Closed

Client_id permissions #4691

jmalla.cp created 2 years ago

ABP Framework version: v6.0.1
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): Tired

Hi,

I want to deny access from some client_id application with some role to some application sevice.

Is that possbile? How can I do that?

Thanks for all

17 Answer(s)

0

maliming created 2 years ago
Support Team Fullstack Developer

hi

yes

https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-9c1da15b-8264-8fd5-d73a-39fb93d63fd0

https://github.com/abpframework/abp/issues/10316
0

jmalla.cp created 2 years ago

Hi,

My cuestion is, how can I deny access some user/role that tries to access through some client_id?

Thanks
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

You can try to get the client_id of CurrentPrincipal in application services.

Or add some custom policy

https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-62c3b9e0-79a5-c909-476a-39fb982b4fd6
0

jmalla.cp created 2 years ago

Hi,

I can't acces to the CurrentPrincipal from my application services.

Can you give me some examples please?

Thanks

maliming created 2 years ago

Support Team Fullstack Developer

var allClaims = CurrentUser.GetAllClaims();

// Inject ICurrentPrincipalAccessor from ctor
var claimsPrincipal = LazyServiceProvider.LazyGetRequiredService<ICurrentPrincipalAccessor>().Principal;

0

jmalla.cp created 2 years ago

Hi,

Sorry but I think that I didn't explain myself very well

How can I only allow access from 'web.public' project, client_id="public", to users belonging to role 'A', but block these users trying to access from 'web' project, client_id="private" and throw the message Unauthorized.

maliming created 2 years ago

Support Team Fullstack Developer

You can get the current clientid. Then you can execute custom logic

public async Task<string> MyMethodAsync()
{
    var clientIdClaim = CurrentUser.GetAllClaims().FirstOrDefault(x => x.Type == AbpClaimTypes.ClientId);
    if (clientIdClaim != null)
    {
        if (clientIdClaim.Value == "public")
        {

        }

        if (clientIdClaim.Value == "private")
        {

        }
    }

}

0

jmalla.cp created 2 years ago

Hi,

I would that the user with role A can't Login from Web, the system throw UnAuthorized, and if the same role LogIn from Web.public, they can go on
0

maliming created 2 years ago
Support Team Fullstack Developer

You can try to override the OnPostAsync of OpenIddictSupportedLoginModel

In this method, you can get username and ClientId. It can complete the login or deny the login
0

jmalla.cp created 2 years ago

Where is this method?
0

maliming created 2 years ago
Support Team Fullstack Developer

account/src/Volo.Abp.Account.Pro.Public.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs
0

jmalla.cp created 2 years ago

And Where can I override this method, in AuthServer project?
0

maliming created 2 years ago
Support Team Fullstack Developer

Yes, in the AuthServer project.
0

jmalla.cp created 2 years ago

Sorry but I can't see where.

In AuthServer project there are only two folders, Themes and pages. And pages only has Index without any Post method
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

This is a class. You can put it in any folder.
0

jmalla.cp created 2 years ago

Sorry but I don't undestand.

Can you give me an example?

Thanks
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

https://support.abp.io/QA/Questions/1389/How-to-customize-register-page-MVC
https://docs.abp.io/en/abp/latest/UI/AspNetCore/Customization-User-Interface