[chrisalves] said: Hi Engincan,
Thank you for your response.
Letβs keep this ticket open for a few more days while I review the point and run some test scenarios based on your suggestions.
Best regards,
Sure π
[sghorakavi@cpat.com] said:
[EngincanV] said:
[sghorakavi@cpat.com] said: Laucnchsettings.json{"iisSettings": {"windowsAuthentication": false,"anonymousAuthentication": true,"iisExpress": {"applicationUrl": "https://localhost:44356/hostapi","sslPort": 44356}},"profiles": {"IIS Express": {"commandName": "IISExpress","launchBrowser": true,"environmentVariables": {"ASPNETCORE_ENVIRONMENT": "Development","DOTNET_WATCH": "false"
} }, "Approach.HttpApi.Host": { "commandName": "Project", "launchBrowser": true, "applicationUrl": "https://localhost:44356/hostapi", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } }}}
-added frowardheader
My swagger.json looks fine but swagger.html is not opening swagger.json. It cannot find hostapi in the path.
My appsettings.json has
"App": {"SelfUrl": "https://localhost:44356/hostapi","CorsOrigins": "https://*.Approach.com;https://localhost:44356/hostapi","DisablePII": false,"HealthCheckUrl": "/health-status"},
In the module:
app.UsePathBase("/hostapi");
app.UseAbpSwaggerUI(options =>{options.SwaggerEndpoint("/swagger/v1/swagger.json", "Approach API");options.RoutePrefix = "swagger";
var configuration = context.GetConfiguration(); options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]);});
Can you pls let me know what did I miss. Do you need any other information ?
I started with sample ABP, MVC multi layer application.I need Host Service to open https://localhost:44356/hostapi/swagger/index.html properly.Thank you
Hi, I don't see any reverse-proxy configuration here. Instead, I only notice the code line
app.UsePathBase("/hostapi");, which sets the path-base and makes your application endpoints in the following format:/hostapi/<remaining-routes>And it seems this is not what you want, and I would not call it a reverse proxy, because it only sets the path-base and transforms the URLs. It does not redirect to an underlying service; for this purpose, you need a reverse proxy (If you need to expose all of your different apps that are running in different ports in the same port with distinct route configs, you need to use a reverse proxy like nginx, for example.)
An example config for nginx:
events {} http { server { listen 44378 ssl; server_name localhost; # π SSL certificate (use your own dev or real certs) (optional) ssl_certificate /path/to/dev-cert.pem; ssl_certificate_key /path/to/dev-key.pem; # Common headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Allow large bodies (optional) client_max_body_size 50m; # ===== /api β Host Server ===== location /api/ { proxy_pass https://localhost:44342/; proxy_ssl_verify off; } # ===== /auth β Auth Server ===== location /auth/ { proxy_pass https://localhost:44339/; proxy_ssl_verify off; } # ===== / β Web Server ===== location / { proxy_pass https://localhost:44378; proxy_ssl_verify off; } } }With this config, nginx ensures, when you send a request to the
https://localhost:44378/api, it redirects to the underlying service:https://localhost:44342.
If you just want to configure the hostpath, let me know, but in the current scenario you want, you need to use a reverse proxy.
Ok, I have nginx setup on my windows computer. The host server is working fine. There is authentication issue. After adding reverse proxy using nginx, I see this issue. Any suggestion ?
Hi, your nginx config seems right. To address the problem in your auth-server project, can you share its logs, please?
[nhontran] said: ABP Framework is currently referencing the latest version of Select2. However, it appears that there is no active maintenance for the Select2 library at this time. Is there any recommended workaround for this vulnerability, or does the ABP team have plans to replace Select2 with a more actively maintained alternative in future releases?
Hi, currently we are not considering replacing Select2. Even though it's not maintained actively, it's a stable and popular library. If you want us to replace it with another alternative, please don't hesitate to create an issue at https://github.com/abpframework/abp/issues, so we can discuss and consider.
