Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

RequiresFeature Throws Internal Server Error instead of AbpAuthorizationException #6252


User avatar
0
davidharrison created

Implementing the RequiresFeature attribute on either an MVC controller or Application Service class or method throws a 500 Internal Server Error when the current user doesn't have the required feature, rather than throwing an AbpAuthorizationException, as the ABP documentation states that it should:

This method is executed only if the "ExportToExcel" feature is enabled for the current tenant (current tenant is obtained from IAbpSession). If it's not enabled, an AbpAuthorizationException is thrown automatically.

I've implemented the RequiresFeature attribute in the same way as shown by the documentation:

Abp Implementation [RequiresFeature("ExportToExcel")] public async Task<FileDto> GetReportToExcel(...) { ... }

My Implementation [RequiresFeature("App.RoleManagement")] public async Task<GetRoleForEditOutput> GetRoleForEdit(...) { ... }


9 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    What is your Zero version? Is Net MVC or Core?

  • User Avatar
    0
    ryancyq created
    Support Team

    Hi, does the error happen when you logged in as Host user? if so, see https://support.aspnetzero.com/QA/Questions/6200

  • User Avatar
    0
    davidharrison created

    Hi @Maliming

    We're running .Net Core v6.3.0

  • User Avatar
    0
    davidharrison created

    Hi @ryancyq

    It happens when logged in as a host user, which is explained by the thread in the link you shared, but unfortunately, it's happening for tenant users as well, which is why I raised this question.

  • User Avatar
    0
    ryancyq created
    Support Team

    Please share the error stack trace when logged in as tenant user.

  • User Avatar
    0
    davidharrison created

    Hi @ryancyq

    In going back to get the stack trace, something has changed and in the debug console it now shows a 401 Unauthorised being returned, instead of the 500 it was before.

    Something I still note is that when the 401 is thrown due to failed feature check (on tenant) this is displayed to the user:

    and the blockUI crashes as well, requiring a page refresh to carry on. The above message is not self-explanitory, but no other information can be gathered, as the audit log doesn't show any error to have occured.

    If one manually throws an AbpAuthorizationException, then it can come up like so:

    Can the same be done when errors are thrown by the feature checker?

  • User Avatar
    0
    ismcagdas created
    Support Team

    @davidharrison

    Have you figured out a solution ?

  • User Avatar
    0
    davidharrison created

    @ismcsgdas no I haven't - the behaviour isn't consistent, and isn't handled gracefully one way or another (either crashing completely as a 500 error or as the 401 that breaks the BlockUI and provides no details)

  • User Avatar
    0
    ryancyq created
    Support Team

    Perhaps you can provide the error stack trace log for those 500 http errors? So that we can suggest accordingly.