Base solution for your next web application

Activities of "bvz"

All Question Answer
Newest Oldest
I cant get permissions on API to work #84
Question

I have implemented the IPermissionChecker interface:

public class PermissionChecker : IPermissionChecker
    {
        public async Task<bool> IsGrantedAsync(string permissionName)
        {
            return true;
        }

        public async Task<bool> IsGrantedAsync(long userId, string permissionName)
        {
            return true;
        }
    }

I am always returning true for now, I just want to check if I am wiring everything up correctly.

I then register the type like so:

IocManager.Instance.IocContainer.Register(
                Component.For<IPermissionChecker>().ImplementedBy<PermissionChecker>().LifestyleTransient());

When I make a call from angular on the API to a REST action that has this attribute:

[AbpAuthorize("Admin")]

The frontend angular generates an error message stating that "No user is logged in."

But a user IS logged in.

Also, neither of the IsGrantedAsync methods on the IPermissionChecker implementation are hit ever, so the system is not even attempting to find out if the current user has the required permissions. The constructor for PermissionChecker is being called though.

Questions:

  1. Why am I getting an error stating that no user is logged in, when there is a user logged in?
  2. When an API call tries to access an AbpAuthorize marked REST action, the user should be taken to the log in pate. How is the log in url specified for the single page angular side?
Inject logged in user information into other layers #83
Question

I need information about the logged in user in the EntityFramework layer. I also need this information in the IPermissionChecker implementation.

I have read this page: <a class="postlink" href="http://www.aspnetboilerplate.com/Pages/Documents/Abp-Session">http://www.aspnetboilerplate.com/Pages/ ... bp-Session</a>

And I have implemented the IAbpSession interface like so:

class AbpSession : IAbpSession
    {
        public long? UserId
        {
            get
            {
                //var userId = Thread.CurrentPrincipal.Identity.GetUserId();
                return null;
            }
        }

        public int? TenantId { get; private set; }
    }

The Thread.CurrentPrincipal.Identity.GetUserId() line (commented out above) always returns null. How can I get identity of the currently logged in user in the implementation of IAbpSession?

I am authenticating using FormsAuthentication.SetAuthCookie. This works, because the user can access something marked with [Authorise].

How to ath #77
Answer

I am not using Zero.

I have already added some roles with this:

public override void SetPermissions(IPermissionDefinitionContext context)
        {
            var admin = context.CreatePermission("Admin", new LocalizableString("Admin", MixTechConsts.LocalizationSourceName));
            var superadmin = context.CreatePermission("SuperAdmin", new LocalizableString("SuperAdmin", MixTechConsts.LocalizationSourceName));
            var user = context.CreatePermission("User", new LocalizableString("User", MixTechConsts.LocalizationSourceName));
            
        }

My question is, when I call the API, and I hit something decorated with this:

[AbpAuthorize("Admin")]

How does ABP know how which users have which roles?

How does ABP know if the currently logged in user has the Admin role or not, so that it can decide if the user has access to the REST API call or not?

Showing 11 to 13 of 13 entries