I have a class that isn't an ApplicationService but still needs to use one of my repositories. I can't have a constructor so I figured to use manual resolving.
public class Q : ISingletonDependency
{
public IThingRepository thingRepository { get; set; }
public Q()
{
this.thingRepository = IocManager.Instance.Resolve<IThingRepository>();
}
[UnitOfWork]
public List<Thing> GetDbThings(List<Thing> claims, long uid)
{
// look up more things in the database
var thingQ = from t in thingRepository.GetAll()
where t.UserID == uid
select new UOR { ...properties... };
foreach (var t in thingQ)
{
// do things with t
}
return newlistofthings;
}
}
The problem is that when I use thingRepository, I get the following exception:
The operation cannot be completed because the DbContext has been disposed
There must be something simple I'm missing?
In my company, all on premises web servers are behind a web-based authenticator (web single sign on). Once signed on, my request header comes with my employee id. e.g. var userid = HttpContext.Current.Request.Headers['employeeid']. If the header exists and is not blank, that means authentication is successful.
How do I inform AbpZero that authentication is complete and to find my userid in the headers, and also thereby to not display the login page?
<cite>ismcagdas: </cite> Hi,
You can create a custom AuthorizeFilter for MVC or WebAPI and check the request here in that. Please see this issue <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/1256">https://github.com/aspnetboilerplate/as ... ssues/1256</a>
I think I followed the instructions but the Log In page still displays. This is what I did:
I implemented a class called MyAuthorizeFilter and derived it from AbpMvcAuthorizeFilter. Then I overrode OnAuthorization to create the ClaimsPrincipal and attach it to the HttpContext.User.
public override void OnAuthorization(AuthorizationContext filterContext)
{
var empid = filterContext.HttpContext.Request.Headers["employeeid"];
if (empid == null) empid = "123456"; // for local testing
ClaimsPrincipal currentPrincipal = new ClaimsPrincipal(
new ClaimsIdentity(
new List<Claim>
{
new Claim(ClaimTypes.NameIdentifier, empid),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", empid)
}, "wsso"
)
);
Thread.CurrentPrincipal = currentPrincipal;
filterContext.HttpContext.User = currentPrincipal;
base.OnAuthorization(filterContext);
}
Then I added my class to the GlobalFilters by overriding the PostInitialize of MyProjectWebModule, per instructions.
public override void PostInitialize()
{
GlobalFilters.Filters.Remove(GlobalFilters.Filters.Single(f => f.Instance is AbpMvcAuthorizeFilter));
GlobalFilters.Filters.Add(IocManager.Resolve<MyAuthorizeFilter>());
base.PostInitialize();
}
In the debugger, I see all the code get executed. Why isn't this enough to prevent the Log in page from appearing?
Oh yes, I do have the same employeeid in the Abp Users. The user properties User name: 123456 Full name: pnw Email address: <a href="mailto:[email protected]">[email protected]</a> IsActive: Yes Password: "1"
Then, when I try to log in, using Log in page and 123456/1 an error dialog appears "Empty or invalid anti forgery header token". What's that??
It is still a mystery.
I don't know how to get AbpZero to realize that I'm already authenticated and look for my employee id in the Headers (every single web server in my intranet is behind WSSO so it is not possible to be unauthenticated prior to AbpZero taking over.)
var empid = filterContext.HttpContext.Request.Headers["employeeid"];
Then, how to bypass the Login page and tie my empid to whatever necessary records in the Abp tables. (e.g. Does my empid need to be in AbpUsers? If so, does it go in UserName field? What about the password field, which is superfluous in my case.)
Since I don't need AbpZero for Authentication, it still would be nice to take advantage Authorization features. But maybe that too much to hope for.
By userIddo you mean the PK of AbpUsers (ID)? Before I change the schema, I tried to test it first. I created a new user by logging in as Admin and going to the Users tab of the UI.
I then looked in AbpUsers and see that this new user has ID = 3.
I tried "3" in
new Claim(ClaimTypes.NameIdentifier, "3")
but the Login page still displays and while the MyMvcAuthorizeFilter is in place, I cannot login with Admin or the new account via the Login page. It throws "Empty or invalid anti forgery header token".
I've tried three claims
new Claim(ClaimTypes.Name, "3"),
new Claim(ClaimTypes.NameIdentifier, "3"),
new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "3")
I hope I interpreted your suggestion correctly!
