Activities of "shijo"
Hi, I found a way to execute code after token validation. Added a JWTBearerEvent. How can I access users' data in TokenValidated, I tried to access using IdentityUserAppService but throwing the exception ABP Unauthorized in await userManager.FindByEmailAsync(this.UserEmail);
options.EventsType = typeof(UserValidation);
public class UserValidation : JwtBearerEvents
{
private string UserEmail { get; set; }
private string UserName { get; set; }
public UserValidation()
{
}
public override async Task TokenValidated(TokenValidatedContext context)
{
try
{
var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserAppService>();
ClaimsPrincipal userPrincipal = context.Principal;
if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
{
this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
}
var checkUser = await userManager.FindByEmailAsync(this.UserEmail);
if (checkUser == null)
{
var newUser = new IdentityUserCreateDto
{
Email = this.UserEmail,
UserName = this.UserEmail,
};
var result = await userManager.CreateAsync(newUser);
// Assign Roles
if (result!=null)
{
return;
}
else
{
throw new Exception("User Not added");
}
}
}
catch (Exception)
{
throw;
}
}
}
Hi, this is basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after token validation?
hi
Can you share a simple project? liming.ma@volosoft.com
I will download and check it.
Ok I will create and sample project and share. One more question regarding the user mapping, How can I map user which is authenticated by external sso and our admin api, we have to match the users with email and set currentuser for permission management.
hi
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0#use-multiple-authentication-schemes
I mapped the schemes globally, working fine when I placed [Authorize] attribute in controller. But in ABP we don't have any [Authorize] attribute, it is in ApplicationService. If I remove [Authorize] attribute from controller and keeping [Authorize] attribute in ApplicationService class, it's giving me unauthorized.
[RemoteService(IsEnabled = false)]
[Authorize]
public class AuthorsAppService : ApplicationService, IAuthorsAppService{
ctor...
public virtual async Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input)
{}
}
[RemoteService]
public class AuthorController : AbpController, IAuthorsAppService{
}
hi
You can call this code on controllers or
Authorize with a specific scheme in ASP.NET Corehttps://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0
Hi, I added [Authorize(AuthenticationSchemes = "Bearer,jwt2")] attribute in the controller it's working fine. How can I apply both schemes by default in all controllers?
Yes, You can add multiple scheme
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); options.Audience = "Test1"; }).AddJwtBearer("your_jwt_schema", options => { options... })
Ok this one I mapped, Where should I add this code ?
var result = await httpContext.AuthenticateAsync("your_jwt_schema");
if (result.Succeeded && result.Principal != null)
{
ctx.User = result.Principal;
}
your_jwt_schema
Hi, can you share a sample code ? Where should I call the AuthenticateAsync ?
In My API layer I have already one jwt authentication scheme is there, can I add multiple scheme? This is my existing
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "Test1";
});
}
hi
obtained token from External SSO Application
What kind of SSO application? Is the token a
JWTtoken?
Yes JWT token
ABP Framework version: v7.3.0
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Auth Server Separated (Angular): yes
Exception message and stack trace:
Steps to reproduce the issue:"
- Client Application/Mobile app getting authorized and obtained token from External SSO Application
- API call initiated with the tenant and generated token
How to configure extra authentication to validate this external token in abp api application ? Here is the sample flow diagram.
Working now. Removed all existing cli and suite folders and reinstalled the suite with apikey. Thanks for your quick support.