I'm trying to create a multi-tenanted blazor application using ABP Framework and i'm struggling to figure out how to implement as the documentation is very limited.
My application needs to resolve the tenant based on the url. A tenant can have multiple urls, so therefore need to create a custom tenant resolver which looks up a url table for the tenant and returns the correct id. I have tried this in the HttpApi.Host project and its working fine but the issue is that it doesnt know anything about the URL that the blazor application was loaded on.
I'm now thinking about adding an http header to the api requests with the url, so that the tenant resolver can pull it. Before i head down this path, i'm concerned there is much easier and better way to accomplish this problem i'm tackling?
the documentation is very limited.
The documentation is rich, and the code is open source.
https://docs.abp.io/en/abp/latest/Multi-Tenancy#tenant-resolvers
https://github.com/abpframework/abp/tree/dev/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy
Related
Background:
We use a single-tenant-per-application model
All tenants run the same frontend and backend code that is deployed and hosted separately under different subdomains for each tenant
We provision separate AzureAD applications for each tenant, resulting in in a different ClientIDs for each
Problem:
As per the ADAL js wiki found here: https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Config-authentication-context, our frontend application must specify the ClientID and backend API Endpoints when initializing ADAL.
Since each of our tenants has their own ClientID, we ended up adding all the possible ClientIDs and Endpoints into our code, and figuring out the values at runtime based on the current URL. This obviously doesn't scale very well as it requires a code change for each new tenant. We are thinking moving this work to the the CI/CD process, but are trying to understand if there is a better solution.
Is there a better way to manage multiple, single-tenant apps with ADAL js?
Since each instance of your application is registered separately (thus has its own ClientId), ADAL.js doesn't provide you a better solution.
You can either work with Angular Environments e. g.
environment.tenant1.ts
enviornment.tenant2.ts
And create a build artifact for each tenant using ng build --prod ---configuration=tenant1. I don't like this solution since you have multiple build artifacts.
Or you expose a middleware / REST API that returns the configuration for a specific client by its URL. This will be the only endpoint your client needs to know. However, you have to ensure the middleware is always up (single point of failure).
I wish to accomplish two simple things with a basic Angularjs application that has both a public and secure area (home page and admin page respectively) that both use a few web api calls.
Login using email address and password
check if user is logged in (has a session) before he can access the admin section (using $routeProvider resolve)
I've searched for hours for something simple but everything that I come across seems still too complex (e.g. http://www.codeproject.com/Articles/784106/AngularJS-Token-Authentication-using-ASP-NET-Web-A).
Are there any examples on how to handle these two steps with basic .Net code?
I have a small entity class (that inherits DBContext).
I call this in my web API controller and there manipulate my data before I send it back to the angularjs front. There is no need for roles. There is only one login which is added manually in the database, the password is securely stored but the site won't be using https. The data that is to be shown is simply for upcoming venues for a couple hundred guests. After the venue the data is deleted.
I have trouble with this since it's been quite a while since I used web api in this fashion (for authentication and validation).
In the end I decided to go with the authentication I found but I now have an issue with implementing it.
Edit: I found a very good example online. That provides source code and has working register and login. Can't find the url just yet.
EDIT
The site that I found is:bitoftech.net
I'm building a project using Node.js and AngularJS.
Some of the views and operations in my project require authorization.
In ASP.NET I used to simply save the user-id or user object in the Session when the user's credentials are correct, then in every Page and operation I would check if the user has permissions, and if not I would use Response.Redirect. So simple!
Now I use Node.js and AngularJS which are maybe the most popular combination for building websites nowadays and I would expect to have a very simple and quick way (even of a third party) to implement authorization, just like in ASP.NET.
