Activities of "trannguyenphucanh"

  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi Supporting Team,

I'm planning for a major version upgrade in expecting for security enhancement. I've read through the changed logs but seemed not to catch as many related information about it. So I have a few things to consider:

  1. How is the security of v5.3.3 comparing to upper versions? Is it better? If so, what is the particular improvement?
  2. Does a framework upgrade ensure lesser security threats?
  3. What are the specific affects after replaced Identity Server with OpenIddict? Does it have anything to do with security enhancement?

Could you guys share your thoughts about it?

  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"
  • Database: MySQL WorkBench 8.0.30"

Hi Support Team,

I've tried to create a dozen of tables using code-first EF Core, there're 2 tables having foreign key to abpusers table.

I created domain classes, declared them in DbContextModelCreatingExtensions as well as in DbContext , ran add-migration command, a migration file was created. After that, I ran DbMigratorproject, an issue appeared:

1.Failed to open the referenced table 'appuser': I solved this one by manually modifying the migration file, changed parameter name in table.ForeignKey() and principalTable from AppUser to AbpUsers at the 2 tables having foreign key.

Then I ran the add-migration command again, another issue appeared:

2.Referencing column 'UserId' and referenced column 'Id' in foreign key constraint 'FK_my_table_AbpUsers_UserId' are incompatible.: I also solved this one by manually deleting parameter collation: "ascii_general_ci"at columns UserIdin the file and ran the command again. All worked well.

But, is there any way to remove the collation: "ascii_general_ci param and just uses the default type when migration file is generated? I notice this param is automatically added after the framework is updated to v5 (.NET 5 => .NET 6).

I've tried an answer from stackoverflow but didn't work.

Also, I really appreciate if there's any solid solution for the 1st issue.

Hope to hearing from you guys soon.

  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi Support Team,

I've encountered this bug: The previously checked organization units for all user are appeared unchecked on production, develop and QA site. But it doesn't happen on local environment though.

There's a small inconsistency on the UI display between the local environment & other sites as well. Below are the screenshots from local and production site, both use the same branch & database.

Hope to hearing from you guys soon.

Thanks.

  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi, I would like to know if there's a way to redirect user to the login page after 30 minutes of inactivity. Below is the configuration suggested from older topics that I've implemented for HostModule:

.AddCookie("Cookies", options =>
{
    options.ExpireTimeSpan = TimeSpan.FromSeconds(1800);
    options.SlidingExpiration = true;
});
context.Services.ConfigureApplicationCookie(options =>
{
    options.Cookie.SameSite = SameSiteMode.Unspecified;
});

And IdentityServerDataSeedContributor:

ClientName = name,
ProtocolType = "oidc",
Description = name,
AlwaysIncludeUserClaimsInIdToken = true,
AllowOfflineAccess = true,
AbsoluteRefreshTokenLifetime = 1800, //30 minutes
AccessTokenLifetime = 1800, //30 minutes
SlidingRefreshTokenLifetime = 300,
AuthorizationCodeLifetime = 300,
IdentityTokenLifetime = 300,
RequireConsent = false,
FrontChannelLogoutUri = frontChannelLogoutUri,
RequireClientSecret = requireClientSecret,
RequirePkce = requirePkce

The above configuration didn't make the site logout, even if I closed the browser or left it inactive.

When I add the code as below, the site does log-out after the token expired, but it doesn't solve the problem as while user is browsing, it still redirects to the login page no matter what.

context.Services.ConfigureApplicationCookie(options =>
    {
        options.Cookie.SameSite = SameSiteMode.Unspecified;
        options.ExpireTimeSpan = TimeSpan.FromSeconds(1800);
        options.SlidingExpiration = true;
    });
context.Services.Configure<SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromSeconds(1800));

Could you take a look at it?

Showing 1 to 4 of 4 entries
Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13