Our second beta has arrived for Bootstrap 5! We delayed its release to iron out some issues with third-party libraries and stabilize our major changes. We’ve also once again shipped some awesome updates to our documentation.
همه نکات رو بررسی کردم. البته موضوع اینکه من اومدم IdentityServer رو در کنار Asp.net Identity استفاده کردم و دیتای user رو از جدول مربوطه میخونم و عملیات لاگین رو هم به شکل زیر انجام دادم .
ممکنه به خاطر این مورد باشه که sub رو تو claim ندارم.؟
if (ModelState.IsValid)
{
// find user by username
var user = await _signInManager.UserManager.FindByNameAsync(Input.Username);
// validate username/password using ASP.NET Identity
if (user != null && (await _signInManager.CheckPasswordSignInAsync(user, Input.Password, true)) == SignInResult.Success)
{
await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName, clientId: context?.Client.ClientId));
// only set explicit expiration here if user chooses "remember me".
// otherwise we rely upon expiration configured in cookie middleware.
AuthenticationProperties props = null;
if (LoginOptions.AllowRememberLogin && Input.RememberLogin)
{
props = new AuthenticationProperties
{
IsPersistent = true,
ExpiresUtc = DateTimeOffset.UtcNow.Add(LoginOptions.RememberMeLoginDuration)
};
};
// issue authentication cookie with subject ID and username
var isuser = new IdentityServerUser(user.Id)
{
DisplayName = user.UserName
};
await HttpContext.SignInAsync(isuser, props);
if (context != null)
{
if (context.IsNativeClient())
{
// The client is native, so this change in how to
// return the response is for better UX for the end user.
return this.LoadingPage(Input.ReturnUrl);
}
// we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
return Redirect(Input.ReturnUrl);
}
// request for a local page
if (Url.IsLocalUrl(Input.ReturnUrl))
{
return Redirect(Input.ReturnUrl);
}
else if (string.IsNullOrEmpty(Input.ReturnUrl))
{
return Redirect("~/");
}
else
{
// user might have clicked on a malicious link - should be logged
throw new Exception("invalid return URL");
}
}
await _events.RaiseAsync(new UserLoginFailureEvent(Input.Username, "invalid credentials", clientId: context?.Client.ClientId));
ModelState.AddModelError(string.Empty, LoginOptions.InvalidCredentialsErrorMessage);
} مگر غیر اینکه با تعریف new IdentityResources.OpenId در IdentityResources و تنظیم AllowScope کلاینت به IdentityServerConstants.StandardScopes.OpenId خود IdentityServer الزاما SubjectId رو در claim به ما برگردونه؟
There isn't a simple dichotomy of remote versus co-located work, instead there are several patterns of distribution for teams each of which has different trade-offs and effective techniques suitable for them.
SimpleIdServer is an open source framework enabling the support of OPENID, OAUTH2.0, SCIM2.0, UMA2.0, FAPI and CIBA. It streamlines development, configuration and deployment of custom access control servers. Thanks to its modularity and extensibility, SimpleIdServer can be customized to the specific needs of your organization for authentication, authorization and more.
InversifyJS is a lightweight inversion of control (IoC) container for TypeScript and JavaScript apps. A IoC container uses a class constructor to identify and inject its dependencies. InversifyJS has a friendly API and encourage the usage of the best OOP and IoC practices.
Great news... based on benchmark tests from my code performance book, when it comes to sorting collections, overall, .NET 5 is 35% faster than .NET Core! So important for apps.
The .NET Framework 4.6.1 includes new features in the following areas:
-
Cryptography
-
ADO.NET
-
Windows Presentation Foundation (WPF)
-
Windows Workflow Foundation
-
Profiling
-
NGen
For more information on the .NET Framework 4.6.1, see the following topics:
-
The .NET Framework API diff (on GitHub)
Fixed In This Release of Visual Studio 2019 version 16.5
- Modified the find "List View" to work with the VsColorOutput extension.
- Fixed a regression introduced with version 16.5 where use of default indexed properties with value-types caused an internal compiler error.
- Modified find in files to preserve user settings between Visual Studio 2019 sessions.
- Fixed an issue where Goto next/previous entry failed to work in the find results list when "preview selected files in find results" is turned off.
- Fixed an issue with find when doing a regex search a pattern that did not contain regex special characters.
- Fixed the button placement in find in files tool window when its in a docked position. Changed alignments for better experience in docked mode.
- Fixed an issue where the find list view did not navigate to results when enter was hit.
- Fixed an issue where Goto next/previous entry failed to work in the find results list when "preview selected files in find results" is turned off.
Security Advisory Notice
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-5260 Git for Visual Studio Credential Leak Vulnerability due to insufficient validation on URLs
Firefox is removing its experimental support for installing Progressive Web Apps to the desktop. Whether or not this really constitutes giving up on PWA depends on your point of view, but I think it is disappointing, both for PWA and for Firefox.
.NET 5 Preview 7 is now available and is ready for evaluation. Here’s what’s new in this release:
- Blazor WebAssembly apps now target .NET 5
- Updated debugging requirements for Blazor WebAssembly
- Blazor accessibility improvements
- Blazor performance improvements
- Certificate authentication performance improvements
- Sending HTTP/2 PING frames
- Support for additional endpoints types in the Kestrel sockets transport
- Custom header decoding in Kestrel
- Other minor improvements