I added [DisableAbpAntiForgeryTokenValidation] to the abstract base class
[DisableAbpAntiForgeryTokenValidation]
public abstract class MyControllerBase : AbpController
Without doing anything else, I verify that the usual login page comes up and I can still log in as admin/123qwe
Now I uncomment the PostInitialize() filters to remove and add filters. The definition of MyMvcAuthorizeFilter is still the same as shown above.
public override void PostInitialize()
{
GlobalFilters.Filters.Remove(GlobalFilters.Filters.Single(f => f.Instance is AbpMvcAuthorizeFilter));
GlobalFilters.Filters.Add(IocManager.Resolve<MyMvcAuthorizeFilter>());
base.PostInitialize();
}
Now when I run, the login page still comes up and I can log in as admin\123qwe. The home page starts to render, but an Abp error dialog "An error has occurred!" pops up. Then I notice that the upper right user badge shows {{vm.getShownUserName()}} instead of '.\admin' and view isn't getting rendered.
This is really frustrating. All I want to do is programmatically log in so that the Log in page doesn't appear. Should I just rip AbpZero out of my solution and just do plain old claims based authentication and authorization?
I'm using vanilla Abp and am trying to secure my public AppService methods. The PermissionChecker I defined is getting ignored.
I have a couple of permissions defined
public class MyAuthorizationProvider : AuthorizationProvider
{
public override void SetPermissions(IPermissionDefinitionContext context)
{
context.CreatePermission("CurrentState");
context.CreatePermission("UpdateState");
}
}
In PreInitialize() of my AppService module, I add it to the configuration
Configuration.Authorization.Providers.Add<MyAuthorizationProvider>();
I implemented IPermissionChecker
public class PermissionsChecker : IPermissionChecker, ITransientDependency
{
public Task<bool> IsGrantedAsync(string permissionName)
{
return CheckAccess(permissionName);
}
public Task<bool> IsGrantedAsync(UserIdentifier user, string permissionName)
{
return CheckAccess(permissionName);
}
}
and put AbpAuthorize attribute on an AppService method
[AbpAuthorize("CurrentState")]
public CurrentState GetCurrentState(int Id)
{
// do stuff
}
Neither IsGrantedAsync methods get called. The method just executes. (AbpSession.UserId is correctly set via the NameIdentifier claim.) I've looked over the guide <a class="postlink" href="http://aspnetboilerplate.com/Pages/Documents/Authorization">http://aspnetboilerplate.com/Pages/Docu ... horization</a> but can't see what I'm missing.
<cite>hikalkan: </cite> I assume that you are using ABP v1.0.
Can you try to add this into your module's PreInitialize:
Configuration.ReplaceService<IPermissionChecker, PermissionsChecker>(DependencyLifeStyle..Transient);
Be sure that the PermissionsChecker is your class (since abp.zero has same class name). To be sure, rename your class to CustomPermissionsChecker or something you more like.
I am using ABP 1.0. I renamed my checker to MyPermissionChecker.
When I try to add that line of code to my MyApplicationModule.PreInitialize()
using Abp.Authorization;
using Abp.Dependency;
...
Configuration.ReplaceService<IPermissionChecker, MyPermissionsChecker>(DependencyLifeStyle.Transient);
Visual Studio says "<span style="color:#FF0040">CS0308: This non-generic method 'IAbpStartupConfiguration.ReplaceService(Type,Action)' cannot be used with type arguments</span>."
According to [https://www.codeproject.com/tips/826753/removing-sharp-from-url-in-angularjs]), we can get rid of the # from our routes.
I need this to happen because my corporate authentication system removes everything after a # so the call back to my site can't deep link.
The tip on codeproject doesn't seem to work with Abp. I'm using Abp 1.0.0.0. What is your way to make this happen?
What I ended up doing is to add a new ASPNET controller (I just added it to the existing HomeController) that takes a non # url and rewrites it and then calls the Angular url.
For example, in Angular I have routes that look like #/page1/10 #/page2/3 etc
My new ASPNET controller can take routes that look like /home/page/1/10 /home/page/2/3
Those routes call this controller
public ActionResult page()
{
return Redirect(Request.Url.OriginalString.Replace("home", "#").Replace("page/", "page"));
}
It does the trick because I have only a specialized need for non-# urls in embedded email links. Users don't have to know or use these urls directly. And I don't have to have a raft of custom ASPNET controllers to make it happen since my Angular view names follow a strict pattern.
Note: I also added the non-# route structure to RouteConfig.cs