Open Closed

How to block backoffice access to certain roles? #2189


User avatar
0
sukeshchand created

Hi,

I wanted only certain users/roles can able login to backoffice (https://localhost/Account/Login), but the all user must be able to sign in using api auth, Is there any standard way to achive this in ABP IO?

Thanks. sukesh chand


2 Answer(s)
  • User Avatar
    0
    berkansasmaz created
    Support Team .NET Developer

    I'm trying to understand your use case, will back-office application pages require a specific role but not end-points, aren't they?

    If so, a code like the one below might work for you:

    options.Conventions.AuthorizeFolder("/YourFolderName", MyProjectNamePermissions.Backoffice.Default);
    

    I would like to share a little more information on the subject 😊

    ABP extends ASP.NET Core Authorization by adding permissions as auto policies and allowing the authorization system to be usable in the application services too. Therefore, you can refer to these documents on the subject 👇👇

    1. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/razor-pages-authorization?view=aspnetcore-6.0#require-authorization-to-access-a-folder-of-pages
    2. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-6.0
    3. https://docs.abp.io/en/abp/latest/Authorization
  • User Avatar
    0
    sukeshchand created

    Thanks for the help.

    I found a way to do it. Override/Customize the SiginIn manager and implement the custom logic.

    https://docs.abp.io/en/abp/2.9/How-To/Customize-SignIn-Manager

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09