Open Closed

No Permission to read Settings on User-Signup #1815


User avatar
0
mrall created
  • ABP Framework version: v4.4.0
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hello, I created a quite simple ABP.IO Projekt from the commercial template. I have a custom signup-page that inherits from "RegisterModel", in that page I call "var user = await RegisterLocalUserAsync();" to create the ABP-User.

That works fine in Development but in Production I get serveral Permission Errors:

2021-09-07 11:19:58.447 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2021-09-07 11:19:58.470 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2021-09-07 11:19:58.472 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: LeptonThemeManagement.Settings 2021-09-07 11:19:58.480 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement 2021-09-07 11:19:58.541 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: SettingManagement.Emailing 2021-09-07 11:19:58.542 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpIdentity.SettingManagement 2021-09-07 11:19:58.543 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: LeptonThemeManagement.Settings 2021-09-07 11:19:58.543 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: AbpAccount.SettingManagement

It's clear that the new (still anonymous) user has no permissions...

Now my questions:

  • Why do I get this Errors only in Production ?
  • How can I impersonate to the admin-user to signup the new user so I don't have to make all the above things public?
  • Or what is the recommended way to execute protected logic for a user that doesn't have the correct permissions ?

cheers


4 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you provide a project or steps to reproduce?

  • User Avatar
    0
    mrall created

    Well, just create a new empty Application with abp suite (MVC, EF Core, not tiered), setup correct email settings, run in release mode and try to register -> results in permission denied-errors (and btw, the frontend stays in loading instead of displaying the error message).

    The user is created in the Database, but no confirmation-mail is sent and automatic login is not working.

    When trying to login with the new user the login/verify-email page is shown (which is correct), but clicking on "verify" again has no effect.

    2021-09-08 09:36:06.036 +02:00 [INF] Executing endpoint 'Volo.Abp.Account.AccountController.SendEmailConfirmationTokenAsync (Volo.Abp.Account.Pro.Public.HttpApi)' 2021-09-08 09:36:06.039 +02:00 [INF] Route matched with {area = "account", action = "SendEmailConfirmationToken", controller = "Account", page = ""}. Executing controller action with signature System.Threading.Tasks.Task SendEmailConfirmationTokenAsync(Volo.Abp.Account.SendEmailConfirmationTokenDto) on controller Volo.Abp.Account.AccountController (Volo.Abp.Account.Pro.Public.HttpApi).

    nothing happens after this line ....

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I can't reproduce the problem, can I check it remotely? shiwei.liang@volosoft.com

  • User Avatar
    0
    mrall created

    after changing to MailKit (https://docs.abp.io/en/abp/latest/MailKit) as you suggested everything works fine - maybe you should check your default EMailSender.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19