Open Closed

Deactivate the automatic creation of LDAP users in ABP #9591

User avatar
0
uabel created

Hello, We use: https://abp.io/docs/commercial/5.0/modules/account/ldap

However, I have to adapt and expand this. In general, it all works. However, I would like to create the users myself and** I need to be able to deactivate the automatic creation of LDAP users in ABP.** I can't find a way to disable the behavior of the Account Pro module to create new users.

Currently I create my user in the VoloLdapExternalLoginProvider TryAuthenticateAsync, if active. But somehow the ABP Framework tries to create the user again.

Volo.Abp.Account.Public.ExternalLoginUserProvider does not exist in the Account Pro module, where I could override CreateUserIfNotExistsAsync.

Currently I get the following error message if I have already created the user myself in TryAuthenticateAsync.

Stack Query Cookies Headers Routing AbpIdentityResultException: E-Mail ‚ldaptest2@abel-systems.ch‘ ist bereits vergeben. Microsoft.AspNetCore.Identity.AbpIdentityResultExtensions.CheckErrors(IdentityResult identityResult) Volo.Abp.Identity.ExternalLoginProviderBase.CreateUserAsync(ExternalLoginUserInfo externalUser, string userName, string providerName) Volo.Abp.Identity.ExternalLoginProviderBase. CreateUserAsync(string userName, string providerName) Volo.Abp.Identity.AspNetCore.AbpSignInManager.PasswordSignInAsync(string userName, string password, bool isPersistent, bool lockoutOnFailure) AbelSystems_QMP.Pages.Account.LoginModel.OnPostAsync(string action) in Login.cshtml.cs + var result = await SignInManager.PasswordSignInAsync(

Do you have any tips for me?

Uwe

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To deactivate the automatic creation of LDAP users in ABP (Account Pro module), you need to override the default behavior of the LDAP external login provider. By default, ABP will attempt to create a new user if one does not exist when authenticating via LDAP. Since you want to handle user creation yourself and prevent ABP from creating users automatically, you should override the relevant service and suppress the user creation logic.

    Here’s how you can achieve this:

    1. Override the LdapExternalLoginProvider
      Create a custom class that inherits from LdapExternalLoginProvider and override the CreateUserIfNotExistsAsync method to prevent user creation.

      using Volo.Abp.Identity.Pro.Ldap;
using Volo.Abp.Identity.ExternalLoginProviders;
using System.Threading.Tasks;

public class MyLdapExternalLoginProvider : LdapExternalLoginProvider
{
    public MyLdapExternalLoginProvider(
        // inject required dependencies
    ) : base(
        // pass dependencies to base
    )
    {
    }

    protected override Task<ExternalLoginUserInfo> CreateUserIfNotExistsAsync(
        string userName, 
        string providerName, 
        ExternalLoginUserInfo externalUser)
    {
        // Prevent automatic user creation
        // Optionally, throw a custom exception or return null
        return Task.FromResult<ExternalLoginUserInfo>(null);
    }
}

    2. Register Your Custom Provider
      In your module’s ConfigureServices method, replace the default service with your custom implementation:

      context.Services.Replace(
    ServiceDescriptor.Transient<LdapExternalLoginProvider, MyLdapExternalLoginProvider>()
);

    3. Handle User Creation Manually
      You can now create users manually in your own logic (e.g., in TryAuthenticateAsync). Since the overridden method returns null, ABP will not attempt to create the user again, and you will avoid the duplicate user creation error.

    4. Error Handling
      If you want to provide a user-friendly error when a user does not exist, you can throw a UserFriendlyException in your override.

    Note: The actual class and method names may vary depending on your ABP version. The key is to override the method responsible for user creation and ensure it does not create users automatically.

    Sources:

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    uabel created

    Hello, I already tried that, but I get: “VoloLdapExternalLoginProvider.CreateUserIfNotExistsAsync(string, string, ExternalLoginUserInfo)”: No suitable method for overwriting was found.

    using AbelSystems_QMP.Security;
using LdapForNet;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Volo.Abp.Features;
using Volo.Abp.Guids;
using Volo.Abp.Identity;
using Volo.Abp.Identity.ExternalLoginProviders.Ldap;
using Volo.Abp.MultiTenancy;
using Volo.Abp.Settings;

namespace AbelSystems_QMP.LDAP
{
    public class VoloLdapExternalLoginProvider : LdapExternalLoginProvider
    {
        private readonly VoloOpenLdapManager _ldapManager;
        private readonly QMPLdapSettingProvider _qmpLdapSettingProvider;
        private readonly ILDAPAppService _ldapLoginAppService;

        public VoloLdapExternalLoginProvider(
            IGuidGenerator guidGenerator,
            ICurrentTenant currentTenant,
            IdentityUserManager userManager,
            IIdentityUserRepository identityUserRepository,
            OpenLdapManager ldapManager,
            QMPLdapSettingProvider qmpLdapSettingProvider,
            IFeatureChecker featureChecker,
            ISettingProvider settingProvider,
            IOptions<IdentityOptions> identityOptions,
             ILDAPAppService ldapLoginAppService)
            : base(guidGenerator,
                currentTenant,
                userManager,
                identityUserRepository,
                ldapManager,
                qmpLdapSettingProvider,
                featureChecker,
                settingProvider,
                identityOptions)
        {
            _ldapManager = (VoloOpenLdapManager)ldapManager;
            _qmpLdapSettingProvider = qmpLdapSettingProvider;
            _ldapLoginAppService = ldapLoginAppService;

