Client_id permissions #4691 | Support

jmalla.cp created one year ago

ABP Framework version: v6.0.1
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): Tired

Hi,

I want to deny access from some client_id application with some role to some application sevice.

Is that possbile? How can I do that?

Thanks for all

17 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

yes

https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-9c1da15b-8264-8fd5-d73a-39fb93d63fd0

https://github.com/abpframework/abp/issues/10316
0

jmalla.cp created one year ago

Hi,

My cuestion is, how can I deny access some user/role that tries to access through some client_id?

Thanks
0

maliming created one year ago
Support Team Fullstack Developer

hi

You can try to get the client_id of CurrentPrincipal in application services.

Or add some custom policy

https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-62c3b9e0-79a5-c909-476a-39fb982b4fd6
0

jmalla.cp created one year ago

Hi,

I can't acces to the CurrentPrincipal from my application services.

Can you give me some examples please?

Thanks

maliming created one year ago

Support Team Fullstack Developer

var allClaims = CurrentUser.GetAllClaims();

// Inject ICurrentPrincipalAccessor from ctor
var claimsPrincipal = LazyServiceProvider.LazyGetRequiredService<ICurrentPrincipalAccessor>().Principal;

0

jmalla.cp created one year ago

Hi,

Sorry but I think that I didn't explain myself very well

How can I only allow access from 'web.public' project, client_id="public", to users belonging to role 'A', but block these users trying to access from 'web' project, client_id="private" and throw the message Unauthorized.

maliming created one year ago

Support Team Fullstack Developer

You can get the current clientid. Then you can execute custom logic

public async Task<string> MyMethodAsync()
{
    var clientIdClaim = CurrentUser.GetAllClaims().FirstOrDefault(x => x.Type == AbpClaimTypes.ClientId);
    if (clientIdClaim != null)
    {
        if (clientIdClaim.Value == "public")
        {

        }

        if (clientIdClaim.Value == "private")
        {

        }
    }

}

0

jmalla.cp created one year ago

Hi,

I would that the user with role A can't Login from Web, the system throw UnAuthorized, and if the same role LogIn from Web.public, they can go on
0

maliming created one year ago
Support Team Fullstack Developer

You can try to override the OnPostAsync of OpenIddictSupportedLoginModel

In this method, you can get username and ClientId. It can complete the login or deny the login
0

jmalla.cp created one year ago

Where is this method?
0

maliming created one year ago
Support Team Fullstack Developer

account/src/Volo.Abp.Account.Pro.Public.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs
0

jmalla.cp created one year ago

And Where can I override this method, in AuthServer project?
0

maliming created one year ago
Support Team Fullstack Developer

Yes, in the AuthServer project.
0

jmalla.cp created one year ago

Sorry but I can't see where.

In AuthServer project there are only two folders, Themes and pages. And pages only has Index without any Post method
0

maliming created one year ago
Support Team Fullstack Developer

hi

This is a class. You can put it in any folder.
0

jmalla.cp created one year ago

Sorry but I don't undestand.

Can you give me an example?

Thanks
0

maliming created one year ago
Support Team Fullstack Developer

hi

https://support.abp.io/QA/Questions/1389/How-to-customize-register-page-MVC https://docs.abp.io/en/abp/latest/UI/AspNetCore/Customization-User-Interface

Have an answer to this question? Log in and write your answer.