I have implemented the IPermissionChecker interface:
public class PermissionChecker : IPermissionChecker
{
public async Task<bool> IsGrantedAsync(string permissionName)
{
return true;
}
public async Task<bool> IsGrantedAsync(long userId, string permissionName)
{
return true;
}
}
I am always returning true for now, I just want to check if I am wiring everything up correctly.
I then register the type like so:
IocManager.Instance.IocContainer.Register(
Component.For<IPermissionChecker>().ImplementedBy<PermissionChecker>().LifestyleTransient());
When I make a call from angular on the API to a REST action that has this attribute:
[AbpAuthorize("Admin")]
The frontend angular generates an error message stating that "No user is logged in."
But a user IS logged in.
Also, neither of the IsGrantedAsync methods on the IPermissionChecker implementation are hit ever, so the system is not even attempting to find out if the current user has the required permissions. The constructor for PermissionChecker is being called though.
Questions:
I need information about the logged in user in the EntityFramework layer. I also need this information in the IPermissionChecker implementation.
I have read this page: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Abp-Session">http://www.aspnetboilerplate.com/Pages/ ... bp-Session</a>
And I have implemented the IAbpSession interface like so:
class AbpSession : IAbpSession
{
public long? UserId
{
get
{
//var userId = Thread.CurrentPrincipal.Identity.GetUserId();
return null;
}
}
public int? TenantId { get; private set; }
}
The Thread.CurrentPrincipal.Identity.GetUserId() line (commented out above) always returns null. How can I get identity of the currently logged in user in the implementation of IAbpSession?
I am authenticating using FormsAuthentication.SetAuthCookie. This works, because the user can access something marked with [Authorise].
I am not using Zero.
I have already added some roles with this:
public override void SetPermissions(IPermissionDefinitionContext context)
{
var admin = context.CreatePermission("Admin", new LocalizableString("Admin", MixTechConsts.LocalizationSourceName));
var superadmin = context.CreatePermission("SuperAdmin", new LocalizableString("SuperAdmin", MixTechConsts.LocalizationSourceName));
var user = context.CreatePermission("User", new LocalizableString("User", MixTechConsts.LocalizationSourceName));
}
My question is, when I call the API, and I hit something decorated with this:
[AbpAuthorize("Admin")]
How does ABP know how which users have which roles?
How does ABP know if the currently logged in user has the Admin role or not, so that it can decide if the user has access to the REST API call or not?