Configure Client specific external providers in auth server #7390 | Support

neethucp created 4 months ago

Hi,

We have a requirement from one of our clients to configure azure ad authentication for the client application used by organisational users. There is also another application which is used by general public which does not require azure ad integration. Is there any way in abp to configure external providers specific to a client application and tenant?

ABP Framework version: v8.0.0
UI Type: Blazor Server
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes

6 Answer(s)

liangshiwei created 4 months ago

Support Team Fullstack Developer

Hi,

You need to override the login code.

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(LoginModel))]
public class MyLoginModel : OpenIddictSupportedLoginModel
{
    public MyLoginModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAbpRecaptchaValidatorFactory recaptchaValidatorFactory, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IOptions<IdentityOptions> identityOptions, IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions, AbpOpenIddictRequestHelper openIddictRequestHelper) : base(schemeProvider, accountOptions, recaptchaValidatorFactory, accountExternalProviderAppService, currentPrincipalAccessor, identityOptions, reCaptchaOptions, openIddictRequestHelper)
    {
    }

    protected async override Task<List<ExternalProviderModel>> GetExternalProviders()
    {
        var providers = await base.GetExternalProviders();

        var request = await OpenIddictRequestHelper.GetFromReturnUrlAsync(ReturnUrl);
        if (request.ClientId = "xxx" || CurrentTenant.Id = "xxxx")
        {
            providers.RemoveAll(x => x.AuthenticationScheme == "Azure");
        }

        return providers;
    }
}

0

neethucp created 4 months ago

Thank you @liangshiwei. We will try that. Is there any way to debug abp commercial packages. CopyDebugSymbolFilesFromPackages is not working for commercial packages.
0

liangshiwei created 4 months ago
Support Team Fullstack Developer

Hi,

The commercial package can't be debugged because it is encrypted.

Or you can reference commercial module with source code.
0

neethucp created 4 months ago

Ok. Now when the user login through external provider, the user is redirected to the registration page with the username and email prefilled. Is there any configuration to auto register the user and log them in without showing the registration page?

liangshiwei created 4 months ago

Support Team Fullstack Developer

Hi,

Yes, you can override the registermodel.

For example:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(RegisterModel))]
public class MyRegisterModel : RegisterModel
{
    public MyRegisterModel(IAuthenticationSchemeProvider schemeProvider, IOptions<AbpAccountOptions> accountOptions, IAccountExternalProviderAppService accountExternalProviderAppService, ICurrentPrincipalAccessor currentPrincipalAccessor, IHttpClientFactory httpClientFactory) : base(schemeProvider, accountOptions, accountExternalProviderAppService, currentPrincipalAccessor, httpClientFactory)
    {
    }

    public override async Task<IActionResult> OnGetAsync()
    {
        ExternalProviders = await GetExternalProviders();

        if (IsExternalLogin)
        {
            return await AutoRegisterUser();
        }
        
        if (!await CheckSelfRegistrationAsync())
        {
            if (IsExternalLoginOnly)
            {
                return await OnPostExternalLogin(ExternalLoginScheme);
            }

            Alerts.Warning(L["SelfRegistrationDisabledMessage"]);
            return Page();
        }


        await TrySetEmailAsync();
        await SetUseCaptchaAsync();

        return Page();
    }

    private async Task<IActionResult> AutoRegisterUser()
    {
        var externalLoginInfo = await SignInManager.GetExternalLoginInfoAsync();
        if (externalLoginInfo == null)
        {
            Logger.LogWarning("External login info is not available");
            return RedirectToPage("./Login");
        }
        var identity = externalLoginInfo.Principal.Identities.First();
        var emailClaim = identity.FindFirst(AbpClaimTypes.Email) ?? identity.FindFirst(ClaimTypes.Email);

        if (emailClaim == null)
        {
            Logger.LogWarning("Email claim is not available");
            return RedirectToPage("./Login");
        }

        var email = emailClaim.Value;
        var userName = await UserManager.GetUserNameFromEmailAsync(email);
        
        var user = await RegisterExternalUserAsync(externalLoginInfo, email, userName);
        await SignInManager.SignInAsync(user, isPersistent: true, authenticationMethod: ExternalLoginAuthSchema);

        // Clear the dynamic claims cache.
        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);
        
        await SignInManager.SignInAsync(user, isPersistent: true);

        // Clear the dynamic claims cache.
        await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(user.Id, user.TenantId);

        return Redirect(ReturnUrl ?? "/");
    }
}

0

neethucp created 4 months ago

Thank you @liangshiwei. It is working now.

Have an answer to this question? Log in and write your answer.