I am having a REALLY hard time getting a new ABP proj to run on anything other than local DEV in Visual Studio debugger. I can build an individual dockerfile and run it locally too but what I am TRYING to do is have a secure multi-tiered swarm of containers in a simple docker-compose.yml file.
There seems to be a lot of gotchas around getting reverse proxy to work with ASP and IdentityServer. I have spent 40h trying to get a working app to run on a hosting platform with live SSL certs.
When you are writing the multi-layered Dockerfile, you need to copy NuGet.Config with your .csproj since abp commercial application is using private nuget source. Other than that, it's pretty default to an .net 5 application.
Most of the time, gotchas are related with identityserver and i agree that identityserver on production is somewhat more complex and has more points to take care of comparing to local development because of certification, load balancing etc. But you can find more related questions and answer in stackoverflow or identityserver repo since it is directly related with it.
Is there any clear, straightforward, up-to-date information on how to deploy ABP to a cloud environment via docker?
We're planning to write down a guide from start to deployment to cloud (probably azure) for microservice template. You are always welcome to submit an article for the community since we won't be able to cover all the scenarios or cloud providers.
Ok I have sorted out the filtering issue. I didn't understand how easy the dependency injection was but finally got my head round that. I am injecting the httpContextAssessor and the OU repository, and then finding the current users OU and calling the GetUsersInOrganizationUnitWithChildrenAsync method with its Code.
I would suggest injecting ICurrentUser but ok if it's working for you.
The other problem I mentioned above is still happening: In dev if I look at my Inactive page and my normal Users page, they behave as expected. In live, whichever one I look at first becomes the "default" and I can't see the other one. The screens are very similar obviously, but the filter is fixed to the first one I chose, and the Actions list is fixed to the first one too. Something is being cached somewhere it shouldn't but I can't figure out why this only affects live and the dev behaviour is perfect?
I can't say that I understand this clearly and it seems this is not related with filtering user with an extra property. Could you please create a new issue related with it and supply a way that we can understand better? Something like a public user-pass if on production. Or a screen cast video record link etc.
Are you trying to access a different web api from your client application (angular) or its backend projects (web api), from web api to web api or from angular to web api?
If you are trying to connect from angular app, did you consider creating a different endpoint in your own backend project to get data from diffferent web api and host as proxy hence you can also authorize those endpoint aswell.
Can you give more details?
Hello @ihugo,
This is completely related with IdentityServer4., you can get better answers from stackoverflow or identityserver4 repo.
Although, identityserver configuration is not related with user roles but clients themselves. Preventing logon for certain roles doesn't seem feasible solution since you decide authentication flows independent of your user roles.
However, you can check which application is user logging from when authenticating then running extra layer of authorization should work.
Hello,
The Lepton Theme is a professional theme for the ABP Commercial.
You can check Lepton Theme Module Page for more information.
Hello,
Maybe I understand wrong but, it sounds like buying Visual Studio Professional edition and trying to port it to Visual Studio Community edition.
Abp commercial uses modules which are commercial only. You can check the module list here. You will need to re-write those modules (such as identityserver ui) etc.
You can also check the differences between abp framework vs abp commercial for better comparison.
Hello @nhontran,
I found out that the miss configuration of Intranet OpenID Connect causes this behaviour.
You need to add:
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
// Mapping for GetExternalLoginInfoAsync since "sub" is used instead of "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Add("sub", ClaimTypes.NameIdentifier);
before <br>
context.Services.AddAuthentication()
.AddOpenIdConnect("oidc", "Intranet OpenID Connect", options =>
{
so that provider key should not be null in the default signin manager implementation of GetExternalLoginInfoAsync. This causes chain failure of events which was really time consuming to figure out.
Key of notice, this is related with microsoft default oidc claim mapping issue, not related with ABP. Here is a related identityserver issue.
I added options.TokenValidationParameters.ValidateIssuer = false; for all my microservices now it works.
It's probably because you updated issuer before removing the old cookies/tokens. Validating issuer should work with clean cookies. Even if you don't validate the issuer, if you are using microservices behind the reverse proxy and not facing public world; i don't think it should be a problem.
Hi @nhontran,
I've reproduced
We're investigating this behaviour.
Can it be related with chrome bug? You can check related solution in this article.