- ABP Framework version: v8.0.3
- UI Type: Angular
- Database System: EF Core (Oracle) / MongoDB
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace: None
- Steps to reproduce the issue: None
Hi guys, my team and I are planning to expose a few apis to external clients, and in doing so we want to limit certain apis using an OpenIddict scope. We've managed to successfully do this with our custom apis but having an issue the core abp apis.
These are some of them, we'd like to limit these apis using a scope. So only the application authorized can access these endpoints even if the authenticated user has the required roles /api/audit-logging/* /api/setting-management/* /api/file-management/*
Please assist
Regards, Mogau
4 Answer(s)
-
0
Hi,
You can try something like this: https://stackoverflow.com/questions/71769968/asp-net-core-web-api-use-roles-and-requiredscope-concurrent
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(AuditLogsController))] [Authorize("auditlogging")] public class MyAuditController : AuditLogsController { public MyAuditController(IAuditLogsAppService auditLogsAppService) : base(auditLogsAppService) { } } -
0
Here is a simpler way:
You can check scope in middleware:
app.Use(async (context, next) => { if (context.Request.Path.ToString().Contains("/api/audit-logging")) { // check users's ciaml here. } await next(); }); -
0
Thanks liangshiwei, I'll try the controller override method.
We're already using a policy for the other services and this allows us to check for the primary scope but also grant access if a child scope is permitted.
-
0
Hi,
You can add your own
IAuthorizationRequirementto check the scope and child scope.