In the link you provided, I see some suggestions to overcome the XSS vulnerability. I'll check our select2 implementation and check what we can do.
Thanks for reporting.
[sghorakavi@cpat.com] said: Laucnchsettings.json { "iisSettings": { "windowsAuthentication": false, "anonymousAuthentication": true, "iisExpress": { "applicationUrl": "https://localhost:44356/hostapi", "sslPort": 44356 } }, "profiles": { "IIS Express": { "commandName": "IISExpress", "launchBrowser": true, "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development", "DOTNET_WATCH": "false"
} }, "Approach.HttpApi.Host": { "commandName": "Project", "launchBrowser": true, "applicationUrl": "https://localhost:44356/hostapi", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } }} }
-added frowardheader
My swagger.json looks fine but swagger.html is not opening swagger.json. It cannot find hostapi in the path.
My appsettings.json has
"App": { "SelfUrl": "https://localhost:44356/hostapi", "CorsOrigins": "https://*.Approach.com;https://localhost:44356/hostapi", "DisablePII": false, "HealthCheckUrl": "/health-status" },
In the module:
app.UsePathBase("/hostapi");
app.UseAbpSwaggerUI(options => { options.SwaggerEndpoint("/swagger/v1/swagger.json", "Approach API"); options.RoutePrefix = "swagger";
var configuration = context.GetConfiguration(); options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]);});
Can you pls let me know what did I miss. Do you need any other information ?
I started with sample ABP, MVC multi layer application. I need Host Service to open https://localhost:44356/hostapi/swagger/index.html properly. Thank you
Hi, I don't see any reverse-proxy configuration here. Instead, I only notice the code line app.UsePathBase("/hostapi");, which sets the path-base and makes your application endpoints in the following format: /hostapi/<remaining-routes>
And it seems this is not what you want, and I would not call it a reverse proxy, because it only sets the path-base and transforms the URLs. It does not redirect to an underlying service; for this purpose, you need a reverse proxy (If you need to expose all of your different apps that are running in different ports in the same port with distinct route configs, you need to use a reverse proxy like nginx, for example.)
An example config for nginx:
events {}
http {
server {
listen 44378 ssl;
server_name localhost;
# π SSL certificate (use your own dev or real certs) (optional)
ssl_certificate /path/to/dev-cert.pem;
ssl_certificate_key /path/to/dev-key.pem;
# Common headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Allow large bodies (optional)
client_max_body_size 50m;
# ===== /api β Host Server =====
location /api/ {
proxy_pass https://localhost:44342/;
proxy_ssl_verify off;
}
# ===== /auth β Auth Server =====
location /auth/ {
proxy_pass https://localhost:44339/;
proxy_ssl_verify off;
}
# ===== / β Web Server =====
location / {
proxy_pass https://localhost:44378;
proxy_ssl_verify off;
}
}
}
With this config, nginx ensures, when you send a request to the https://localhost:44378/api, it redirects to the underlying service: https://localhost:44342.
If you just want to configure the hostpath, let me know, but in the current scenario you want, you need to use a reverse proxy.
[kkmy] said: Hi EngincanV,
The code that you provided for the method is not like this in my project and the new project that is created with the version 9.3.5 recently. The following is how the particular method is created:
private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer( OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme ); context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; }); }
It appears that you do not have a separate authentication server application. My previous code example assumed the existence of both the AuthServer project and the HttpApiHost project as separate components. However, it appears that only the HttpApiHost project is present, likely in a unified configuration.
In that case, you may use the following code in your application:
Configure<JwtBearerOptions>(options =>
{
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuerSigningKey = true,
AlgorithmValidator = (algorithm, securityKey, securityToken, validationParameters) =>
{
return !algorithm.Equals("none", StringComparison.OrdinalIgnoreCase);
}
};
});
This code should be placed prior to invoking the ConfigureAuthentication method. Doing so should ensure proper functionality.
