Question on Authorization - Blazor Server #6347 | Support

balessi75 created one year ago

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We found that when a page is not authorized for a particular user, and that user attempts to access the page's URL in the browser address bar, (while logged in) the page still loads, but it's contents are empty.

In ABP, what's the best approach to redirect the user to an Access Denied page?

Thanks in advance!

4 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

Can you share a gif? Thanks.
0
balessi75 created one year ago
Hi you can access a video using the link below...

The video shows the following...

User accessing a page they have permissions to

User then accessing a page they do not have permissions to

User then accessing a page that does not exist

https://www.icloud.com/iclouddrive/08aBbYcniD17PdTME67mBM9RQ#Demo_CSD_-_Google_Chrome_2023-12-14_23-26-58

Item 2 is the scenario where we want to redirect to a custom access denied page.
0

maliming created one year ago
Support Team Fullstack Developer

hi

Thanks, I will check this case.

maliming created one year ago

Support Team Fullstack Developer

You can try to override the App.razor of Lepton theme.

Add <p>You are not authorized to access this resource.</p

We will fix this in next version.

@using Microsoft.Extensions.Options
@using Microsoft.Extensions.Localization
@using global::Localization.Resources.AbpUi
@using Volo.Abp.AspNetCore.Components.Web.LeptonTheme.Components.ApplicationLayout
@using Volo.Abp.AspNetCore.Components.Web.Theming.Routing
@inject IOptions<AbpRouterOptions> RouterOptions
@inject IStringLocalizer<AbpUiResource> UiLocalizer
<CascadingAuthenticationState>
    <Router AppAssembly="RouterOptions.Value.AppAssembly"
            AdditionalAssemblies="RouterOptions.Value.AdditionalAssemblies">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(DefaultLayout)">
                <NotAuthorized>
                    @if (context.User?.Identity?.IsAuthenticated == false)
                    {
                        <RedirectToLogin/>
                    }
                    else
                    {
                        <p>You are not authorized to access this resource.</p
                    }
                </NotAuthorized>
            </AuthorizeRouteView>
        </Found>
        <NotFound>
            <LayoutView Layout="@typeof(DefaultLayout)">
                <ErrorView
                    Title="@UiLocalizer["404Message"]"
                    HttpStatusCode="404"
                    Message="@UiLocalizer["404MessageDetail"]"/>
            </LayoutView>
        </NotFound>
    </Router>
</CascadingAuthenticationState>

Have an answer to this question? Log in and write your answer.