Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

API call requiring Authirization by using IdentityServer #5145


User avatar
0
tugrulkarakaya created

I enabled IdentityServer and an defined an api Client.

I need to call an api requiring some AbpAuthorize with a client authorized with identityserver client. (Api require a specific role but client just have a client api permission) Client does not have user permission. client is just authorized with client password. Do I need specific API for this purposes or is it possible to execute call with client permission. (if a client is authorised for that client and I do not want to check other authorizations but angular client is needed to be authorized. is it possible to implement a scenario that Angular client is validated with given permission but API client is not needed to be validated)

Forexample how to call an API requiring auth as below from client (not form angular from a client authorized with identityserver clientpassword); "[AbpAuthorize(AppPermissions.Pages_SomeFunction)]"


2 Answer(s)
  • User Avatar
    0
    tugrulkarakaya created

    I think I have found a solution for this scenario, I need to authorize client with user password not client password. I mean not with this (<a class="postlink" href="http://docs.identityserver.io/en/release/quickstarts/1_client_credentials.html">http://docs.identityserver.io/en/releas ... tials.html</a>)I need to authorize with <a class="postlink" href="http://docs.identityserver.io/en/release/quickstarts/2_resource_owner_passwords.html">http://docs.identityserver.io/en/releas ... words.html</a> (resource owner not client)

    So I'll define an API user on Host (not on a tenant) and I'll set tenant during operation by requirement)

  • User Avatar
    0
    ismcagdas created
    Support Team

    @tugrulkarakaya Thank you for sharing your solution :).