Your Abp package version: .7.0.1 Your base framework: .Net Framework or .Net Core: .NET 6
When a user doesn't have the required permissions a AbpAuthorizationException is thrown and the user is being logged out. Is there a way to change this behavior? For example show an 'you don't have access to this page' screen rather than logging the user out?
My controller code:
[AbpMvcAuthorize(AppPermissions.Pages_CommunicationLog_Index)]
// GET: Incidents/CommunicationLogs
public ActionResult Index()
{
return View();
}
User is logged out if he doesn't have the Pages_CommunicationLog_Index permission and tries to visit the page.
WARN 2022-08-17 09:31:04,689 [orker] Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Required permissions are not granted. At least one of these permissions must be granted: Index
at Abp.Authorization.PermissionCheckerExtensions.AuthorizeAsync(IPermissionChecker permissionChecker, Boolean requireAll, String[] permissionNames)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
6 Answer(s)
-
0
Hi @outdoored
Do you use Angular frontend or jQuery+MVC ?
-
0
Using 11.0 NetCore iQuery & MVC
-
0
The IActionResult expects a view. What should I return as View? On first sight, the user is still being redirected to the login page.
-
0
Removing the
await _signInManager.SignOutAsync();makes the back button usable again. Is there a way to show the user a message 'you don't have permissions' instead of redirecting him to the login page? -
0
Hi @outdoored
I have replied to GitHub issue, we can continue on Github.