        }

        protected override Task<string> NormalizeUserNameAsync(string userName)
        {


            return Task.FromResult(userName);
        }

        protected override async Task<ExternalLoginUserInfo> GetUserInfoAsync(IdentityUser user)
        {
            var userInfo = await base.GetUserInfoAsync(user);
            return userInfo;
        }

        protected override async Task<ExternalLoginUserInfo> GetUserInfoAsync(string userName)
        {
            var entry = await _ldapManager.FindUserAsync(userName);
            if (entry == null)
            {
                throw new Exception($"LDAP user '{userName}' not found.");
            }

            var attr = entry.DirectoryAttributes;

            // Felder dynamisch laden
            var emailField = await _qmpLdapSettingProvider.GetEmailFieldAsync();
            var givenNameField = await _qmpLdapSettingProvider.GetGivenNameFieldAsync();
            var surnameField = await _qmpLdapSettingProvider.GetSurnameFieldAsync();
            var departmentField = await _qmpLdapSettingProvider.GetAbteilungFieldAsync();
            var phoneField = await _qmpLdapSettingProvider.GetTelefongFieldAsync();
            var rolesField = await _qmpLdapSettingProvider.GetRoleFieldAsync();

            // Dynamisch auslesen
            var email = TryGetAttrValue(attr, emailField);
            var givenName = TryGetAttrValue(attr, givenNameField);
            var surname = TryGetAttrValue(attr, surnameField);
            var department = TryGetAttrValue(attr, departmentField);
            var phone = TryGetAttrValue(attr, phoneField);
            var memberOf = TryGetAttrValues(attr, rolesField);

            var roleNames = memberOf
                .Select(dn => dn.Split(',').FirstOrDefault(x => x.StartsWith("CN=", StringComparison.InvariantCultureIgnoreCase)))
                .Where(cn => cn != null)
                .Select(cn => cn!.Substring(3)) // "CN=QM-Leitung" → "QM-Leitung"
                .Distinct()
                .ToList();

            var userInfo = new QMPExternalLoginUserInfo(email ?? $"{userName}@unknown.local")
            {
                Name = givenName,
                Surname = surname+"XX",
                Department = department,
                PhoneNumber = phone,
                PhoneNumberConfirmed = true,
                EmailConfirmed = true,
                LdapRoles = roleNames,
            };

            return userInfo;
        }



        private static List<string> TryGetAttrValues(SearchResultAttributeCollection attr, string key)
        {
            return attr.TryGetValue(key, out var val)
                ? val.GetValues<string>().ToList()
                : new List<string>();
        }

        private static string? TryGetAttrValue(SearchResultAttributeCollection attr, string key)
        {
            return attr.TryGetValue(key, out var val) ? val.GetValue<string>() : null;
        }
              

        public override async Task<bool> TryAuthenticateAsync(string userName, string plainPassword)
        {
            var ldapValid = await LdapManager.AuthenticateAsync(userName, plainPassword);
            if (!ldapValid)
            {
                return false; // Kein Login, kein Benutzer
            }

            var userInfo = await GetUserInfoAsync(userName) as QMPExternalLoginUserInfo;
            if (userInfo == null)
            {
                return false; // Kein Benutzerinfo, kein Login
            }

            // Optional: Existiert schon?
         
                // Jetzt selbst anlegen
                var dto = new QMPExternalLoginUserInfoDto
                {
                    Email = userInfo.Email,
                    Name = userInfo.Name+"YYYY",
                    Surname = userInfo.Surname,
                    Department = userInfo.Department,
                    Phone = userInfo.PhoneNumber,
                    LdapRoles = userInfo.LdapRoles
                };

                var userDto = await _ldapLoginAppService.CreateOrUpdateFromExternalAsync(dto);
                if (userDto == null)
                {
                    Logger.LogInformation("Login unterdrückt – kein Benutzer angelegt.");
                    return false;
                }
            

            // Benutzer existiert → ABP loggt ihn automatisch ein
            return true;
        }

        protected override Task<ExternalLoginUserInfo> CreateUserIfNotExistsAsync(string userName,string providerName,ExternalLoginUserInfo externalUser)
	    {
	        // Prevent automatic user creation
	        // Optionally, throw a custom exception or return null
	        return Task.FromResult<ExternalLoginUserInfo>(null);
	    }


    //protected override async Task<ExternalLoginUserInfo> GetUserInfoAsync(string userName)
    //{
    //    return await base.GetUserInfoAsync(userName);
    //}


}
}

    Uwe

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try to override CreateUserAsync and UpdateUserAsync methods of ExternalLoginProviderBase?

    https://github.com/abpframework/abp/blob/rel-8.0/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/ExternalLoginProviderBase.cs#L37-L157

    Thanks.

Assignee
User avatar maliming
Question details
Labels
None yet
Learn More, Pay Less
33% OFF
All Trainings!
Get Your Deal
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 10, 2025, 06:30