo server and login into application as host.
  2. Create a tenant
  3. Login into tenant page and add any openid client in the Openid applications
  4. You can also check our sample ebanking in the test folder in repository
  5. After adding an openid client in server, configure the client with the client,secret and default scopes.
  6. Try logging in to the openid client application.
  7. Try logout.
  8. It is not logging out. If you open the url again it is navigating to the main page with out asking login credentials.
How to enable Openiddict for multitenant #4404
Answer

HI @maliming, we have created a basic abp project. @ https://github.com/rajasekhard2015/demo

Tried extending openid dict to tenant . Please check the commits to see what all changes we have made.

We were able to add client and do authentication. but we are having issue for logout.

Can you please help us. It very critical for our delivery.

Couldn't validate antifogery token for post and get requests #2524
Answer 
Configure<AbpAntiForgeryOptions>(options => 
{ 
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests 
});

After I've configured the AbpAntiForgeryOptions as above, I could not send a successful GET request to my endpoints unless I provide a RequestVerificationToken header.

But if there is an interceptor and passes a RequestVerificationToken on behalf of me, I can successfully make a GET request as follow. (And we do it on Swagger UI)

So can you try to navigate the URL of one of your GET requests on the browser? I am not sure but "burpsuite" might be intercepting the request and passing the RequestVerificationToken automatically (maybe you can check the header that it passed).

After adding this configuration we are not getting data for our Get request : -

Configure<AbpAntiForgeryOptions>(options => { options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests });

But Adding this middleware , we are getting data but intercepting through burpsuite , removing request verification token and forwarding request is working fine.

public class SetRequestVerificationHeaderMiddleware { private readonly RequestDelegate _next; private readonly IAbpAntiForgeryManager _abpAntiForgeryManager;

public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAbpAntiForgeryManager abpAntiForgeryManager)
{
    _next = next;
    _abpAntiForgeryManager = abpAntiForgeryManager;
}

public async Task Invoke(HttpContext context)
{
    if (HttpMethods.IsGet(context.Request.Method))
    {
       var antiForgeryToken = await _abpAntiForgeryManager.GenerateToken();
       context.Request.Headers["RequestVerificationToken"] = antiForgeryToken;
    }
    
    await _next(context);
}

}

//use middleware app.UseMiddleware<SetRequestVerificationHeaderMiddleware>();

Even Im not sure how burpsuite works.

Couldn't validate antifogery token for post and get requests #2524
Answer 
Configure<AbpAntiForgeryOptions>(options => 
{ 
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests 
});

After I've configured the AbpAntiForgeryOptions as above, I could not send a successful GET request to my endpoints unless I provide a RequestVerificationToken header.

But if there is an interceptor and passes a RequestVerificationToken on behalf of me, I can successfully make a GET request as follow. (And we do it on Swagger UI)

So can you try to navigate the URL of one of your GET requests on the browser? I am not sure but "burpsuite" might be intercepting the request and passing the RequestVerificationToken automatically (maybe you can check the header that it passed).

Thanks. I will check and Let you know

Couldn't validate antifogery token for post and get requests #2524
Answer

Hi @Anjaneyulu, you're not sending requests via Swagger right?

No. Actually we are intercepting the get request in burpsuite , removing the request verification token and forwarding the request to server. Should we consider burpsuite interpection as a swagger or postman request? I'm not sure.

Couldn't validate antifogery token for post and get requests #2524
Answer

Then you can create a middleware as below and get the generated cookie and pass it to the RequestVerificationToken header.

P.S. If your GET requests don't change the state (and it shouldn't in most cases), you don't need to add anti-forgery token validation, in my opinion.

public class SetRequestVerificationHeaderMiddleware 
{ 
    private readonly RequestDelegate _next; 
    private readonly IAbpAntiForgeryManager _abpAntiForgeryManager; 
 
    public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAbpAntiForgeryManager abpAntiForgeryManager) 
    { 
        _next = next; 
        _abpAntiForgeryManager = abpAntiForgeryManager; 
    } 
 
    public async Task Invoke(HttpContext context) 
    { 
        if (HttpMethods.IsGet(context.Request.Method)) 
        { 
           var antiForgeryToken = await _abpAntiForgeryManager.GenerateToken(); 
           context.Request.Headers["RequestVerificationToken"] = antiForgeryToken; 
        } 
         
        await _next(context); 
    } 
} 
 
//use middleware 
app.UseMiddleware<SetRequestVerificationHeaderMiddleware>();

We have added this configuration, but when we remove the request verification token from requests, response is still perfect. Are we missing something ? Please guide.

Couldn't validate antifogery token for post and get requests #2524
Answer

Hi @Anjaneyulu, I think you don't need to create a manual Anti Forgery Token Middleware. Instead, you can define AbpAntiForgeryOptions to enable auto validation for GET requests.

Configure<AbpAntiForgeryOptions>(options => 
{ 
    //By default only POST requests auto validate anti forgery tokens. 
    //In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored. 
     
    options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests 
     
});

See CSRF Anti Forgery documentation for more information

Hi @EngincanV , I have configured as you said

Configure<AbpAntiForgeryOptions>(options => { //By default only POST requests auto validate anti forgery tokens. //In other word "GET", "HEAD", "TRACE" and "OPTIONS" HTTP methods are ignored.

options.AutoValidateIgnoredHttpMethods.Remove("GET"); //auto validate for GET requests });

Im not receving any data in get request. Do i need to add anything else ?

