- ABP Framework version: v8.1.0
- UI Type: MVC
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): tiered
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hi,
I'm replacing ABP's AuthServer with Auth0. I can authenticate users on Auth0, but that's the easiest part. To make things easier, I'm tackling one problem at a time. Please, note that I have looked at the docs and I didn't find anything pointing me in the right direction.
**I want to log into Admin Web Portal using my Auth0 user **
I have successfully configured the authentication to switch from Auth0 to Auth Server - both can authenticate, but only Auth Server authorises users.
**My questions are: **
- How do I let the authenticated user see the links and menus post-authentication?
- How do I ensure that ICurrentTenant has the correct tenant post-login?
- How do I ensure that CurrentUser.IsAuthenticated gets updated correctly? I can see that HttpContext.User.IsAuthenticated is equals true, but CurrentUser.IsAuthenticated is always false.
Thanks in advance.
6 Answer(s)
-
0
I spent the day looking into this, but unfortunately, as we are ABP Commercial customers, I can't see what IdentityPro registers. I would like to know which services to rewrite, which claims my users have to have, and how to ensure that tenant information and the current user are populated correctly.
-
0
hi
Replacing ABP's AuthServer with Auth0.
This could break a lot of built-in functionality, and I'm not sure it's feasible.
How do I let the authenticated user see the links and menus post-authentication?
Make sure the
ICurrentTenant
andICurrentUser
have correct values.How do I ensure that ICurrentTenant has the correct tenant post-login?
The
ICurrentTenant
changed fromMultiTenancyMiddleware
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/MultiTenancyMiddleware.cs#L61
How do I ensure that CurrentUser.IsAuthenticated gets updated correctly? I can see that HttpContext.User.IsAuthenticated is equals true, but CurrentUser.IsAuthenticated is always false.
Make sure
ICurrentUser
gets the correct claim type.https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs#L14 https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs#L35
You can change the
AbpClaimTypes
values.eg:
AbpClaimTypes.UserName = JwtClaimTypes.PreferredUserName; AbpClaimTypes.Name = JwtClaimTypes.GivenName; AbpClaimTypes.SurName = JwtClaimTypes.FamilyName; AbpClaimTypes.UserId = JwtClaimTypes.Subject; AbpClaimTypes.Role = JwtClaimTypes.Role; AbpClaimTypes.Email = JwtClaimTypes.Email;
-
0
Thank you, this was helpful!
A couple of additional questions on top of what I sent before:
- This could break a lot of built-in functionality, and I'm not sure it's feasible. Could you please expand on what you think would break and why?
- I am creating my own implementation of
ICurrentUser
and that seems to be the right direction in terms of passing the correct ID to ABP. How does ABP handle the claims received by Auth Server? Does ABP have anything in between the Auth Server and how claims get populated within theClaimsPrincipal
?
Thanks.
-
0
hi
I think the changes are too big, so there maybe some breaking. You can try it step by step.
abp will use
HttpContext.User(ClaimsPrincipal)
to populate theICurrentUser
-
0
Could you please share with me the code reference so I know where ABP populates
ICurrentUser
? I'm a commercial customer, but I'm happy with a reference to the open-source version, too.Thanks, Osmar
-
0
hi
ICurrentUser
claims getting from:https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs#L16
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/HttpContextCurrentPrincipalAccessor.cs#L18