Base solution for your next web application
Open Closed

Adding simple security to an Application Service #327


User avatar
0
tonywr created

Hi there,

I am trying to add simple security to a class that inherits from ApplicationService.

My understanding is that I should be able to add a my own class that inherits from IPermissionChecker, and that if I add an AbpAuthorize attribute to a method, then it should run the IsGrantedAsync method to see if it has the permissions.

So I created the following class

public class MyTestPermissionChecker : IPermissionChecker
    {

        public Task<bool> IsGrantedAsync(long userId, string permissionName)
        {
            return Task.FromResult<bool>(true);
        }

        public Task<bool> IsGrantedAsync(string permissionName)
        {
            return Task.FromResult<bool>(true);
        }
    }

and in the constructor of my class, I switch out the permission checker with my own

public class MyAppService : ApplicationService, IQuoteCaptureAppService
{
    public QuoteCaptureAppService(...lots of injected classes)
    {
...lots of setting of injected classes into module level variables
          this.PermissionChecker = new MyTestPermissionChecker();
    }
}

My test method looks like this:

[AbpAuthorize("Test.Permission")]
public GetMyTestOutput GetMyTest(GetMyTestlInput input)
{
           ..do stuff
}

But when I run the code, it raises an exception Abp.Authorization.AbpAuthorizationException with the message " No user logged in!"

I do not want to load in the whole Abp.Zero module.

What do I need to do to make Abp recognise that I am logged in?


1 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    You partially understood it :) I want to make it clear;

    • yes, if you implement IPermissionChecker then ABP uses your implementation. But you haven't registered your implementation to DI. For example, you can implement also ITransientDependency for MyTestPermissionChecker (see DI document for more info).

    • this.PermissionChecker = new MyTestPermissionChecker(); is nothing in the app service since auth system does not use app service's permission checker. It injects IPermissionChecker itself. So, remove it.

    After these, you will get the same exception still :) Because, Authorization first checks IAbpSession.UserId to see if it's null or not. if it's null, your exception is thrown. So, you should also implement IAbpSession.