Starts in:
2 DAYS
4 HRS
41 MIN
28 SEC
Starts in:
2 D
4 H
41 M
28 S

Activities of "shijo"

Hi, Nothing is working out.

See I want to switch users based on token claim data emailid, before calling the APIs, I think now that's user switching is not happening, and thats why API authorization is failing.

When I am calling API, lifecycle is somethings like this

  1. https://localhost:44316/api/app/authors >>>
  2. AuthorsAppService constructor
  3. AuthorController constructor
  4. Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input) in AuthorController
  5. TokenValidated(TokenValidatedContext context) in JWTToken validator
    • Inside here I am trying to switch user but not working
  6. Response 401 UnAuthorized ** service (AuthorsAppService) layer method not calling at all

TestApp.HttpApi.Host

All APIs are in TestApp.HttpApi.Host, how to access API by external user? Strange thing is when I placed [Authorize(AuthenticationSchemes = "Bearer,jwt2")] in controller attribute api returning data and same thing when I placed in Service not working

hi

I downloaded the code. Any steps?

You can see there, I used 2 JWTbearer, One is Internal, and the other is external,

  1. You have to create an external sso
  2. Create User in external SSO, email exp:** test@test.com**
  3. In the shared project create a new tenant and create a user for that tenant with same email id ** test@test.com**
  4. Create a sample API like getAuthors retrun some data
  5. Create a Client App and Authenticate user with that external SSO
  6. After getting the token Call getAuthor API with that token ( tenant you can hardcoded)
  7. Return author data For me this is giving UnAuthorised exception because of user not loggin in

hi

Can you share a simple project to reproduce the above exception?

liming.ma@volosoft.com

Hi,

I have shared sample code here, can you check

hi

I guess on the JwtBearerEvents method the authentication has not finished.

You can call the app service after app.UseAuthentication

I am looking to impersonate a user after token validation, I did this but user unauthorised exception coming, After fetching the user I want to sign in with that user in order to access APIs, where should I exactly place the code to impersonate user after validation?

public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                var checkUser = await UserManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    checkUser = new Volo.Abp.Identity.IdentityUser(Guid.NewGuid(), this.UserEmail, this.UserEmail, _currentTenant.Id);

                    var result = await UserManager.CreateAsync(checkUser);

                    // Assign Roles
                    if (result != null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
                else
                {
                    var newPrincipal = new ClaimsPrincipal(
                                        new ClaimsIdentity(
                                            new Claim[]
                                            {
                                                    new Claim(AbpClaimTypes.UserId, checkUser.Id.ToString()),
                                                    new Claim(AbpClaimTypes.TenantId, checkUser.TenantId.ToString()),
                                                    new Claim(AbpClaimTypes.UserName, checkUser.Email),
                                                    new Claim(AbpClaimTypes.Role, "admin")
                                            }
                                        )
                                     );
                    _currentPrincipalAccessor.Change(newPrincipal);
                }
            }
            catch (Exception)
            {
                throw;
            }
        }

Hi, I found a way to execute code after token validation. Added a JWTBearerEvent. How can I access users' data in TokenValidated, I tried to access using IdentityUserAppService but throwing the exception ABP Unauthorized in await userManager.FindByEmailAsync(this.UserEmail);

options.EventsType = typeof(UserValidation);

public class UserValidation : JwtBearerEvents
    {
        private string UserEmail { get; set; }
        private string UserName { get; set; }
        public UserValidation()
        {
            
        }
        public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserAppService>();

                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                
                var checkUser = await userManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    var newUser = new IdentityUserCreateDto
                    {
                        Email = this.UserEmail,
                        UserName = this.UserEmail,
                    };

                    var result = await userManager.CreateAsync(newUser);

                    // Assign Roles
                    if (result!=null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
            }
            catch (Exception)
            {
                throw;
            }
        }
    }

Hi, this is basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after token validation?

hi

Can you share a simple project? liming.ma@volosoft.com

I will download and check it.

Ok I will create and sample project and share. One more question regarding the user mapping, How can I map user which is authenticated by external sso and our admin api, we have to match the users with email and set currentuser for permission management.

hi

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0#use-multiple-authentication-schemes

I mapped the schemes globally, working fine when I placed [Authorize] attribute in controller. But in ABP we don't have any [Authorize] attribute, it is in ApplicationService. If I remove [Authorize] attribute from controller and keeping [Authorize] attribute in ApplicationService class, it's giving me unauthorized.

[RemoteService(IsEnabled = false)]
[Authorize]
public class AuthorsAppService : ApplicationService, IAuthorsAppService{
    ctor...
    
    public virtual async Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input)
    {}
}

[RemoteService]
public class AuthorController : AbpController, IAuthorsAppService{

}

hi

You can call this code on controllers or Authorize with a specific scheme in ASP.NET Core

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0

Hi, I added [Authorize(AuthenticationSchemes = "Bearer,jwt2")] attribute in the controller it's working fine. How can I apply both schemes by default in all controllers?

Showing 21 to 30 of 78 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06