Learn More, Pay Less!
Limited Time Offer!
Open Closed

Limit the access to Application in MVC #8650


User avatar
0
Navneet@aol.com.au created
  • ABP Framework version: v9.0.1
  • UI Type: MVC
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) / MongoDB
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Hello Team,

I need to come up with a solution to limit access of users to the application, there are a few ways I can extend the entity via https://abp.io/docs/latest/framework/architecture/modularity/extending/module-entity-extensions of users and assign the Application or I can extend the Application and assign the application.

My question is where should I put debut to understand which point the user needs to be checked if that user has access to the application, I was trying to understand the code in: AuthorizeController.cs TokenController.Password.cs TokenController.XXXYY

and found that there is a code:

user = await UserManager.FindByNameAsync(request.Username);

Is this the correct place to intercept if any user is trying to use the Login Form or trying to generate Token by token endpoint?

Many thanks, Navneet


7 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Yes, you can override TokenController.Password(password flow) and login model(code flow)

  • User Avatar
    0
    Navneet@aol.com.au created

    Hi,

    Yes, you can override TokenController.Password(password flow) and login model(code flow)

    Thank you Liangshiwei,

    While I am customising the entity, I am thinking of extending Organization Unit as it has User and Role both, the way I am thinking is to create for each loop in application to show as Application Name with checkboxes. Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable:["scp:roles","scp:profile","scp:phone","scp:email","scp:address"]

    . . however, How can I show it below next to Roles

    . . Regarding Application permission I am confused as when a user tries to login into the application, doesn't AuthorizeController.cs kick in to check whether the user has access to the requested client_id?

    So, do I need to inject code to check permission in each of the three below : AuthorizeController.cs, TokenController.Password.cs TokenController.AuthorizationCode.cs

    -- OR -- only AuthorizeController.cs is enough

    Sorry, security is not my strongest, but trying to learn 🙈

    Regards, Navneet

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    While I am customising the entity, I am thinking of extending Organization Unit as it has User and Role both, the way I am thinking is to create to show as Application Name with checkboxes. Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable

    You need to override the Organization unit page. you can download identity pro source code to get the page code. Here is the document how to override page https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface

    Regarding Application permission I am confused as when a user tries to login into the application, doesn't AuthorizeController.cs kick in to check whether the user has access to the requested client_id? So, do I need to inject code to check permission in each of the three below : AuthorizeController.cs, TokenController.Password.cs TokenController.AuthorizationCode.cs

    TokenController.Password.cs TokenController.AuthorizationCode.cs they are different login flow.

    You can override as needed. override TokenController AuthorizeController and Login model can cover all scenes

  • User Avatar
    0
    Navneet@aol.com.au created

    https://abp.io/docs/latest/framework/ui/mvc-razor-pages/customization-user-interface

    Yes, it's easy to override the controller, thank you :-)

    .

    Should I use navigation One-2-Many OR should I use it as custom property similar to how ABP saves scopes in the ApplicationTable:["scp:roles","scp:profile","scp:phone","scp:email","scp:address"]

    What is the correct approach from above? and is there any ABP trick I can use to check if the User's -> Role -> OU has application permission? Something like User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    I can use to check if the User's -> Role -> OU has application permission? Something like User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)

    There is no such navigation property relationship, you need to get user roles's ou first.

    you can refer to ABP code https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.EntityFrameworkCore/Volo/Abp/Identity/EntityFrameworkCore/EfCoreIdentityUserRepository.cs#L316

  • User Avatar
    0
    Navneet@aol.com.au created

    I can use to check if the User's -> Role -> OU has application permission? Something like User.Roles.OU.Any(x => x.AppPermission == this.Client_Id)

    There is no such navigation property relationship, you need to get user roles's ou first.

    you can refer to ABP code https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.EntityFrameworkCore/Volo/Abp/Identity/EntityFrameworkCore/EfCoreIdentityUserRepository.cs#L316

    Ok, that makes sense :-)

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    : )

Made with ❤️ on ABP v9.2.0-preview. Updated on February 10, 2025, 13:23