Open Closed

ClientId permissions #5162


User avatar
0
jmalla.cp created
  • ABP Framework version: v6.0.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Tired

After I follow this steps, https://support.abp.io/QA/Questions/4691/Clientid-permissions, can't solve my issue

To override the class OpenIddictSupportedLoginModel, but it dosen't work. The methos OnPostAsync inside that never runs.

I try to override the class LoginModel in AuthServer project, but in the method OnPostAsync the CurrentUser is null.

[Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(LoginModel))]
    public class CustomLoginModel : LoginModel
    {
        public CustomLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions)
        {
        }

        public override async Task<IActionResult> OnPostAsync(string action)
        {
            var clientIdClaim = CurrentUser.GetAllClaims().FirstOrDefault(x => x.Type == AbpClaimTypes.ClientId);
            if (clientIdClaim != null)
            {
                if (clientIdClaim.Value == "Internal")
                {
                    if (CurrentUser.IsInRole(Roles.RoleConsts.Internal))
                        return await base.OnPostAsync(action);
                    else
                        throw new AbpAuthorizationException();
                }
                if (clientIdClaim.Value == "Public")
                {
                    return await base.OnPostAsync(action);
                }
            }

            return await base.OnPostAsync(action);
        }
    }

What I can do, to get ClientId and Roles from user to try to login?

Thanks


15 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(LoginModel))]
    public class CustomLoginModel : LoginModel
    {
        public CustomLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions identityOptions, IOptionsSnapshot reCaptchaOptions) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions)
        {
        }
    
        public override async Task OnPostAsync(string action)
        {
            var request = await OpenIddictRequestHelper.GetFromReturnUrlAsync(ReturnUrl);
            if (request?.ClientId != null)
            {
                // check the request here
            }
    
            return await base.OnPostAsync(action);
        }
    }```
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can get username and client_id from the request.

  • User Avatar
    0
    jmalla.cp created

    Hi,

    Wich namespace I need to call OpenIddictRequestHelper?

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    https://github.com/abpframework/abp/blob/75f40ccf196735ea4073f87fe67e58d8e1f73194/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictRequestHelper.cs#L11

  • User Avatar
    0
    jmalla.cp created

    Yes, but this is not a static class. How can I run this method inside my CustomLoginModel class

    Thaks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can inject this service

  • User Avatar
    0
    jmalla.cp created

    Hi,

    Thanks.

    In OnPostAsync method the request.UserName is null

    How can I get the username trying to logIn?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The LoginInput.UserNameOrEmailAddress. : )

  • User Avatar
    0
    jmalla.cp created

    Thanks mailming.

    And finally, how can I throw an unauthorized page from OnPostAsync method?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try this:

    
    Alerts.Danger("unauthorized messages");
    return Page();
    
  • User Avatar
    0
    jmalla.cp created

    Great!!

    Thanks

  • User Avatar
    0
    jmalla.cp created

    Hi,

    One more thing

    I have two web projects, public and internal, with different clientId.

    Now I can block the user at the moment of login, (clientId, username and role), but if the user login from public web and then runs the internal url, they skip the proteccion

    How can I block that?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can check the current user's claims in the internal website. The client_id in the claims.

  • User Avatar
    0
    jmalla.cp created

    Hi,

    What is the best point to check that?

    Maybe in the public class WebAppWebModule, inside the ConfigureAuthentication method?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can add a middleware after the authentication.

    app.Use(async (context, next) =>
    {
        // Do work that can write to the Response.
        await next.Invoke();
        // Do logging or other work that doesn't write to the Response.
    });
    

    https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-7.0

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09