Region separation of Auth Server & WebAPI and Extending User Roles #8624 | Support

Navneet@aol.com.au created 5 days ago

ABP Framework version: v8.2.3
UI Type: MVC
Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:

Hi Abp Team,

Due to EU regulations, I need to deploy Authserver and Web API server to one of the EU regions.

The current Setup is divided into:

AuthServer in Sydney Australia
Web API Host in Sydney Australia
MVC Two Application:
- HR Module in Sydney Australia
- Accounting Module in Sydney Australia

Question 1: Is there any way I can deploy Auth and Web Api Host in EU regions with no change to the MVC application as No data is saved in MVC, I want my MVC application to detect if the User is in from EU or Non-EU, if EU then consume EU Auth and WebApiHost, if non-EU then user Australian Auth and WebApiHost server?

Question 2: Abp permissions use only Read, Update, Delete and Create, however when a user has access to Read, it allows all users to same read, I am looking a solution for: - If the User belongs to OU Director -> Allow Access to HR and Accounting Application - If the User belongs to OU HR department -> Allow Access to full HR access. - If the User belongs to OU Accounts -> Access to Accounts full access, but HR Module -> Employees List -> Read Access to non-Director OU. - Shomehow I can user a filter in roles like (x => x.OU == "Director")

Thanks, Navneet

4 Answer(s)

liangshiwei created 2 days ago

Support Team Fullstack Developer

Question 1: Is there any way I can deploy Auth and Web Api Host in EU regions with no change to the MVC application as No data is saved in MVC, I want my MVC application to detect if the User is in from EU or Non-EU, if EU then consume EU Auth and WebApiHost, if non-EU then user Australian Auth and WebApiHost server?

You can add a middleware to update the remote service URLs dynamically

public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
    var app = context.GetApplicationBuilder();
    var env = context.GetEnvironment();

    app.UseForwardedHeaders();


    app.Use(async (httpContext, next) =>
    {
        // get user region
        var cultureName = CultureInfo.CurrentCulture.Name;
        // check is user from European Union
        var isEu = cultureName == "de-DE" || cultureName == "en-GB" || cultureName == "fr-FR" || cultureName == "it-IT" || cultureName == "es-ES" || cultureName == "nl-NL" || cultureName == "pl-PL" || cultureName == "pt-PT" || cultureName == "ro-RO" || cultureName == "sv-SE" || cultureName == "cs-CZ" || cultureName == "da-DK" || cultureName == "fi-FI" || cultureName == "el-GR" || cultureName == "hu-HU" || cultureName == "lt-LT" || cultureName == "lv-LV" || cultureName == "mt-MT" || cultureName == "sk-SK" || cultureName == "sl-SI" || cultureName == "bg-BG" || cultureName == "hr-HR" || cultureName == "et-EE" || cultureName == "ga-IE";
        var options = httpContext.RequestServices.GetRequiredService<IOptions<AbpRemoteServiceOptions>>();
        if (isEu)
        {
            options.Value.RemoteServices.Default!.BaseUrl = "EuropeBaseUrl...";
        }
        else
        {
            options.Value.RemoteServices.Default!.BaseUrl = "OtherBaseUrl...";
        }
        await next();
    });

    ..........

}

0

liangshiwei created 2 days ago
Support Team Fullstack Developer

Abp permissions use only Read, Update, Delete and Create, however when a user has access to Read, it allows all users to same read, I am looking a solution for:

you can consider to add a custom data filter:

https://abp.io/docs/latest/framework/infrastructure/data-filtering
0

Navneet@aol.com.au created 14 hours ago

HI Liangshiwei,

Thanks for sharing
0

liangshiwei created 14 hours ago
Support Team Fullstack Developer

Hi,

：）

Let me know if you got any problems

Have an answer to this question? Log in and write your answer.