Open Closed

Question on Authorization - Blazor Server #6347


User avatar
0
balessi75 created

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We found that when a page is not authorized for a particular user, and that user attempts to access the page's URL in the browser address bar, (while logged in) the page still loads, but it's contents are empty.

In ABP, what's the best approach to redirect the user to an Access Denied page?

Thanks in advance!


4 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share a gif? Thanks.

  • User Avatar
    0
    balessi75 created

    Hi you can access a video using the link below...

    The video shows the following...

    1. User accessing a page they have permissions to
    2. User then accessing a page they do not have permissions to
    3. User then accessing a page that does not exist

    https://www.icloud.com/iclouddrive/08aBbYcniD17PdTME67mBM9RQ#Demo_CSD_-_Google_Chrome_2023-12-14_23-26-58

    Item 2 is the scenario where we want to redirect to a custom access denied page.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Thanks, I will check this case.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to override the App.razor of Lepton theme.

    Add <p>You are not authorized to access this resource.</p

    We will fix this in next version.

    @using Microsoft.Extensions.Options
    @using Microsoft.Extensions.Localization
    @using global::Localization.Resources.AbpUi
    @using Volo.Abp.AspNetCore.Components.Web.LeptonTheme.Components.ApplicationLayout
    @using Volo.Abp.AspNetCore.Components.Web.Theming.Routing
    @inject IOptions<AbpRouterOptions> RouterOptions
    @inject IStringLocalizer<AbpUiResource> UiLocalizer
    <CascadingAuthenticationState>
        <Router AppAssembly="RouterOptions.Value.AppAssembly"
                AdditionalAssemblies="RouterOptions.Value.AdditionalAssemblies">
            <Found Context="routeData">
                <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(DefaultLayout)">
                    <NotAuthorized>
                        @if (context.User?.Identity?.IsAuthenticated == false)
                        {
                            <RedirectToLogin/>
                        }
                        else
                        {
                            <p>You are not authorized to access this resource.</p
                        }
                    </NotAuthorized>
                </AuthorizeRouteView>
            </Found>
            <NotFound>
                <LayoutView Layout="@typeof(DefaultLayout)">
                    <ErrorView
                        Title="@UiLocalizer["404Message"]"
                        HttpStatusCode="404"
                        Message="@UiLocalizer["404MessageDetail"]"/>
                </LayoutView>
            </NotFound>
        </Router>
    </CascadingAuthenticationState>
    
    
Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19