Starts in:
2 DAYS
8 HRS
36 MIN
14 SEC
Starts in:
2 D
8 H
36 M
14 S

Activities of "shijo"

Hi, I found a way to execute code after token validation. Added a JWTBearerEvent. How can I access users' data in TokenValidated, I tried to access using IdentityUserAppService but throwing the exception ABP Unauthorized in await userManager.FindByEmailAsync(this.UserEmail);

options.EventsType = typeof(UserValidation);

public class UserValidation : JwtBearerEvents
    {
        private string UserEmail { get; set; }
        private string UserName { get; set; }
        public UserValidation()
        {
            
        }
        public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserAppService>();

                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                
                var checkUser = await userManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    var newUser = new IdentityUserCreateDto
                    {
                        Email = this.UserEmail,
                        UserName = this.UserEmail,
                    };

                    var result = await userManager.CreateAsync(newUser);

                    // Assign Roles
                    if (result!=null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
            }
            catch (Exception)
            {
                throw;
            }
        }
    }

Hi, this is basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after token validation?

hi

Can you share a simple project? liming.ma@volosoft.com

I will download and check it.

Ok I will create and sample project and share. One more question regarding the user mapping, How can I map user which is authenticated by external sso and our admin api, we have to match the users with email and set currentuser for permission management.

hi

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0#use-multiple-authentication-schemes

I mapped the schemes globally, working fine when I placed [Authorize] attribute in controller. But in ABP we don't have any [Authorize] attribute, it is in ApplicationService. If I remove [Authorize] attribute from controller and keeping [Authorize] attribute in ApplicationService class, it's giving me unauthorized.

[RemoteService(IsEnabled = false)]
[Authorize]
public class AuthorsAppService : ApplicationService, IAuthorsAppService{
    ctor...
    
    public virtual async Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input)
    {}
}

[RemoteService]
public class AuthorController : AbpController, IAuthorsAppService{

}

hi

You can call this code on controllers or Authorize with a specific scheme in ASP.NET Core

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0

Hi, I added [Authorize(AuthenticationSchemes = "Bearer,jwt2")] attribute in the controller it's working fine. How can I apply both schemes by default in all controllers?

Yes, You can add multiple scheme

context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) 
            .AddJwtBearer(options => 
            { 
                options.Authority = configuration["AuthServer:Authority"]; 
                options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); 
                options.Audience = "Test1"; 
            }).AddJwtBearer("your_jwt_schema", options => 
            { 
                options... 
            }) 
 

Ok this one I mapped, Where should I add this code ?

var result = await httpContext.AuthenticateAsync("your_jwt_schema");
if (result.Succeeded && result.Principal != null)
{
    ctx.User = result.Principal;
}

your_jwt_schema

Hi, can you share a sample code ? Where should I call the AuthenticateAsync ?

In My API layer I have already one jwt authentication scheme is there, can I add multiple scheme? This is my existing

private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
    {
    context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.Authority = configuration["AuthServer:Authority"];
                options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                options.Audience = "Test1";
            });
    }

hi

obtained token from External SSO Application

What kind of SSO application? Is the token a JWT token?

Yes JWT token

  • ABP Framework version: v7.3.0

  • UI type: Angular

  • DB provider: EF Core

  • Tiered (MVC) or Auth Server Separated (Angular): yes

  • Exception message and stack trace:

  • Steps to reproduce the issue:"

    1. Client Application/Mobile app getting authorized and obtained token from External SSO Application
    2. API call initiated with the tenant and generated token

    How to configure extra authentication to validate this external token in abp api application ? Here is the sample flow diagram.

Working now. Removed all existing cli and suite folders and reinstalled the suite with apikey. Thanks for your quick support.

Showing 31 to 40 of 109 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06