Hello,
The main project is the Auth server. Donor and Lab are client projects. If you log in with the Administrator (admin role), you can see the TestSample menu button on the web side of the Lab project. You can create a new role as a user. Then, you can grant permission for the TestSample menu in the Main project. After that, if you log in to the Lab project with a user belonging to this role, the TestSample button that you granted permission for in the Main project should appear, but it does not.
Thanks.
I sent three projects.
Thanks
Yes, that's exactly what I wanted to do. All projects will get tokens from the Main(Auth) server, all users will be in this server's database, and this server will also have roles and permissions. Other applications will work by getting identity management and permissions from a single place.
In the projects I set up, I entered the authserver information in appsettings as the Main(Auth) application's information. Login and Redirect work fine on the web. I also added the Permission information for other projects to the Main application. I even wrote the information for other projects in the application section. I also made the additions to the Scopes section.
Admin User Access Token (This token is taken from LabManagement)
eyJhbGciOiJSUzI1NiIsImtpZCI6IjdGRUQzRDEzOUM4MzQwRkYxNjM1QjlBNDQ1MzA3OUEyMTBGMTU0NjQiLCJ4NXQiOiJmLTA5RTV5RFFQOFdOYm1rUlRCNW9oRHhWR1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDM4OC8iLCJleHAiOjE3NTYzNjM5OTQsImlhdCI6MTc1NjM2MDM5NCwiYXVkIjoiTGFiTWFuYWdlbWVudCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgcm9sZXMgZW1haWwgcGhvbmUgTGFiTWFuYWdlbWVudCIsImp0aSI6IjExYmY1NDM5LWYyMGUtNGI3OC04YzFhLTkwYWFjYjY3ZTJhYiIsInN1YiI6IjNhMWIzOGRkLThkZWEtNzU3YS00ZDYxLTUwYzQ1M2U4MjJmZCIsInNlc3Npb25faWQiOiIxZWE0ZTc5Yy1hZTY3LTRjYjMtOThhZS05ZGZkMDkzYTZhZGYiLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwib2lfcHJzdCI6IkxhYk1hbmFnZW1lbnRfV2ViIiwib2lfYXVfaWQiOiIzYTFiMzlhZC1jM2U1LTNkNmMtOWMzZS02ZDcxNWU3MDljYTEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImdpdmVuX25hbWUiOiJhZG1pbiIsInJvbGUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AYWJwLmlvIiwiZW1haWxfdmVyaWZpZWQiOiJGYWxzZSIsInBob25lX251bWJlcl92ZXJpZmllZCI6IkZhbHNlIiwiY2xpZW50X2lkIjoiTGFiTWFuYWdlbWVudF9XZWIiLCJvaV90a25faWQiOiIzYTFjMDE2OS05ZWEwLTkwMDgtNzIzMC00N2U5M2JjOTk5MGYifQ.sZhVQw9wTYr_jvVouR5cg9lkpkJ_ydkdPdhPqdT2x4LlE_z5zF3N-YcMlUOSCOT8S26hnmjFm9C6ffUu_s_GmG9CvFDtK513_VihJuRvAVFeLhvrm6l8dcotBXV28QLpOPXea8nCMm7VP94wHr0qQvDfJBzIijo3MrruZDipcRpuwus-LSbmqgeOs_mt_v9R40xoPSB6cmvj4SXX0BFJx2MBe5Hsv2B-iyGunoNiiEYHVrezm1zuAuFqPxrEFI3WycrMc5_1SOb6519me-JfqQgHUtgSt3XVGo2I_xkG9KcntLXAjUOVPnxOlfQqthw4OEH6aEr4VDC2N2i3BzoopQ
(Main - Auth Server) https://localhost:44388/api/account/my-profile
Response : 401 Unauthrozied
(LabManagement) https://localhost:44365/api/account/my-profile Response : 400 Not Found { "error": { "code": null, "message": "There is no entity IdentityUser with id = 3a1b38dd-8dea-757a-4d61-50c453e822fd!", "details": null, "data": null, "validationErrors": null } }
Admin User Access Token (This token is taken from Main Api)
