Base solution for your next web application
Open Closed

[OData] authentification #815


0
daws created

Hello there,

I start using OData to create a lot of reporting via excel powerBI.

Is it possible to secure odata calls with login ? via module zero or other form. (it's possible for odata; but how can I do it with ABP ;) )


9 Answer(s)
  • 0
    hikalkan created
    Support Team

    Hi,

    Did you try to use [AbpApiAuthorize] for your OData controllers?

  • 0
    daws created

    Adding the [AbpApiAuthorize] give me the http call with "Authorization has been denied for this request."

    But when I use this flux on excel (2016), I can access all data without login request :( ;)

  • 0
    daws created

    Is it a possibility to integrate secure access atribute for odata soon ?

    Thanks ;)

  • 0
    hikalkan created
    Support Team

    Hi,

    I believe AbpApiAuthorize attribute should work for also OData, but I haven't test it yet :)

    Let me test it and write you back.

  • 0
    hikalkan created
    Support Team

    Hi,

    I created a controller and added AbpApiAuthorize attribute like that:

    [AbpApiAuthorize] public class RolesController : AbpODataEntityController<Role> { public RolesController(IRepository<Role> repository) : base(repository) { } }

    And it worked as expected. I got 401 error if not logged in. I tested with Postman. Don't know how to use Excel for it.

  • 0
    maharatha created

    Few Questions :

    1. How do I pass the credentials along with Tenant info using Odata feed from excel

    2. AbpWebApiAuthorize works for me

    3. My data looks like the below :

    { "@odata.context":"http://localhost:6240/odata/$metadata#COA","value":[ { "Id":1,"xxxxx":"ttttt","Description":"xxxxxx","rrrrr":"xxxxxxx","DisplaySequence":0,"IsApproved":true,"IsPrivate":false,"TenantId":4,"OrganizationUnitId":0,"IsActive":true,"IsDeleted":false,"DeleterUserId":null,"DeletionTime":null,"LastModificationTime":null,"LastModifierUserId":null,"CreationTime":"2016-03-04T09:35:40.653-08:00","CreatorUserId":9 } ] }

    But when I open in excel I get the below error:

    "We can't use the data from this feed. Make sure the external data feed server is available and your connection information is correct"

  • 0
    hikalkan created
    Support Team

    I don't know it, but this question is not related to AspNet Zero. It's a common question about integration of Excel and OData. You can find info on the web.

  • 0
    daws created

    Re hello there ;)

    After some tests, ALWAYS with [AbpApiAuthorize]n here some results

    With postman : <a class="postlink" href="http://localhost:6235/odata">http://localhost:6235/odata</a> : $metadata retrieved for abpodataentitycontroller <a class="postlink" href="http://localhost:6235/odata/Persons">http://localhost:6235/odata/Persons</a> : access denied

    from excel, giving this url as oData flux: <a class="postlink" href="http://localhost:6235/odata">http://localhost:6235/odata</a> : access granted to Persons table data (& all other data) <a class="postlink" href="http://localhost:6235/odata/Persons">http://localhost:6235/odata/Persons</a> : access denied (but if i can access it via the url just on previous line, it does not help us :mrgreen: )

    and the following method to authentificate

    • anonymous
    • windows
    • basic
    • api Web (asking for a key), -> could be the one
    • marketplace key
    • profesionnal account

    Is it planned on your side ton investigate further on this ?

    it will be necessary for me in few weeks. :cry:

    I could provide an excel 2016 proplus account (365, in english) to test it, if necessary and a fee if not planned on your side :)

    Thks for your help ;)

  • 0
    hikalkan created
    Support Team

    Hi,

    Do you know how to make it without ABP? If ABP has a restriction, I can fix it. I don't know it actually.

    But, I also want to learn it since securing odata is important.

    Have you found something on the web. I will also search for it if I've time.

    Thanks.