Open Closed

Implementing two client apps with different user types and same API #2101


User avatar
0
dkaczor created
  • ABP Framework version: v4.4
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

I want to create a system where there are two different types of user with possibly different client apps, let's say it's an e-commerce system where I need allow logging for customers and for employees. They obiously cannot use the same features so I wanted do create separate client angular app for customers just like you did in this sample and added separate Client in Identity Server settings. My question is - how can I distinguish these two types of users and prevent one from accesing another's client app. The only possibility I can see is assigning them different roles and authorizing every endpoint. To achieve this I should assign the role automatically when registering user - is there a way to assign it based on what client is calling the API?

Or maybe your IdentityServer module provides different way to achieve it? It's probably a common use case for your framework.


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    is there a way to assign it based on what client is calling the API?

    Using roles is the easiest way, and they can be assign it if they use different IdentityServer Client.

    In short, we can implement these after user authentication.

  • User Avatar
    0
    dkaczor created

    Using roles is the easiest way, and they can be assign it if they use different IdentityServer Client.

    In short, we can implement these after user authentication.

    Thanks for a quick response. Could you provide any steps on how to intercept the event after authentication and extract information about which client called it? I could not find any sufficient documentation for that matter.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can check the request and identity in the middleware.

    https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/write?view=aspnetcore-6.0

  • User Avatar
    0
    dkaczor created

    I might have not been clear - I want to check the client after a user registers so I can set his role. Is this still the best solution? I think middleware is executed with every API call, it would be useful for checking if user has required role but I first need to somehow set it.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I want to check the client after a user registers so I can set his role

    You can also check the URL of the current request to determine the caller, or add a special header to request.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09