I am having a problem where even after enabling the AbpHangfireAuthorizationFilter for the hangfire dashboard I am still met with a 401 when attempting to navigate to the HangFire dashboard.
This is due to the fact that the cookie is not sent with the request because the front end project and the backend api are on separate subdomains
I should clarify that we have the api in an Azure App Service by itself and the web front end in a separate Azure App Service. Thus the two pieces end up with different sub domains. The UI is still able to call the api because of the CORS setup that exists on the api.
Are the front end and back end meant to be deployed to the same sub domain? If not what are the steps I need to take to get the Hangfire dashboard up?
Related
When my ASP.NET (Core) 6.0 website is deployed to Google Cloud Run, I hit a redirect loop when I try to login.
I have removed the call that registers the global RequireHttpsAttribute filter because, when deployed, SSL is not terminated by Kestrel.
The problem was that the controller that handles my login page also had its own explicit [RequireHttps] decorated!!
Silly problem/solution that I am posting here to help others.
I Have a ASP.net Core Web API and the end point goes something like this
https://{domainname}/v1/{ControllerName} and it is hosted on AWS Fargate Conatainer
and we scheduled the endpoint to be invoked at particular time of the day, but to our surprise we see that this is
getting invoked from other sources and we decided to find the remoteip from where the API end point is getting invoked
tried adding with below snippet..
var ip = this.HttpContext.Features.Get()?.RemoteIpAddress?.ToString();
and when we invoked the API with Postman from my local machine the client id is not matching with my local machineIP, Any ideas here whether is my approach right or wrong?
Introduction
We are in the beggining of the development of a new web client for our current web application.
And we will take the chance to build a REST WebApi to access our assets (to be consumed by third parties, and also our new web client)
We're considering OAuth, Service Quotes, Application permisions, etc for the WebAPI
We want to "eat our own dogfood", so the new webclient must use the webapi...
Important: The webApi and the webClient will be hosted in the same server
Questions
A simple use case would be "Get the menu page links"
For the web client which of these 2 approach would you choose?
a) Generate an html with a Js webApiCall inside it to be called from client web browser to get the available menu links for the user. = (2 round trips: 1 for the html/aspx + 1 for the api call MenuGetAvailableItems)
b) Generate an html with the data menu links already populated (webApi MenuGetAvailableItems consumed internally in server side) = (1 round trip for html/aspx + an API internal call..)
If you choose option 1B, Is it possible to avoid the http overhead by consuming the api from the same server and mantain the security, Quotes, etc? I mean, can we use some WCF mechanism or other to communicate this 2 webs instead of making an http call to localhost...?
Thanks for your comments
Q 1
regarding option a - I would avoid calling Web API from the web page, you will start to run into problems with CORS. Also, what if you want to use authentication to access the Web API service, how are you going to send a user name and password from the web page!
regarding option b - you certainly can consume the web api service from inside your web app.
Q 2
I don't understand your what you are asking.
If your primary purpose for building a web service is to allow a third party to interact with you, you are going to want build just the services that need to be exposed.
In general, "eating your own dogfood" might not be the best reason to use Web API where standard calls to the database would be more appropriate. You going to have two applications running, when all you really needed was a data tier in the web app.
It sounds like you are going to end up with a sprawling Web API app that will need new services every time you want to add something to your site.
I implemented an Apache Camel based middleware application to manage authentication, authorization and also to dispatch the front end application calls to my several RESTful back end web services. I'm using Apache Directory as my Ldap server for authentication but I'm using it separately for each back end service.
My question is how to implement a single sign on SSO system to all my back end services.
Any ideas?
Thank you in advance!
I don't think this question is related to Camel directly.
If you want to build a SSO system, I think you can take a look at the oauth. Then you can pass the token as http uri parameter across the back end services.
I am using Asp.net MVC 4 Web Api project. MY application uses mvc to implement a web site. It makes http requests to the web api to implement server functionality.
Regular page requests to controllers work fine and it is able to display web pages. The application is able to make get and post requests to the api. But when it tries to to put or delete web requests it gets
"Failed to load resource: the server responded with a status of 501 (Not Implemented) "
The application is hosted on iis 6.
The application works when running a local cassani server instance and is able to make put and delete requests, but as soon as the application is executed from iis it doesn't work as expected.
I tried all the suggestions from the comment above and none of them worked.
I had to add the ASP.NET 4.0 dll to the Wildcard mappings in the Configuration area on the Home Directory tab. That worked for me. Remember to uncheck the "Verify file exists" checkbox.
EDIT: I posted a blog on the exact process to make this happen here: http://www.proworks.com/blog/2012/11/14/how-to-fix-aspnet-mvc-web-api-http-put-and-delete-requests-failing/