Prerequisites
Please answer the following questions before submitting an issue.
- What is your product version?
- 8.6.0
- What is your product type (Angular or MVC)?
- Angular
- What is product framework type (.net framework or .net core)?
- .net core
Hello,
I am looking for solutions where we have a requirement like access the endpoint by generating the custom JWT Token, different from ABP token, using properties like User email, tenantId, and some related to our project.
At present, the endpoint is publicly accessible using the "AbpAllowAnonymous" attributes. The endpoint is publicly accessible regardless of whether we use [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] or [Authorize].
we don't want to use "[AbpAuthorize]" for some Endpoint.
Thanks SG
2 Answer(s)
-
0
Hello Team,
Any suggestions on these contexts?
Thanks, SG
-
0
Hi @SRTMDEV
If this is only for a specific endpoint, you can handle it in the AppService/Controller itself. If you want to use this in more than one endpoint, you can define an action filter similar to https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.AspNetCore/AspNetCore/Mvc/Authorization/AbpAuthorizationFilter.cs. You can also create an attribute similar to
AbpAuthorizeand check this attribute in your new filter and reject access.
