Open Closed

User is logged out when he doesn't have permissions. #11228


0
outdoored created

Your Abp package version: .7.0.1 Your base framework: .Net Framework or .Net Core: .NET 6

When a user doesn't have the required permissions a AbpAuthorizationException is thrown and the user is being logged out. Is there a way to change this behavior? For example show an 'you don't have access to this page' screen rather than logging the user out?

My controller code:

 [AbpMvcAuthorize(AppPermissions.Pages_CommunicationLog_Index)]
        // GET: Incidents/CommunicationLogs
        public ActionResult Index()
        {

            return View();
        }

User is logged out if he doesn't have the Pages_CommunicationLog_Index permission and tries to visit the page.

WARN  2022-08-17 09:31:04,689 [orker] Mvc.Authorization.AbpAuthorizationFilter - Abp.Authorization.AbpAuthorizationException: Required permissions are not granted. At least one of these permissions must be granted: Index
   at Abp.Authorization.PermissionCheckerExtensions.AuthorizeAsync(IPermissionChecker permissionChecker, Boolean requireAll, String[] permissionNames)
   at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
   at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
   at Abp.Authorization.AuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)
   at Abp.AspNetCore.Mvc.Authorization.AbpAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)

6 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi @outdoored

    Do you use Angular frontend or jQuery+MVC ?

  • 0
    outdoored created

    Using 11.0 NetCore iQuery & MVC

  • 0
    ismcagdas created
    Support Team

    Hi,

    Could you remove this section from AccountController and try again ?

  • 0
    outdoored created

    The IActionResult expects a view. What should I return as View? On first sight, the user is still being redirected to the login page.

  • 0
    outdoored created

    Removing the await _signInManager.SignOutAsync(); makes the back button usable again. Is there a way to show the user a message 'you don't have permissions' instead of redirecting him to the login page?

  • 0
    ismcagdas created
    Support Team

    Hi @outdoored

    I have replied to GitHub issue, we can continue on Github.