Exception message and full stack trace: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.d__16.MoveNext() at Volo.Abp.Authorization.MethodInvocationAuthorizationService.d__3.MoveNext() at Volo.Abp.Authorization.AuthorizationInterceptor.d__3.MoveNext() at Volo.Abp.Authorization.AuthorizationInterceptor.d__2.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter
1.d__31.MoveNext() at Castle.DynamicProxy.AsyncInterceptorBase.d__141.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.d__7.MoveNext() at Volo.Abp.Auditing.AuditingInterceptor.d__4.MoveNext() at Volo.Abp.Auditing.AuditingInterceptor.d__2.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.d__31.MoveNext() at Castle.DynamicProxy.AsyncInterceptorBase.d__141.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.d__7.MoveNext() at Volo.Abp.Validation.ValidationInterceptor.d__2.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.d__31.MoveNext() at Castle.DynamicProxy.AsyncInterceptorBase.d__141.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.d__7.MoveNext() at Volo.Abp.Uow.UnitOfWorkInterceptor.d__2.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.d__31.MoveNext() at EDOnlineT3.LearnworldsAPI.LearnworldsApiTriggerService.d__16.MoveNext() in C:\dev\EdOnlineT3\src\EDOnlineT3.Application\LearnworldsAPI\LearnworldsApiTriggerService.cs:line 257 at EDOnlineT3.Controllers.LearnworldsAPI.LearnworldControllerBase.d__5.MoveNext() in C:\dev\EdOnlineT3\src\EDOnlineT3.HttpApi\Controllers\LearnworldsAPI\LearnWorldController.cs:line 51Steps to reproduce the issue: I am trying to connect to our app which is from Abp via a third-party webhook, the idea is when a user logs into their account via the third-party site, they need to be automatically logged in on our app, and if they are not registered on our app, then a user account needs to be created for them and automatically sign them in.
I am getting the above error when attempting to connect to the Abp related identity modules, I just want to know how can I achieve the above and prevent the error. Below is my method:
[AllowAnonymous]
public async Task<IActionResult> HandleWebhookAsync(LearnworldsWebhookPayload payload, string signature)
{
var school = await _learnworldsAPIRepository.FirstOrDefaultAsync(x => x.LMSEndPoint.Contains(payload.School.Url));
if (school == null)
{
_logger.LogWarning("School not found");
return new NotFoundObjectResult("School not found");
}
//if (!ValidateSignature(payload, signature, school.WebhookKey))
//{
// _logger.LogWarning("Invalid webhook signature");
// return new UnauthorizedResult();
//}
var user = await _userAppService.FindByEmailAsync(payload?.User?.Email);
await _identityOptions.SetAsync();
if (user == null)
{
var input = new IdentityUserCreateDto
{
SendConfirmationEmail = true,
UserName = payload?.User?.Username ?? payload?.User?.Email,
Email = payload?.User?.Email,
//Name = payload?.data?.user?.name,
//Surname = payload?.data?.user?.surname,
Password = GuidGenerator.Create().ToString(),
RoleNames = new string[] { "User" },
ShouldChangePasswordOnNextLogin = true,
IsActive = true,
EmailConfirmed = false
};
user = await _userAppService.CreateAsync(input);
await _learnworldsAPIRepository.UpdateTenantId(school.TeachCoreSchoolId, user.Id);
var identityUserNew = await _userManager.GetByIdAsync(user.Id);
await _userManager.AddToRoleAsync(identityUserNew, "User");
await SendConfirmationEmailAsync(user.Email, identityUserNew.PasswordHash);
}
var identityUser = await _userManager.GetByIdAsync(user.Id);
// Generate a token for the user
var token = await GenerateTokenAsync(user);
// Sign the user in
await SignInUserAsync(user, token);
return new OkObjectResult(user);
}
3 Answer(s)
-
0
Hi,
You use
[AllowAnonymous]attribute on your controller but it seems you're using another appservices in your controller. Each appservice checks their own permissions._userAppServicefield in your code is probably injected asIUserAppServiceand that app service has their own[Authorize]attribute or permission checks in their methods. If you want to bypass permission checks, you may want to use Repositories directly inside application services.
You can see it has its own permission to execute method: https://github.com/abpframework/abp/blob/af1e92c5aff2d7ad9991fd46a0f2eed4bf4f559c/modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityUserAppService.cs#L160
-
0
Hi,
Thank you for your response, so the attached code was from my Application Service,
I am using the [AllowAnonymous] attribute, so everything works when I connect to the repositories that I have created, but the permission error occurs the moment I attempt to connect to the ABP Identity related Application Service, I have since tried using the IdentityManager instead and that seems to have bypassed the permissions issue, but I still need to use the ABP Identity Application Service to create the user account programmatically or even sign the user in automatically.
Do you have perhaps any pointers for me?
-
0
If you directly use DomainServices instead of using AppServices, you will bypass the permission checks, you can check how they're implemented and apply the same logic in your service, or you can use IdentityUserManager in your code by injecting it.
It extends
UserManager<>from Microsoft.AspNetCore.Identityhttps://github.com/abpframework/abp/blob/af1e92c5aff2d7ad9991fd46a0f2eed4bf4f559c/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityUserManager.cs#L74
