hi
You can keep testing it and give feedback here.
Working fine, I mapped the role in admin to give permission to access the APIs.
One more question, Is that a good approach to check user availability from db on the token-validated event?
Hi, Can you update me on this, the task is bit urgent
hi
I can check it remotely. My time zone is utc+8.
I have teamviewer, can you access ?? Let me know your convenient time, I am available any time.
Hi, Nothing is working out.
See I want to switch users based on token claim data emailid, before calling the APIs, I think now that's user switching is not happening, and thats why API authorization is failing.
When I am calling API, lifecycle is somethings like this
TestApp.HttpApi.Host
All APIs are in TestApp.HttpApi.Host, how to access API by external user? Strange thing is when I placed [Authorize(AuthenticationSchemes = "Bearer,jwt2")] in controller attribute api returning data and same thing when I placed in Service not working
hi
I downloaded the code. Any steps?
You can see there, I used 2 JWTbearer, One is Internal, and the other is external,
hi
Can you share a simple project to reproduce the above exception?
liming.ma@volosoft.com
Hi,
I have shared sample code here, can you check
hi
I guess on the
JwtBearerEventsmethod the authentication has not finished.You can call the app service after
app.UseAuthentication
I am looking to impersonate a user after token validation, I did this but user unauthorised exception coming, After fetching the user I want to sign in with that user in order to access APIs, where should I exactly place the code to impersonate user after validation?
public override async Task TokenValidated(TokenValidatedContext context)
{
try
{
ClaimsPrincipal userPrincipal = context.Principal;
if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
{
this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
}
var checkUser = await UserManager.FindByEmailAsync(this.UserEmail);
if (checkUser == null)
{
checkUser = new Volo.Abp.Identity.IdentityUser(Guid.NewGuid(), this.UserEmail, this.UserEmail, _currentTenant.Id);
var result = await UserManager.CreateAsync(checkUser);
// Assign Roles
if (result != null)
{
return;
}
else
{
throw new Exception("User Not added");
}
}
else
{
var newPrincipal = new ClaimsPrincipal(
new ClaimsIdentity(
new Claim[]
{
new Claim(AbpClaimTypes.UserId, checkUser.Id.ToString()),
new Claim(AbpClaimTypes.TenantId, checkUser.TenantId.ToString()),
new Claim(AbpClaimTypes.UserName, checkUser.Email),
new Claim(AbpClaimTypes.Role, "admin")
}
)
);
_currentPrincipalAccessor.Change(newPrincipal);
}
}
catch (Exception)
{
throw;
}
}
Hi, I found a way to execute code after token validation. Added a JWTBearerEvent. How can I access users' data in TokenValidated, I tried to access using IdentityUserAppService but throwing the exception ABP Unauthorized in await userManager.FindByEmailAsync(this.UserEmail);
options.EventsType = typeof(UserValidation);
public class UserValidation : JwtBearerEvents
{
private string UserEmail { get; set; }
private string UserName { get; set; }
public UserValidation()
{
}
public override async Task TokenValidated(TokenValidatedContext context)
{
try
{
var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserAppService>();
ClaimsPrincipal userPrincipal = context.Principal;
if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
{
this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
}
var checkUser = await userManager.FindByEmailAsync(this.UserEmail);
if (checkUser == null)
{
var newUser = new IdentityUserCreateDto
{
Email = this.UserEmail,
UserName = this.UserEmail,
};
var result = await userManager.CreateAsync(newUser);
// Assign Roles
if (result!=null)
{
return;
}
else
{
throw new Exception("User Not added");
}
}
}
catch (Exception)
{
throw;
}
}
}
Hi, this is basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after token validation?
