How do i repeat those login line of code in WebAPI layer ?
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = loginModel.RememberMe }, loginResult.Identity);
where the AuthenticationManager were
private IAuthenticationManager AuthenticationManager
{
get { return HttpContext.GetOwinContext().Authentication; }
}
Or is there any other way to set Remember me and owin cookies ?
ok thx a lot for your answer!
the OWIN context is used to Login User with the MVC Controller
this is from Taskever -> AccountController
private IAuthenticationManager AuthenticationManager
{
get
{
return HttpContext.GetOwinContext().Authentication;
}
}
private async Task SignInAsync(AbpUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await _userManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(AbpClaimTypes.TenantId, "42"));
AuthenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, identity);
}
so OWIN know the user if he's connected (Logged in)
Does the WebAPI layer is doing the same thing !? Does OWIN will know my User if i go with AbpUserManager.LoginAsync ?
I'm asking this because i will use SignalR soon and it work on Owin. I want SignalR to know the current User with his current Context!
I agree i must be doing something wrong! :) I wanted to use the IAuthenticationManager from the HttpContext.GetOwinContext().Authentication
I use Module-Zero from an old version updated to the newest one. I started with the Module-Zero sample in the past :)
Thx to point me out the AbpUserManager that containt the method LoginAsync!
Does it make my OWIN Context still Authentified by this method ?
Yea i use Module-Zero and never had this problem till today where i updated from low version to latest!
I never used the Multi-Tenancy part. Mostly because i'm not even sure to understand what's it is for? Multi-Compagny on 1 web-site?
So i put the Config in the pre-ini and in my seeder i put the context.DisableAllFilter() for the seeding part. I will test it tomorrow!
i did too many modification to try to make it back running.
And to answer, i'm trying to put my default Admin in my seed and there was nothing that was working because it was telling me the error!
i just found this!
It force all page to use HTTPS so it's not about ABP, may be there is other way to do it but here is what i've found finally!!
we need to add this to <system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Thanks a lot!
This is the exact place where we modified your code source :)
half of my angular route doesn't require the user to be logged in. that's why i doesn't want to put the AbpMvcAuthorize over my homecontroller
there is no other alternative?
we did some change in the source code but we cannot update the project easily each patch of ABP... and it may broke if you change something core ....
Connected = Logged In! :)
sorry i'm not native english so i'm trying my best ^^
But i did a brainstorming on what you said about the route if the person is not LoggedIn, i shouldn't add the route to AngularJS.
I found this Post about dynamic route in AngularJS <a class="postlink" href="http://stackoverflow.com/questions/13153121/how-to-defer-routes-definition-in-angular-js">http://stackoverflow.com/questions/1315 ... angular-js</a>
So i will protect my route by this when the person log in, i will add route and if he disconnect i will remove route depending on permission and role.
But still the same question remain if the person session end while he is in a page that required to be logged in, i need the WebApi answer to redirect me to login page with my current URL so i get redirected back where i was before log in.
no
What i'm asking for is :
I want to protect my route to redirect to login page if login or any permission is required and the person is not connected. If the person is connected and doesn't have the permission i need to make the person back to the home page.
so mysite.com/#/client/list is a route that need to be connected to access it, but the person can be offline and try to enter this URL. I need abp to catch the exception of no authorization and redirect to the login. (if person is not connected) or if the person is connected and doesnt have the permission redirect him to the home page or page that i can specifie.
i dont know if you understand a bit more now ?
But i like a lot what you said about route, i will protect the route as you said!
But do you know how to add or remove route depending on connection state?