Base solution for your next web application
Open Closed

PermissionsChecker not invoked by AbpAuthorize("permission") #1816

User avatar
0
pnw created

I'm using vanilla Abp and am trying to secure my public AppService methods. The PermissionChecker I defined is getting ignored.

I have a couple of permissions defined

public class MyAuthorizationProvider : AuthorizationProvider
    {
        public override void SetPermissions(IPermissionDefinitionContext context)
        {
            context.CreatePermission("CurrentState");
            context.CreatePermission("UpdateState");
        }
    }

In PreInitialize() of my AppService module, I add it to the configuration

Configuration.Authorization.Providers.Add<MyAuthorizationProvider>();

I implemented IPermissionChecker

public class PermissionsChecker : IPermissionChecker, ITransientDependency
    {
        public Task<bool> IsGrantedAsync(string permissionName)
        {
            return CheckAccess(permissionName);
        }

        public Task<bool> IsGrantedAsync(UserIdentifier user, string permissionName)
        {
            return CheckAccess(permissionName);
        }
    }

and put AbpAuthorize attribute on an AppService method

[AbpAuthorize("CurrentState")]
        public CurrentState GetCurrentState(int Id)
        {
             // do stuff
        }

Neither IsGrantedAsync methods get called. The method just executes. (AbpSession.UserId is correctly set via the NameIdentifier claim.) I've looked over the guide <a class="postlink" href="http://aspnetboilerplate.com/Pages/Documents/Authorization">http://aspnetboilerplate.com/Pages/Docu ... horization</a> but can't see what I'm missing.

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    I assume that you are using ABP v1.0.

    Can you try to add this into your module's PreInitialize:

    Configuration.ReplaceService<IPermissionChecker, PermissionsChecker>(DependencyLifeStyle..Transient);

    Be sure that the PermissionsChecker is your class (since abp.zero has same class name). To be sure, rename your class to CustomPermissionsChecker or something you more like.

  • User Avatar
    0
    pnw created

    <cite>hikalkan: </cite> I assume that you are using ABP v1.0.

    Can you try to add this into your module's PreInitialize:

    Configuration.ReplaceService<IPermissionChecker, PermissionsChecker>(DependencyLifeStyle..Transient);

    Be sure that the PermissionsChecker is your class (since abp.zero has same class name). To be sure, rename your class to CustomPermissionsChecker or something you more like.

    I am using ABP 1.0. I renamed my checker to MyPermissionChecker.

    When I try to add that line of code to my MyApplicationModule.PreInitialize()

    using Abp.Authorization;
using Abp.Dependency;
...
Configuration.ReplaceService<IPermissionChecker, MyPermissionsChecker>(DependencyLifeStyle.Transient);

    Visual Studio says "<span style="color:#FF0040">CS0308: This non-generic method 'IAbpStartupConfiguration.ReplaceService(Type,Action)' cannot be used with type arguments</span>."

  • User Avatar
    0
    hikalkan created
    Support Team

    You should use Resharper :)

    Add this to top of your code file:

    using Abp.Configuration.Startup;
Assignee
No one
Labels
None yet