Hi, you can ignore the response of the AI bot.
If you open your *HttpApi.Host project and search for the ConfigureAuthentication method, then you'll notice there is a configuration as follows:
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddAbpJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata");
options.Audience = "<your-project-name>";
//WRITE THE BELOW CODE HERE!!!
});
context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options =>
{
options.IsDynamicClaimsEnabled = true;
});
}
Here, you can configure TokenValidationParameters and make the relevant validations for the token. In your case, a code like this should work:
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuerSigningKey = true,
AlgorithmValidator = (algorithm, securityKey, securityToken, validationParameters) =>
{
return !algorithm.Equals("none", StringComparison.OrdinalIgnoreCase);
}
};
AlgorithmValidator checks if the alg header is as expected with the specified algorithm or not.
[chrisalves] said: I've successfully implemented the configuration for Azure Blob Storage as described in the official documentation. However, my question is more focused on the architectural design required to make this integration scalable and efficient across all modules of my solution.
Specifically, I'm looking to understand:
- What is the recommended architecture to fully integrate Azure Blob Storage with the file handling components generated by ABP Suite?
- Where in the code generated by ABP Suite (especially in Razor Pages and related file components) should I replace or extend the default logic to redirect file uploads from local database storage to Azure Blob Storage?
- Is it advisable to create a centralized service or abstraction layer to manage blob operations across modules? If so, what would be the best practice for implementing this in a modular and maintainable way?
The documentation provides a good starting point for configuring blob storage, but it doesn't clearly outline how to adapt the ABP Suite-generated file logic to use Azure Blob Storage as the primary storage backend.
I would greatly appreciate any guidance or examples that clarify the best approach to achieve this integration in a clean and scalable manner.
Thank you!
Hello, I would like to clarify some points:
When you use the file type for a property, ABP Suite uses the Blob Storing Infrastructure of the ABP Framework, which is fully provider-independent. You can easily configure any provider you want. By default, ABP templates are configured to use the database provider. If you switch to another provider, the file content will be stored directly in the relevant provider's storage. This means that when you configure Azure, your file content (BLOB) will be stored in Azure.
In addition to these structures, ABP Suite actually only stores some metadata about the files (such as file name and content type) on the database side, whether you use a file provider, database provider, or any other provider. On the UI side, we need to know the fileβs content type and have a reference to the related file type via the AppFileDescriptor entity.
This is a design choice: when you have a property named CoverImage, it will appear in the code as CoverImageId (of type Guid) and will reference the corresponding record in the AppFileDescriptors table in the database.
Thus, the storage and implementation remain provider-agnostic on the blob storage side. However, it is still necessary to store basic information about the uploaded files in the database. (You can think of this system as a similar implementation to our File Management module.)
Regards.
[sghorakavi@cpat.com] said: It is not working. I tried this as wellhttps://abp.io/docs/latest/deployment/forwarded-headers
getting error:
Hi, are you using nginx (or traefik) as a reverse proxy? By any chance, can you share your reverse-proxy configuration? I need more information and preferably brief explanation about what you've done so far, to better assist you.
Btw, adding forwarded-headers is really good, you should keep it in your module class. It makes sure URLs/Cookies are produced correctly behind the proxy, so it's needed.
[devchase321] said: Hi EngincanV,
Thank you for your message. I have just added the Payment module in my solution from ABP Studio. I didn't change anything in default setup.
With default setup I am giving the error and then I have added the stripe module to the blazor and public module, but this is also giving me the same error.
Hi, I've created a Blazor application (tiered and with public-web application), imported the Payment Module:
and then I could run the application successfully:
When i check your log, it seems that your *HttpApi.Host project is not working. Can you please check that? If you are ensure, then please provide exact steps to reproduce the problem.
Regards.
Hello,
Currently, we donβt have a dedicated End-of-Support (EOS) or End-of-Life (EOL) documentation page. However, you can refer to the following resources for related information:
Please review those sections for more details.
