Thanks, but for reference the above code is not quite correct. Return 404 if the user is NOT authenticated or is NOT a member of the admin role.
app.Use(async (httpContext, next) =>
{
if (httpContext.Request.Path.Value.ToLower().Contains("swagger"))
{
var user = httpContext.RequestServices.GetService<ICurrentUser>();
if (!user.IsAuthenticated || !user.IsInRole("admin"))
{
httpContext.Response.StatusCode = 404;
return;
}
}
await next.Invoke();
});
I don't think what you just said is entirely correct. I think you mean create a new Client. And roles do not apply to Clients, I think you mean API Resources/Scopes.
So given that what I have just said is assumed to be true, what is the authorization header I need to use to decorate my API methods?
Something like:
[Authorize]
except that doesn't seem to work.
Thank you for the information.
In what file do we add this?
I've added a client using ABP and I can get a token
But after I set the token using SetBearerToken(...), when I call GetAsync, I get a HTML response that shows I have been redirected to the ABP login page
How can I get the token to allow access to any of the API endpoints I choose?
This is not working.
Do you have a working code example of an API endpoint secured using Identity Server Client Credentials?
That tutorial says to configure Identity Server like this:
public void ConfigureServices(IServiceCollection services)
{
var builder = services.AddIdentityServer()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients());
}
Where to do this in the ABP code?
I find it troubling that the Nuget Package Manager cannot be used to manage upgrades for the Volo.Abp nuget packages.
As you recommended, I manually edited the package version numbers in the CSPROJ files, and as a result I do seem to have accomplished the upgrade.
However, there are many packages that now show as "Not available in this source" in Nuget Package Manager.
Can you please explain why this is the case? ABP is a commercial product and I don't believe I should need to manually edit my CSPROJ files to perform upgrades to the product. I believe I should be able to use the Nuget Package Manager.
I used the Manage Nuget Packages update feature and it does seem to have successfully upgraded many of the packages.
However, there are many packages that seem to still have max version 2.9.0
Is this the problem? Which of the packages have 3.0.2 versions and which do not? If some do not have 3.0.2 versions, are the 2.9.0 versions suppsed to keep working alongside the new 3.0.2 versions?
Can you please provide documentation or an example of how to inject and utilize the application layer into the HttpApi?