Open Closed

Best Practise to allow anonymous Users to call service functions #479


User avatar
0
ab created
  • ABP Framework version: v3.2
  • UI type: MVC
  • Tiered (MVC) or Identity Server Seperated (Angular): no

Hello, I am currently creating a project for a public website. Thereby I call methods from the "AppServices". This methods come with the default Authroize attribues this is why the user gets a "access denied" For the generation of the entities I use the "abp suite", which then overwrites the services.

What is the best practise to allow anonymous users to display information? Should I rewrite/ overwrite the service methods like "GetWithNavigationPropertiesAsync" or is there a better idea? Is it possible to grant the anonymous user a default permission level?


3 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    the only way is removing the [Authorize] attribute from Application Services. If you want to guard some specific Web API actions, you can also put the [Authorize] attribute to your service methods .

  • User Avatar
    0
    ab created

    Hi Alper, Thank you for your reply.

    I really like your abp suite for adding but also modifing existing entities. When modifing the entity the service will get overwritten. Do you have any practical hint how I can modify authorization without deleting the attribute?

    Thank you

  • User Avatar
    0
    alper created
    Support Team Director

    actually there's no practical way of this :(

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09