eyJhbGciOiJSUzI1NiIsImtpZCI6IjdGRUQzRDEzOUM4MzQwRkYxNjM1QjlBNDQ1MzA3OUEyMTBGMTU0NjQiLCJ4NXQiOiJmLTA5RTV5RFFQOFdOYm1rUlRCNW9oRHhWR1EiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDM4OC8iLCJleHAiOjE3NTYzNjgzOTksImlhdCI6MTc1NjM2NDc5OSwiYXVkIjoiTWFpbiIsInNjb3BlIjoiTWFpbiIsImp0aSI6IjRjY2MwY2M1LTQzN2YtNGMzYi05ZThhLWZhMTk4MzZhZDQyZCIsInN1YiI6IjNhMWIzOGRkLThkZWEtNzU3YS00ZDYxLTUwYzQ1M2U4MjJmZCIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBhYnAuaW8iLCJyb2xlIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImVtYWlsX3ZlcmlmaWVkIjoiRmFsc2UiLCJzZXNzaW9uX2lkIjoiNTMyN2Q1MDQtN2ViNC00ZTUzLTg4YjEtMGYyMGI0ZWJjMGRlIiwidW5pcXVlX25hbWUiOiJhZG1pbiIsIm9pX3Byc3QiOiJNYWluX0FwcCIsImNsaWVudF9pZCI6Ik1haW5fQXBwIiwib2lfdGtuX2lkIjoiM2ExYzAxYWMtZDU3ZS1lZmJjLTkxOGQtYzNmZGE2N2EzODg2In0.TMRBw-ubouuigi5cLXUOWt91HMmHX_Zc28ksc9gM6p3vdVnj1aNMqob72v1yjhPJDEfIceVOAAMdawGjSlqdfc1DYCxeQT0j4PYNQyN5UlZHpP7d1JY3CP8a7JxK6R2-9C4zYp9lRPcp5J8fNDWwnv7y-f_s2RaCQYrxwltUhS4WdRN6nJvFmU9T-kJpKW5MZyylBzHdwWpg-KV_eBE2SK2qdTRrTfVKwITObA0_P-RNQxHBJqlaRITUyAk0lBndHvWywd_kU-S926kqYALO-C96pBtCyTs_SIxhaM98vlRiZyck2CdK5PQleCZ1lXVIF1Hm-laGj-ZD0BBc6AeMOw
(Main - Auth Server) https://localhost:44388/api/account/my-profile Response : 200 { "userName": "admin", "email": "admin@abp.io", "emailConfirmed": false, "name": "admin", "surname": null, "phoneNumber": null, "phoneNumberConfirmed": false, "isExternal": false, "hasPassword": true, "supportsMultipleTimezone": false, "timezone": "Unspecified", "concurrencyStamp": "3b39179b58a249ea923a934e917dee09", "extraProperties": {} }
(LabManagement) https://localhost:44365/api/account/my-profile
Response : 401 Unauthrozied
I checked that permissions exist on both the client and the auth server. However, even if I grant permission for a role assigned to a user on the auth server, the relevant menu does not appear on the client side of the web.
The MediatR Library is known for its CQRS pattern, but do you have any suggestions for using the CQRS pattern without using this library?
(we suggest composing all UIs in the main application, and our tutorials also explain in that way, but you can make some modifications to make your services as independent UI apps)
I will run a test on this, thanks for your response.
Thanks for the response. I solved this problem, but there was a problem with the login process. Although authentication is successful in the login process, redirect_uri is looping in a meaningless way and requests are constantly thrown on the screen. In Firefox I get an unauthorized site screen, in Chrome the request ends with stopped because the url is too long. If I press F5 and refresh the screen, the site comes up correctly.
Unfortunately I couldn't overcome this problem so I reverted back to version 7.4.
I guess I didn't express my request clearly and I apologize for that. I have knowledge about concurrency. If I didn't use abp.io, I would know how to avoid this conflict. I wanted to know how abp.io would behave when multiple hangfire workers are running at the same time, if the dbcontext in the hangfire workers has unitofwork instances created there. I would even like to know how you proceeded if you have dealt with such a development before.
I guess I will test this and find out.
Thank you liangshiwei for your attention and help.
