Open Closed

Unified authorization management for multiple subsystems #4941


User avatar
0
guoanjin created
  • ABP Framework version: v7.1
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"
  • Hello, I have a question about login authorization. Our company has developed multiple business systems based on the modular ABP framework. These systems require unified permission management. Prior to using ABP, we developed our systems in a conventional front-end and back-end separation pattern. The front-end pages would call a unified interface of the authorization system for login, obtain the corresponding roles and permissions. We called this the Portal platform. After switching to the ABP framework, I am unsure how to modify my subsystems to call a common service for authorization during login, similar to our previously self-developed portal. Do you have any solutions or case studies for my situation of multiple subsystems with unified authorization management based on the ABP framework? Thank you.

3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Actually, it sounds like microservices.

    you can check our microservice template and eShopOnAbp examples.

    • https://docs.abp.io/en/commercial/latest/startup-templates/microservice/index
    • https://github.com/abpframework/eShopOnAbp

    You can understand each independently deployed service as a subsystem, each service uses a unified authorization server.

    We also have a community Talks video: https://www.youtube.com/watch?v=TpyROlTBc50

  • User Avatar
    0
    brad created

    Hi, In fact,the question is , we have many subsystems and UIs of these subsystems usually update frequently. So we don't want to unite all UI to one main host program,which leads to a bad user`s exprience.For this reason,we design a portal which is an entrance of all subsystems and show links of subsystems.

    We wonder to how to get roles and permissions from central auth server,not like ABP microservices template which unite all microservice UI to one Main host.That is not what we want.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    As I said, you can understand the service as a subsystem, except that it has no UI.

    We wonder to how to get roles and permissions from central auth server,not like ABP microservices template which unite all microservice UI to one Main host.That is not what we want.

    ok, I try to give you another suggestion, but I don't know about your solution architecture details

    I assume that you already have an auth server center.

    You can configure the OpenIdConnect for authentication:

    You need to create an openIddict application for each subsystem,

    You can use remote services to get data such as role permissions

    Install the following packages and add module dependencies

    Volo.Abp.Http.Client.Web Volo.Abp.AspNetCore.Mvc.Client Volo.Abp.Http.Client.IdentityModel.Web

    Update appsettings.json

      "RemoteServices": {
        "Default": {
          "BaseUrl": "Your auth server URL"
        }
      }
    

    We already do this in the template, you can create a project to check: abp new Myapp -u blazor-server --tiered

Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07