Open Closed

Restrict Public Users from Accessing Admin Website and Disable Their Login in Admin website #8071


User avatar
0
devsumati created

ABP Framework version: v8.2.0

UI Type: MVC

Database System: EF Core (SQL Server)

Tiered (for MVC) or Auth Server Separated (for Angular): yes/no

Exception message and full stack trace:

Steps to reproduce the issue:

I have a tiered application. i am treating web as a admin website and public.web as public website. i want to configure it in a way so that the user who have permission to view only public website cannot open admin website. how can i configure this and where should i give permissions.

I dont want any public user to enter admin website.


29 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can add a role named PublicUser and check it in the middleware.

    For example

    admin project

    app.UseAuthentication();
    .......
    
    app.Use(async (httpContext, next) =>
    {
        var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>();
        if (currentUser.IsInRole("PublicUser"))
        {
            //redirect ...
            return;
        }
        await next();
    });
    
  • User Avatar
    0
    devsumati created

    Can you please explain it in brief

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Basically assign a role to a user and then check it in the middleware, If user have a PublicUser role, then abort and redirect the request

  • User Avatar
    0
    devsumati created

    Hi,

    Basically assign a role to a user and then check it in the middleware, If user have a PublicUser role, then abort and redirect the request

    Thanks it works but after redirect if user tries to logout gets errors on page if it is not redirected everything works fine.

    "error:invalid_request
    error_description:The client application is not allowed to use the specified identity token hint.
    error_uri:https://documentation.openiddict.com/errors/ID2141"
    

    Please also tell how to get public website url from appsetting inside this code block?

    "
    app.Use(async (httpContext, next) =>
    {
        var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>();
        if (currentUser.IsInRole("PublicUser"))
        {
            //redirect ...
            return;
        }
        await next();
    });
    "
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Thanks it works but after redirect if user tries to logout gets errors on page if it is not redirected everything works fine.

    It looks like it has nothing to do with this. could you try to test it without this change?

    Please also tell how to get public website url from appsetting inside this code block?

    You can configure it in the appsettings.json and read it.

  • User Avatar
    0
    devsumati created

    ks like it has nothing to do

    i tried it is working without redirecting when i redirect user is already logged in so when i try to logout it throws error.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    if If the current request is to logout, then do not redirect

  • User Avatar
    0
    devsumati created

    Hi,

    if If the current request is to logout, then do not redirect I am facing login issue it doesn't login in one go. Same happens with ABP suite also. how can i fix this

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I am facing login issue it doesn't login in one go. Same happens with ABP suite also.

    Sorry, i don't understand what you mean

  • User Avatar
    0
    devsumati created

    I am facing login issue it doesn't login in one go. Same happens with ABP suite also.

    Sorry, i don't understand what you mean

    I mean to load login page i need to reload page twice everytime. Similarly in abp suite to view home page need to reload page twice

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    could you share your middleware code?

  • User Avatar
    0
    devsumati created

    Hi,

    could you share your middleware code?

    Nothing is changed all code is default generated code by template. And on top of that issue is with abpsuite also. If it is solved for abpsuite i believe it will be fixed in my application also.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you create a new question for this suite problem? We will refund your suite question ticket.

    Thanks

  • User Avatar
    0
    devsumati created

    hi

    Can you create a new question for this suite problem? We will refund your suite question ticket.

    Thanks

    ok

  • User Avatar
    0
    devsumati created

    Hi,

    if If the current request is to logout, then do not redirect

    is there any other way to check user is public so instead of direct redirect ican logout that user first then redirect

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can redirect the user to the logout endpoint if it is public in middleware.

  • User Avatar
    0
    devsumati created

    d

    did't get it can you please explain it with sample code currently i am doing this

      app.UseAuthentication();
      app.Use(async (httpContext, next) =>
      {
          var currentUser = httpContext.RequestServices.GetRequiredService<ICurrentUser>();
          if (currentUser.IsInRole("user") && currentUser.Roles.Length == 1)
          {
              // publicURL = 
              httpContext.Response.Redirect("https://localhost:44359/");
              return;
          }
          await next();
      });
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I found a new way to do this.

    You can add a global controller(IAsyncActionFilter) and page(IAsyncPageFilter) filter, then check the current user roles.

    See: https://learn.microsoft.com/en-us/aspnet/core/mvc/controllers/filters?view=aspnetcore-8.0 https://learn.microsoft.com/en-us/aspnet/core/razor-pages/filter?view=aspnetcore-8.0#implement-razor-page-filters-globally

  • User Avatar
    0
    devsumati created

    can you please provide a sample code on how to do it in abp application

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok. Can you share your project? liming.ma@volosoft.com

    I will add code and test it.

    Thanks.

  • User Avatar
    0
    devsumati created

    sorry but i cant share my project but you can add code on any ABP tiered application (MVC) or you can use https://github.com/adityanbajpai/AbpPayment to test

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok

  • User Avatar
    0
    devsumati created

    thanks please let me know when its done

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The middleware will skip for AccountController. You can try it.

    https://github.com/adityanbajpai/AbpPayment/commit/41c5d14a1286f907a03fe600ab1bf2d9bc93d0e1

  • User Avatar
    0
    devsumati created

    After reviewing your changes i have few questions-

    1. you have added changes in public project i want to do these changes in web project will same change work.
    2. after logout i want to redirect to public website. How can i do that for example in this code i am redirecting to "https://localhost:44359/"
     app.UseAuthentication();
      app.Use(async (httpContext, next) =>
      {
          var currentUser = httpContext.RequestServices.GetRequiredService();
          if (currentUser.IsInRole("user") && currentUser.Roles.Length == 1)
          {
              // publicURL = 
              httpContext.Response.Redirect("https://localhost:44359/");
              return;
          }
          await next();
      });
    
Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35