Access API Endpoint in secure way #10732 | Support Center

SRTMDEV created 3 years ago

Prerequisites

Please answer the following questions before submitting an issue.

What is your product version?
- 8.6.0
What is your product type (Angular or MVC)?
- Angular
What is product framework type (.net framework or .net core)?
- .net core

Hello,

I am looking for solutions where we have a requirement like access the endpoint by generating the custom JWT Token, different from ABP token, using properties like User email, tenantId, and some related to our project.

At present, the endpoint is publicly accessible using the "AbpAllowAnonymous" attributes. The endpoint is publicly accessible regardless of whether we use [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] or [Authorize].

we don't want to use "[AbpAuthorize]" for some Endpoint.

Thanks SG

2 Answer(s)

0

SRTMDEV created 3 years ago

Hello Team,

Any suggestions on these contexts?

Thanks, SG
0

ismcagdas created 3 years ago
Support Team

Hi @SRTMDEV

If this is only for a specific endpoint, you can handle it in the AppService/Controller itself. If you want to use this in more than one endpoint, you can define an action filter similar to https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.AspNetCore/AspNetCore/Mvc/Authorization/AbpAuthorizationFilter.cs. You can also create an attribute similar to AbpAuthorize and check this attribute in your new filter and reject access.

Have an answer to this question? Log in and write your answer.