- ABP Framework version: v9.0.1
- UI Type: MVC
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
- Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
- Exception message and full stack trace:
- Steps to reproduce the issue:
Hello Team,
I need to come up with a solution to limit access of users to the application, there are a few ways I can extend the entity via https://abp.io/docs/latest/framework/architecture/modularity/extending/module-entity-extensions of users and assign the Application or I can extend the Application and assign the application.
My question is where should I put debut to understand which point the user needs to be checked if that user has access to the application, I was trying to understand the code in: AuthorizeController.cs TokenController.Password.cs TokenController.XXXYY
and found that there is a code:
user = await UserManager.FindByNameAsync(request.Username);
Is this the correct place to intercept if any user is trying to use the Login Form or trying to generate Token by token endpoint?
Many thanks, Navneet
7 Answer(s)
-
0
Hi,
Yes, you can override
TokenController.Password
(password flow) and login model(code flow) -
0
Hi,
Yes, you can override
TokenController.Password
(password flow) and login model(code flow)Thank you Liangshiwei,
While I am customising the entity, I am thinking of extending Organization Unit as it has User and Role both, the way I am thinking is to create
for each loop in application
to show as Application Name with checkboxes. Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable:["scp:roles","scp:profile","scp:phone","scp:email","scp:address"]
. . however, How can I show it below next to Roles
. . Regarding Application permission I am confused as when a user tries to login into the application, doesn't AuthorizeController.cs kick in to check whether the user has access to the requested client_id?
So, do I need to inject code to check permission in each of the three below :
AuthorizeController.cs, TokenController.Password.cs TokenController.AuthorizationCode.cs
-- OR -- only
AuthorizeController.cs
is enoughSorry, security is not my strongest, but trying to learn 🙈
Regards, Navneet
-
0
While I am customising the entity, I am thinking of extending Organization Unit as it has User and Role both, the way I am thinking is to create to show as Application Name with checkboxes. Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable
You need to override the Organization unit page. you can download identity pro source code to get the page code. Here is the document how to override page https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface
Regarding Application permission I am confused as when a user tries to login into the application, doesn't AuthorizeController.cs kick in to check whether the user has access to the requested client_id? So, do I need to inject code to check permission in each of the three below : AuthorizeController.cs, TokenController.Password.cs TokenController.AuthorizationCode.cs
TokenController.Password.cs TokenController.AuthorizationCode.cs
they are different login flow.You can override as needed. override
TokenController
AuthorizeController
andLogin model
can cover all scenes -
0
https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface
Yes, it's easy to override the controller, thank you :-)
.
Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable:["scp:roles","scp:profile","scp:phone","scp:email","scp:address"]
What is the correct approach from above? and is there any ABP trick I can use to check if the User's -> Role -> OU has application permission? Something like
User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)
-
0
I can use to check if the User's -> Role -> OU has application permission? Something like User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)
There is no such navigation property relationship, you need to get user roles's ou first.
you can refer to ABP code https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.EntityFrameworkCore/Volo/Abp/Identity/EntityFrameworkCore/EfCoreIdentityUserRepository.cs#L316
-
0
I can use to check if the User's -> Role -> OU has application permission? Something like User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)
There is no such navigation property relationship, you need to get user roles's ou first.
you can refer to ABP code https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.EntityFrameworkCore/Volo/Abp/Identity/EntityFrameworkCore/EfCoreIdentityUserRepository.cs#L316
Ok, that makes sense :-)
-
0
: )