4.3.0 / Angular / separate IdentityServer
I have custom implementation of IAuthorizationMiddlewareResultHandler (it checks missing permissions for a user) and I want to provide additional exception info from it to Angular client in pop-up window. It works in some scenarios - like the page is accessed from navigation menu and it misses some permission. But if I try to access the page which is not accessible via typing its address in a browser - I ALWAYS get the following page without details:
5 Answer(s)
-
0
Hi,
Can you provide steps to reproduce? thanks.
-
0
Hi. Here is the reproducable situation in the test project attached. Let's say I'm trying to access http://localhost:4200/dashboard via typing the address in a browser and the logged user does not have access to this page.
IAuthorizationMiddlewareResultHandlerimplementation is even not triggered - straight away default 403 forbidden is shown.P.S. Could you please add possibility to attach code zip archives to a message? It's not user-friendly to create cloud links each time.
-
0
Hi,
I will check it.
You will notice that I deleted the file link, because your license is included in the source code, I don't think you want to disclose it :)
-
0
Hi,
Try:
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IMethodInvocationAuthorizationService))] public class MyMethodInvocationAuthorizationService : IMethodInvocationAuthorizationService, ITransientDependency { private readonly IAbpAuthorizationPolicyProvider _abpAuthorizationPolicyProvider; private readonly IAbpAuthorizationService _abpAuthorizationService; public MyMethodInvocationAuthorizationService(IAbpAuthorizationPolicyProvider abpAuthorizationPolicyProvider, IAbpAuthorizationService abpAuthorizationService) { _abpAuthorizationPolicyProvider = abpAuthorizationPolicyProvider; _abpAuthorizationService = abpAuthorizationService; } public async Task CheckAsync(MethodInvocationAuthorizationContext context) { if (AllowAnonymous(context)) { return; } var authorizationPolicy = await AuthorizationPolicy.CombineAsync( _abpAuthorizationPolicyProvider, GetAuthorizationDataAttributes(context.Method) ); if (authorizationPolicy == null) { return; } var result = await _abpAuthorizationService.AuthorizeAsync(authorizationPolicy); if (!result.Succeeded) { var requirements = result.Failure.FailedRequirements; var missingPermissionBuilder = new StringBuilder(); foreach (var requirement in requirements) { if (requirement is PermissionRequirement abpRequirement) { missingPermissionBuilder.AppendLine(abpRequirement.PermissionName); } } throw new AuthorizationException( $"The next permissions are required:\r\n\r\n{missingPermissionBuilder}"); } } protected virtual bool AllowAnonymous(MethodInvocationAuthorizationContext context) { return context.Method.GetCustomAttributes(true).OfType<IAllowAnonymous>().Any(); } protected virtual IEnumerable<IAuthorizeData> GetAuthorizationDataAttributes(MethodInfo methodInfo) { var attributes = methodInfo .GetCustomAttributes(true) .OfType<IAuthorizeData>(); if (methodInfo.IsPublic && methodInfo.DeclaringType != null) { attributes = attributes .Union( methodInfo.DeclaringType .GetCustomAttributes(true) .OfType<IAuthorizeData>() ); } return attributes; } }Is this what you want?
-
0
Re-open if still not work.
