I am using aspnet core & angular. I have a a microservice that is using the angular app and I need to be able to check when a user sends a request to that service that he is authenticated and has permission to use that service. Based on my understanding the service can call the aspnet core and check this. Or am I wrong? Is there any example on how to achieve that?
Thanks
11 Answer(s)
-
0
your microservice can authenticate to your AspNet Zero application via External Authentication method.
public class MyExternalAuthSource : DefaultExternalAuthenticationSource<Tenant, User>, ITransientDependency { public override string Name { get { return "MyCustomSource"; } } public override Task<bool> TryAuthenticateAsync(string userNameOrEmailAddress, string plainPassword, Tenant tenant) { //TODO: authenticate user and return true or false } }<a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/Zero/User-Management?searchKey=external%20authentication#external-authentication">https://aspnetboilerplate.com/Pages/Doc ... entication</a>
-
0
Hi, In order to do so I have to reference dlls from aspnetzero. I don't want to follow this approach because each microservice shouldn't be sharing code and referencing with another app and also my microservice is written in different language (java). Desirable behavior is to call aspnetzero core using Http and perform the task
Thanks
-
0
<cite>antonis: </cite> Hi, In order to do so I have to reference dlls from aspnetzero. I don't want to follow this approach because each microservice shouldn't be sharing code and referencing with another app and also my microservice is written in different language (java). Desirable behavior is to call aspnetzero core using Http and perform the task
Thanks
Hi, What's your messaging framework? In this case your micro-service need a boolean callback for userAuthorized or rejectedUser from Core app eventHandler. If your micro-service haven't data access so it's very simple. If haves so you need to receive tenantId as string then getting tenant with tenant repository before sending resource to authorize manager. Or create your own Identity Micro-service based on ABP framework authorization (NOT recommended for small/medium business).
-
0
I don't want you to reference AspNet Zero packages to your microservice. I just say make your own Controller to authenticate a user with a request from your microservice. While you make this authentication action, you'll use External Authentication.
-
0
The problem is the communication from one service to another. How do I do that? Scenario is as follows I have Microservice A. Client sends a request to MicroServiceA. I want to check if that user is authenticated and if he is, I want to check if he has a specific permission. If he has he performs the operation of MicroServiceA. MicroserviceA receives the request from client and then sends a request to aspnetzero .net core. Aspnetzero .net core checks if that user is authenticated and checks specific permissions and reply back to MicroserviceA. MicroServiceA then replies back to client with 401 or proceeds with the user request
-
0
Hi again,
If I understand you correctly, this is your case... <span style="color:#FF0000">Some Client ==> MicroService-A ==> AspNet Zero [checks, user authenticated and granted permission?] ==> MicroService-A ==> The Client </span>
According to this flow. You have to check whether the user is authenticated or not. If he/she is authenticated then you check the required permission and return back to the MicroService-A.
By means of authentication, do you need 1- to check whether the user is logged in (might have closed the browser after some time) 2- or the user is online (authenticated and the page is open in the browser)
1- If you just want to check authentication state, you need a custom development. Authentication is done via token in the cookies of the client. So AspNet Zero server doesn't hold a state of the token. It just validates the incoming token. So you need to add a custom field like "IsUserAuthenticated" to the User entity. And whenever the user signs in you have to set that field to true. Create a new controller or application service that serves this information. In that controller/application service you get username and return IsUserAuthenticated field. Don't forget to check LastLoginTime on the User entity. If the user's LastLoginTime is older than the token expiration time. Then you return -not authenticated- because user's token is expired. (There's "SignInTokenExpireTimeUtc" field on the User entity. You can also check that field)
2- If you want to return whether the user is online or not. It's simpler! Inject IOnlineClientManager and check the user's online status. <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/SignalR-Integration?searchKey=Online%20client%20manager#online-clients">https://aspnetboilerplate.com/Pages/Doc ... ne-clients</a>
For the permission checking; you can use IPermissionManager <a class="postlink" href="https://aspnetboilerplate.com/Pages/Documents/Zero/Permission-Management">https://aspnetboilerplate.com/Pages/Doc ... Management</a>
-
0
Hi alper
The flow is as follows
Some Client ==> MicroService-A [<span style="color:#FF0000">forward request</span>] ==> AspNet Zero [checks, user authenticated and granted permission?] ==> MicroService-A ==> The Client
-
0
updated my answer.
-
0
alper I dont understand all this complexity you added. I think my requirement is pretty straightforward. Client instead of calling AspNetZero directly, is gonna call MicroA then that request will be routed to AspNetZero. My question is simple. Which url(s) of AspNetZero shall I call from MicroA to do that (I suppose it is gonna be the same that the client now calls directly to the AspNetZero. No custom development, no check whether the user is online. Just check whether the user is authenticated, check whether he is who he claims he is and some permission checking.
Thanks
-
0
Hi @antonis,
Does "Some Client" have an authentication token ? If so, you can create a controller similar to TokenAuthController, add a new action to it for checking the permissions you want.
There is no public endpoint on AspNet Zero which checks permisison.
-
0
"Does "Some Client" have an authentication token ? "
Yes the client is the one using Angular app which is authenticated through AspNetZero. I think you didn't understand what I am trying to achieve. Let me try again to explain it. I have my AspNet Zero app (.net core plus angular 2) under <a class="postlink" href="http://www.mydomain.com">http://www.mydomain.com</a> . When I login I suppose the client receives a token and get some permissions. Based on these permissions the side menu is built up. One of the menu links points to a 3rd part microservice (<a class="postlink" href="http://www.microa.com">http://www.microa.com</a>). When the user clicks on that link I send an Http request to <a class="postlink" href="http://www.microa.com">www.microa.com</a>. This MicroA service needs to see if the user is authenticated and if it is if he has the permission. I cant reference any code from Abp because the microa.com is a java service or python, nodejs etc. So once microA receives the request from client (with the token received previously from <a class="postlink" href="http://www.mydomain.com">www.mydomain.com</a>) <a class="postlink" href="http://www.microa.com">www.microa.com</a> calls <a class="postlink" href="http://www.mydomain.com">www.mydomain.com</a> and forwards the token. <a class="postlink" href="http://www.mydomain.com">www.mydomain.com</a> receives the token checks if it is authenticated and if it is returns also back the permissions of that client. microA receives the response from <a class="postlink" href="http://www.mydomain.com">www.mydomain.com</a> and if it is not authenticated or not have permission to use this service it sends back to the client 401 or if client is A&A microA proceed with the initial request and returns back the result to client. I think I cannot be more clear on this.
Thanks