Unfortunately I've only found a bunch of implementation examples that contain a myriad of code lines and turn me into an information security expert who knows about things like token and etc. Here are some of the articles I've found:
Best practices for authentication and authorization in Angular without breaking RESTful principles?
http://frederiknakstad.com/2013/01/21/authentication-in-single-page-applications-with-angular-js/
https://www.theodo.fr/blog/2015/08/handling-basic-route-authorization-in-angularjs/
http://code.tutsplus.com/tutorials/token-based-authentication-with-angularjs-nodejs--cms-22543
http://www.kdelemme.com/2014/03/09/authentication-with-angularjs-and-a-node-js-rest-api/
Is there any simple way to implement authentication+authorization+routing to unauthorized page without writing so many lines of code?
Any help will be profoundly appreciated!
MeteorJS is a node based framework with a drop-in authentication system. It also has first class support for AngularJS on the front-end.
You would first add the relevant accounts and UI packages on the command line.
meteor add accounts-password
meteor add dotansimha:accounts-ui-angular
You could also add OAuth provider packages such as accounts-facebook or accounts-google.
Then in your template you add a the login-buttons directive.
<login-buttons></login-buttons>
It then handles account creation, login, forgot passwords etc. It also provides hooks so you can add fields and values on account creation.
Here is a link to the authentication section of the Meteor/Angular ToDo tutorial.
nodejs modules and jsonwebtoken, passport, passport-local
passport local for local strategy and passport for authenticate and jsonwebtoken for create authentication token
Im trying to develop a web app using angularjs, restangular and postgresql, im using ubuntu and xampp for development. I found ArrestDB, a restful api for postgresql. In its documentation,
# Get all rows from the "customers" table where the "country" field matches "Australia" (LIKE)
GET http://api.example.com/customers/country/Australia/
https://github.com/alixaxel/ArrestDB
While in restangular documentation,
// Just ONE GET to /accounts/123/buildings/456
Restangular.one('accounts', 123).one('buildings', 456).get()
https://github.com/mgonto/restangular
Do you guys know a free RESTful api for postgresql that works well with restangular?
ArrestDB interprets api/{Table}/{Field}/{....} while Restangular interprets api/{table}/{id}/{relations table}. I also tried api/{table}/{id}/{relations table} in ArrestDB but I get error 404.
I also found Postgrest in github but its in haskel, and i'm not familiar with haskel.
Thanks...
Postgrest seems to be a very viable choice. There is no knowledge of Haskell required to interact with it.
I have used PostgREST and recommend it. It is written in Haskell but requires no knowledge of Haskell (in the same way that pg is written in C, but no knowledge of C is required to use it). The documentation at postgrest.com is quite helpful and I've been able to get up to speed with it quickly. Best practices are to run pgREST through a reverse proxy (Apache, Nginx, etc.) to control web authentication and authorization. PostgreSQL will enforce permissions GRANTed to the configured pgREST user (INSERT, UPDATE, DELETE, etc.) on the DB served up by pgREST. There are a number of access control options listed in the pgREST documentation for switching user roles as requests come in, so the access control is pretty flexible in accommodating different usage scenarios.
You can use Express.js and Node.js to create RESTful API for example. It works with PostgreSQL well. I am using it now for my application, so I have a PostgreSQL DB, back-end in Express.js with pg-promise and Node.js and front-end in AngularJS with Restangular.
You can try
this tutorial,
this guy has a quite good blog about building API and other useful things.
I have an AngularJS SPA served up as part of an ASP.NET MVC application. Within this I have an Angular factory which accesses a REST API elsewhere on our intranet. We have various instances of this API for development, production and UAT. I'd like to be able to configure the URL of this API within something like the web.config so that when I build each different solution configuration the correct URL is provided to the factory.
Unfortunately I'm working within an environment where I cannot use npm (it's complicated - suffice it to say that NTLM proxy authentication combined with a smartcard login don't play nicely with npm), so a lot of front-end build tools that seem like they might have been helpful aren't available to use.
Currently I'm just thinking of adding a method on a controller which returns a value in the web.config, but this doesn't seem terribly elegant. Perhaps there's a better way?