Open Closed

Client_id permissions #4691


User avatar
0
jmalla.cp created
  • ABP Framework version: v6.0.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Tired

Hi,

I want to deny access from some client_id application with some role to some application sevice.

Is that possbile? How can I do that?

Thanks for all


17 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    yes

    https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-9c1da15b-8264-8fd5-d73a-39fb93d63fd0

    https://github.com/abpframework/abp/issues/10316

  • User Avatar
    0
    jmalla.cp created

    Hi,

    My cuestion is, how can I deny access some user/role that tries to access through some client_id?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to get the client_id of CurrentPrincipal in application services.

    Or add some custom policy

    https://support.abp.io/QA/Questions/1112/How-to-grant-access-to-Identity-Server-Client-on-multi-tenancy#answer-62c3b9e0-79a5-c909-476a-39fb982b4fd6

  • User Avatar
    0
    jmalla.cp created

    Hi,

    I can't acces to the CurrentPrincipal from my application services.

    Can you give me some examples please?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
    var allClaims = CurrentUser.GetAllClaims();
    
    // Inject ICurrentPrincipalAccessor from ctor
    var claimsPrincipal = LazyServiceProvider.LazyGetRequiredService<ICurrentPrincipalAccessor>().Principal;
    
  • User Avatar
    0
    jmalla.cp created

    Hi,

    Sorry but I think that I didn't explain myself very well

    How can I only allow access from 'web.public' project, client_id="public", to users belonging to role 'A', but block these users trying to access from 'web' project, client_id="private" and throw the message Unauthorized.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can get the current clientid. Then you can execute custom logic

    public async Task<string> MyMethodAsync()
    {
        var clientIdClaim = CurrentUser.GetAllClaims().FirstOrDefault(x => x.Type == AbpClaimTypes.ClientId);
        if (clientIdClaim != null)
        {
            if (clientIdClaim.Value == "public")
            {
    
            }
    
            if (clientIdClaim.Value == "private")
            {
    
            }
        }
    
    }
    
  • User Avatar
    0
    jmalla.cp created

    Hi,

    I would that the user with role A can't Login from Web, the system throw UnAuthorized, and if the same role LogIn from Web.public, they can go on

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can try to override the OnPostAsync of OpenIddictSupportedLoginModel

    In this method, you can get username and ClientId. It can complete the login or deny the login

  • User Avatar
    0
    jmalla.cp created

    Where is this method?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    account/src/Volo.Abp.Account.Pro.Public.Web.OpenIddict/Pages/Account/OpenIddictSupportedLoginModel.cs

  • User Avatar
    0
    jmalla.cp created

    And Where can I override this method, in AuthServer project?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Yes, in the AuthServer project.

  • User Avatar
    0
    jmalla.cp created

    Sorry but I can't see where.

    In AuthServer project there are only two folders, Themes and pages. And pages only has Index without any Post method

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is a class. You can put it in any folder.

  • User Avatar
    0
    jmalla.cp created

    Sorry but I don't undestand.

    Can you give me an example?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://support.abp.io/QA/Questions/1389/How-to-customize-register-page-MVC https://docs.abp.io/en/abp/latest/UI/AspNetCore/Customization-User-Interface

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15