Base solution for your next web application
Open Closed

Problems accessing Api with identity server enabled #3514


User avatar
0
kamanchan created

Hello,

I have created 2 projects, let say projectA and projectB, which projectA enabled identity server integration and projectB has some apis will be consumed. I have tested password and client crediantial grant types, access token can be fetched successfully from projectA but when I invoke apis in projectB, 403 forbidden is returned. I found that 403 returned only when I use AbpAuthorized attribute, if I use authorized instead, api can be called successfully. Could you give me some advise?

And another question, if I specify the permission of the api in projectB (for example, specified attribute 'AbpAuthorized(Permission.XXXX)', will Abp check if the user has such permission?

Thanks!


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @kamanchan,

    For your question, yes permissions must be checked as well.

    AspNet Zero template contains a sample demonstrating your use case. It calls UserAppService's GetUsers method.

    You can check it here : <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/tree/dev/aspnet-core/test/MyCompanyName.AbpZeroTemplate.ConsoleApiClient">https://github.com/aspnetzero/aspnet-ze ... eApiClient</a>

    And UserAppService both have AbpAuthorize attribute and a defined permission name.

    If your use case is different than this, can you share it ?

    Thanks.

  • User Avatar
    0
    kamanchan created

    Hello,

    It seems different, the test invoke GetUsers which is in the project of identity server. Now, I have anohter server (in my case, projectB) which is only hosted the api being consumed, it depends on the identity server project(in my case, projectA) and didn't host any user and permission information. So will AbpAuthorize in projectB work to check the permission?

    What I want to achieve is creating several API projects with ABP and share the APIs among them through identity server. Is there any example for that?

    Thanks!