Not able to Explicitly set application cookie path for my Application #1852
Answer

hi

We could set the Application Cookie's path as per your reply, we are missing antiforgery token and not able to authenticate. Can you please help us.

Issue in production but working in debug mode Could not find a file/folder at the location: /Emailing/Templates/EmailTemplate.tpl #1862
Answer

hi

Is Emailing\Templates\Templates\*.tpl path correct?

Maybe Emailing\Templates\*.tpl

I have updated the path. Also, tried setting build actions to copy always for embedded resources. But im getting the same issue.

<Project Sdk="Microsoft.NET.Sdk">

<Import Project="....\common.props" />

<PropertyGroup> <TargetFramework>netstandard2.0</TargetFramework> <RootNamespace>Test</RootNamespace> </PropertyGroup>

<ItemGroup> <ProjectReference Include="..\Test.Domain.Shared\Test.Domain.Shared.csproj" /> </ItemGroup>

<ItemGroup> <ProjectReference Include="....\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Shared.Application.Contracts\Volo.Abp.Account.Pro.Shared.Application.Contracts.csproj" /> <PackageReference Include="Volo.Abp.PermissionManagement.Application.Contracts" Version="4.4.2" /> <PackageReference Include="Volo.Abp.FeatureManagement.Application.Contracts" Version="4.4.2" /> <PackageReference Include="Volo.Abp.SettingManagement.Application.Contracts" Version="4.4.2" /> <PackageReference Include="Volo.Saas.Host.Application.Contracts" Version="4.4.2" /> <PackageReference Include="Volo.Abp.AuditLogging.Application.Contracts" Version="4.4.2" /> <ProjectReference Include="....\modules\Volo.Identity.Pro\src\Volo.Abp.Identity.Pro.Application.Contracts\Volo.Abp.Identity.Pro.Application.Contracts.csproj" /> <PackageReference Include="Volo.Abp.IdentityServer.Application.Contracts" Version="4.4.2" /> <ProjectReference Include="....\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Application.Contracts\Volo.Abp.Account.Pro.Public.Application.Contracts.csproj" /> <ProjectReference Include="....\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Admin.Application.Contracts\Volo.Abp.Account.Pro.Admin.Application.Contracts.csproj" /> <PackageReference Include="Volo.Abp.LanguageManagement.Application.Contracts" Version="4.4.2" /> <ProjectReference Include="....\modules\Volo.TextTemplateManagement\src\Volo.Abp.TextTemplateManagement.Application.Contracts\Volo.Abp.TextTemplateManagement.Application.Contracts.csproj" /> <ProjectReference Include="....\modules\Volo.LeptonTheme\src\Volo.Abp.LeptonTheme.Management.Application.Contracts\Volo.Abp.LeptonTheme.Management.Application.Contracts.csproj" /> </ItemGroup>

<ItemGroup> <EmbeddedResource Include="Emailing\Templates*.tpl" /> <None Remove="Emailing\Templates*.tpl" /> </ItemGroup>

</Project>

Issue in production but working in debug mode Could not find a file/folder at the location: /Emailing/Templates/EmailTemplate.tpl #1862
Answer

hi

Can you share the csproj(ApplicationContractModule) file?

<Project Sdk="Microsoft.NET.Sdk">

  <Import Project="..\..\common.props" />

  <PropertyGroup>
    <TargetFramework>netstandard2.0</TargetFramework>
    <RootNamespace>Test</RootNamespace>
  </PropertyGroup>



  <ItemGroup>
    <ProjectReference Include="..\Test.Domain.Shared\Test.Domain.Shared.csproj" />
  </ItemGroup>

  <ItemGroup>
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Shared.Application.Contracts\Volo.Abp.Account.Pro.Shared.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.PermissionManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.FeatureManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.SettingManagement.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Saas.Host.Application.Contracts" Version="4.4.2" />
    <PackageReference Include="Volo.Abp.AuditLogging.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.Identity.Pro\src\Volo.Abp.Identity.Pro.Application.Contracts\Volo.Abp.Identity.Pro.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.IdentityServer.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Application.Contracts\Volo.Abp.Account.Pro.Public.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Admin.Application.Contracts\Volo.Abp.Account.Pro.Admin.Application.Contracts.csproj" />
    <PackageReference Include="Volo.Abp.LanguageManagement.Application.Contracts" Version="4.4.2" />
    <ProjectReference Include="..\..\modules\Volo.TextTemplateManagement\src\Volo.Abp.TextTemplateManagement.Application.Contracts\Volo.Abp.TextTemplateManagement.Application.Contracts.csproj" />
    <ProjectReference Include="..\..\modules\Volo.LeptonTheme\src\Volo.Abp.LeptonTheme.Management.Application.Contracts\Volo.Abp.LeptonTheme.Management.Application.Contracts.csproj" />
  </ItemGroup>

  <ItemGroup>
    <EmbeddedResource Include="Emailing\Templates\Templates\*.tpl" />
    <None Remove="Emailing\Templates\Templates\*.tpl" />
  </ItemGroup>
  
</Project>
Showing 1 to 10 of 11 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54