Implementing two client apps with different user types and same API #2101 | Support

dkaczor created 3 years ago

ABP Framework version: v4.4
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no

I want to create a system where there are two different types of user with possibly different client apps, let's say it's an e-commerce system where I need allow logging for customers and for employees. They obiously cannot use the same features so I wanted do create separate client angular app for customers just like you did in this sample and added separate Client in Identity Server settings. My question is - how can I distinguish these two types of users and prevent one from accesing another's client app. The only possibility I can see is assigning them different roles and authorizing every endpoint. To achieve this I should assign the role automatically when registering user - is there a way to assign it based on what client is calling the API?

Or maybe your IdentityServer module provides different way to achieve it? It's probably a common use case for your framework.

5 Answer(s)

0

maliming created 3 years ago
Support Team Fullstack Developer

is there a way to assign it based on what client is calling the API?

Using roles is the easiest way, and they can be assign it if they use different IdentityServer Client.

In short, we can implement these after user authentication.
0

dkaczor created 3 years ago

Using roles is the easiest way, and they can be assign it if they use different IdentityServer Client.

In short, we can implement these after user authentication.

Thanks for a quick response. Could you provide any steps on how to intercept the event after authentication and extract information about which client called it? I could not find any sufficient documentation for that matter.
0

maliming created 3 years ago
Support Team Fullstack Developer

hi

You can check the request and identity in the middleware.

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/write?view=aspnetcore-6.0

1
0

dkaczor created 3 years ago

I might have not been clear - I want to check the client after a user registers so I can set his role. Is this still the best solution? I think middleware is executed with every API call, it would be useful for checking if user has required role but I first need to somehow set it.
0

maliming created 3 years ago
Support Team Fullstack Developer

I want to check the client after a user registers so I can set his role

You can also check the URL of the current request to determine the caller, or add a special header to request.

Have an answer to this question? Log in and write your answer.