Authorize Attribute #7518 | Support

Spospisil created 4 months ago

ABP Framework version: v7.3.2
UI Type: Blazor WASM
Database System: EF Core/PostgreSQL
Tiered (for MVC) or Auth Server Separated (for Angular): yes

I want to be able to add a line of code (similar to below) to the top of every page that would only be available to a tenant without having to add a abp 'permission' or 'feature' definition but rather would pass the authorize test based on whether the current user's tenent id is null or not.

How can this be done in ABP?

@attribute [Authorize(TenantUser)]

7 Answer(s)

maliming created 4 months ago

Support Team Fullstack Developer

You can add a tenant policy. and use it in your pages

eg: https://github.com/abpframework/abp/pull/10152#issue-1007619207

options.AddPolicy("MyClaimTestPolicy", policy =>
{
    policy.RequireAuthenticatedUser().RequireAssertion(handlerContext =>
    {
        var tenantId = handlerContext.User.FindTenantId();
        
        return false; // false to skip
    });
});

Spospisil created 4 months ago

Hi,

Is this the only thing I need to do to the code in order to get this to work? I keep getting the following message.

"Unhandled exception rendering component: The AuthorizationPolicy named: 'TenantPolicy' was not found."

private static void ConfigureAuthorization(ServiceConfigurationContext context)
{
    context.Services.AddAuthorization(options =>
    {
        options.AddPolicy("TenantPolicy", policy =>
        {
            policy.RequireAuthenticatedUser().RequireAssertion(handlerContext =>
            {
                var tenantId = handlerContext.User.FindTenantId();
                Console.WriteLine($"****** TenantId: {tenantId} ******");
                return false; // false to skip
            });

        });
    });
}

0

maliming created 4 months ago
Support Team Fullstack Developer

hi

Can you share a template project with your custom code? https://wetransfer.com/

liming.ma@volosoft.com

Thanks
0

Spospisil created 4 months ago

Hi,

Truly, it would be a lot quicker if you could produce a working sample of vs me trying to scale back my enterprise level application and all it's source code.

Could you please provide a sample based on blazor WASM tiered, etc?

Thanks.

maliming created 4 months ago

Support Team Fullstack Developer

In blazor wasm module.

private static void ConfigureAuthentication(WebAssemblyHostBuilder builder)
{
    builder.Services.AddOidcAuthentication(options =>
    {
        builder.Configuration.Bind("AuthServer", options.ProviderOptions);
        options.UserOptions.NameClaim = OpenIddictConstants.Claims.Name;
        options.UserOptions.RoleClaim = OpenIddictConstants.Claims.Role;

        options.ProviderOptions.DefaultScopes.Add("MyProjectName");
        options.ProviderOptions.DefaultScopes.Add("roles");
        options.ProviderOptions.DefaultScopes.Add("email");
        options.ProviderOptions.DefaultScopes.Add("phone");
    });

    builder.Services.AddAuthorizationCore(options =>
    {
        options.AddPolicy("TenantPolicy", policy =>
        {
            policy.RequireAuthenticatedUser().RequireAssertion(handlerContext =>
            {
                var userId = handlerContext.User.FindUserId();
                Console.WriteLine($"****** UserId: {userId} ******");

                var tenantId = handlerContext.User.FindTenantId();
                Console.WriteLine($"****** TenantId: {tenantId} ******");
                return true; // false to skip
            });
        });
    });
}

Index.razor of blazor wasm project

@attribute [Authorize(policy: "TenantPolicy")]

Output:

0

Spospisil created 4 months ago

Thank you. That resolved the issue.
0

maliming created 4 months ago
Support Team Fullstack Developer

Good news.

Have an answer to this question? Log in and write your answer.