Open Closed

Configure Client specific external providers in auth server #7390


User avatar
0
neethucp created

Hi,

We have a requirement from one of our clients to configure azure ad authentication for the client application used by organisational users. There is also another application which is used by general public which does not require azure ad integration. Is there any way in abp to configure external providers specific to a client application and tenant?

  • ABP Framework version: v8.0.0
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

6 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You need to override the login code.

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(LoginModel))]
    public class MyLoginModel : OpenIddictSupportedLoginModel
    {
        public MyLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions, AbpOpenIddictRequestHelper openIddictRequestHelper) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions, openIddictRequestHelper)
        {
        }
    
        protected async override Task<List<ExternalProviderModel>> GetExternalProviders()
        {
            var providers = await base.GetExternalProviders();
    
            var request = await OpenIddictRequestHelper.GetFromReturnUrlAsync(ReturnUrl);
            if (request.ClientId = "xxx" || CurrentTenant.Id = "xxxx")
            {
                providers.RemoveAll(x => x.AuthenticationScheme == "Azure");
            }
    
            return providers;
        }
    }
    
  • User Avatar
    0
    neethucp created

    Thank you @liangshiwei. We will try that. Is there any way to debug abp commercial packages. CopyDebugSymbolFilesFromPackages is not working for commercial packages.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    The commercial package can't be debugged because it is encrypted.

    Or you can reference commercial module with source code.

  • User Avatar
    0
    neethucp created

    Ok. Now when the user login through external provider, the user is redirected to the registration page with the username and email prefilled. Is there any configuration to auto register the user and log them in without showing the registration page?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Yes, you can override the registermodel.

    For example:

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(RegisterModel))]
    public class MyRegisterModel : RegisterModel
    {
        public MyRegisterModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IHttpClientFactory httpClientFactory) : base(schemeProvider, accountOptions, accountExternalProviderAppService, currentPrincipalAccessor, httpClientFactory)
        {
        }
    
        public override async Task<IActionResult> OnGetAsync()
        {
            ExternalProviders = await GetExternalProviders();
    
            if (IsExternalLogin)
            {
                return await AutoRegisterUser();
            }
            
            if (!await CheckSelfRegistrationAsync())
            {
                if (IsExternalLoginOnly)
                {
                    return await OnPostExternalLogin(ExternalLoginScheme);
                }
    
                Alerts.Warning(L["SelfRegistrationDisabledMessage"]);
                return Page();
            }
    
    
            await TrySetEmailAsync();
            await SetUseCaptchaAsync();
    
            return Page();
        }
    
        private async Task<IActionResult> AutoRegisterUser()
        {
            var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync();
            if (externalLoginInfo == null)
            {
                Logger.LogWarning("External login info is not available");
                return RedirectToPage("./Login");
            }
            var identity = externalLoginInfo.Principal.Identities.First();
            var emailClaim = identity.FindFirst(AbpClaimTypes.Email) ?? identity.FindFirst(ClaimTypes.Email);
    
            if (emailClaim == null)
            {
                Logger.LogWarning("Email claim is not available");
                return RedirectToPage("./Login");
            }
    
            var email = emailClaim.Value;
            var userName = await UserManager.GetUserNameFromEmailAsync(email);
            
            var user = await RegisterExternalUserAsync(externalLoginInfo, email, userName);
            await SignInManager.SignInAsync(user, isPersistent: true, authenticationMethod: ExternalLoginAuthSchema);
    
            // Clear the dynamic claims cache.
            await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
            
            await SignInManager.SignInAsync(user, isPersistent: true);
    
            // Clear the dynamic claims cache.
            await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
    
            return Redirect(ReturnUrl ?? "/");
        }
    }
    
  • User Avatar
    0
    neethucp created

    Thank you @liangshiwei. It is working now.

Made with ❤️ on ABP v9.0.0-preview. Updated on October 07, 2024, 08:52