Activities of "Navneet@aol.com.au"

Thanks Liangshiwei,

Token was only one example, do I need to override any other controller to control the access of users to the application.

Regards, Navneet

Hi liangshiwei,

I have reviewed your code suggestion, however the authorisation logic does not work, to reproduce the issue:

Create a new user as: Username: test@test.com password: 1q2w3E*

Create a new Application Go to OpenID -> Application Create new Application ClientID: DemoWebApp DisplayName: Demo App Client Secret: 1q2w3e* Select all Scopes Select Checkbox of "Allow Password Flow"

In postman, https://localhost:xxx/connect/token client_id: DemoWebApp client_secret:1q2w3e* scope:roles phone grant_type:password username:test@test.com password:1q2w3E*

You will notice that, even though, application wasn't assigned to User, user is able to get access token, where as, desired outcome should be Access Denied

Could you please suggest, what can I do to get it work

Regards, Navneet

WOW you just blew my mind :-)

If you still have that project you created, could you please share with me by email.

Also, Instead of using my MainApp to create your suggested navigation, do you think, I can create in a ABP custom Module for above custom changes, then use it as plugin Module.

Request: Could you please explain how exactly your suggested code works?

Many thanks, Regards, Navneet

Sure, I will try to explain:-

My client has 20 users, and 4 Applications created via UI.

He don't want all users to access all 4 Application. He wants to assign users to application so that only allowed users can access.

In Nutshell, my client is looking a relation between Users and Application a N-2-N relationship.

Regards, Navneet

Many thanks liangshiwei,

The code you have suggested doesn't work in my case.

1. I need to allocated multiple users to the application, that's why I was trying to application.AddOrUpdateProperty<IdentityUsers>

2. I need to set permission in a way so that only selected users can access

Regards, Navneet

Can you use a minimum project to reproduce the problem and share it with me? shiwei.liang@volosoft.com I will check it

I have sent you the project by email

Regards, Navneet

Hi Liangshiwei,

I tried full namespace, but still getting error that missing assembly:

application.AddOrUpdateProperty<Volo.Abp.Identity.IdentityUser>

Thanks liangshiwei,

I have already considered your method, but the issue is:- my client want to assign users or roles to individual Application. The method you have suggested allow users to access all applications in OpenIddictApplication.

My undressing is if I add a new N-2-N property "AppUser" in OpenIddictApplication, then each application created in OpenIddictApplication, I can select individual user, the trouble is I am getting below error at AddOrUpdateProperty<IdentityUser>

The type or namespace name 'IdentityUser' could not be found (are you missing a using directive or an assembly reference?) [Acme.BookStore.Domain.Shared]

private static void ConfigureExtraProperties()
    {
        OneTimeRunner.Run(() =>
    {
        ObjectExtensionManager.Instance.Modules()
            .ConfigureOpenIddict(openIddictApplication =>
            {
                openIddictApplication.ConfigureApplication(application =>
                {
                    application.AddOrUpdateProperty<IdentityUser>( //property type: IdentityUser
                        "AppUser", //property name
                        property =>
                        {
                            property.UI.Lookup.Url = "/api/identity/users";
                            property.UI.Lookup.DisplayPropertyName = "userName";
                        }
                    );
                });
            });
    });

. . If you believe that above is not the right way, then please suggest how can I achieve it? . . Regards, Navneet

Hi liangshiwei,

So far I manage to build below but there are some issues I am facing:

a) in below is not resolving error: The type or namespace name 'IdentityUser' could not be found (are you missing a using directive or an assembly reference?) [Acme.BookStore.Domain.Shared]

private static void ConfigureExtraProperties()
    {
        OneTimeRunner.Run(() =>
    {
        ObjectExtensionManager.Instance.Modules()
            .ConfigureOpenIddict(openIddictApplication =>
            {
                openIddictApplication.ConfigureApplication(application =>
                {
                    application.AddOrUpdateProperty<IdentityUser>( //property type: IdentityUser
                        "AppUser", //property name
                        property =>
                        {
                            property.UI.Lookup.Url = "/api/identity/users";
                            property.UI.Lookup.DisplayPropertyName = "userName";
                        }
                    );
                });
            });
    });

b) Do you think below code is sufficient to create a dedicated column in database

ObjectExtensionManager.Instance
            .MapEfCoreProperty<OpenIddictApplication, IdentityUser>(
                "AppUser"
            );

c) Most time was taken to read  https://docs.abp.io/en/abp/latest/Authorization, but it was worth reading :-). what I understand is Permission like CRUD can be design but that is for Entity level, however I need to define permission for each application created in Volo.Abp.OpenIddict.OpenIddictApplication Individual Application created in OpenIddictApplication

Regards, Navneet

Many thx,

Let me give a try and will come back to you