Unauthenticated users were able to retrieve the contents of the tenants and paged tenants. https://myhost/api/saas/tenants
How to Secure this in our application?
- ABP Framework version: v7.2.2
- UI Type: Angularr
- Database System: EF Core (PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
- Exception message and full stack trace:
- Steps to reproduce the issue: This behaviour can be seen in demo application as well https://commercial-demo.abp.io/api/saas/tenants
7 Answer(s)
-
0
Hi,
I could not reproduce the problem.
If the user does not log in, it will redirect to login page
If the user does not have permission, it will be rejected
-
0
Thanks for the quick response.
Please can you guide where we might be missing Authorisation? Do we need to override this API in our application and how to do it with less impact on overall functionality?
-
0
Hi,
It already requires authorization, you don't need to override it
-
0
If you still face this problem, you can share a test project. I will check it. my email is shiwei.liang@volosoft.com
-
0
Hi @liangshiwei
We have created a CustomTenantAppService
public class CustomTenantAppService : ApplicationService, ITenantAppService { //Some code here to return tenant related data }DO we need to apply same [Authorize(SaasHostPermissions.Tenants.Default] in this class?
-
0
Yes, you need it.
If you inherit from
TenantAppService, then you don't need it. -
0
Great, Thank you so much for the quick help.
