PermissionsChecker not invoked by AbpAuthorize("permission") #1816

pnw created 7 years ago

I'm using vanilla Abp and am trying to secure my public AppService methods. The PermissionChecker I defined is getting ignored.

I have a couple of permissions defined

public class MyAuthorizationProvider : AuthorizationProvider
    {
        public override void SetPermissions(IPermissionDefinitionContext context)
        {
            context.CreatePermission("CurrentState");
            context.CreatePermission("UpdateState");
        }
    }

In PreInitialize() of my AppService module, I add it to the configuration

Configuration.Authorization.Providers.Add<MyAuthorizationProvider>();

I implemented IPermissionChecker

public class PermissionsChecker : IPermissionChecker, ITransientDependency
    {
        public Task<bool> IsGrantedAsync(string permissionName)
        {
            return CheckAccess(permissionName);
        }

        public Task<bool> IsGrantedAsync(UserIdentifier user, string permissionName)
        {
            return CheckAccess(permissionName);
        }
    }

and put AbpAuthorize attribute on an AppService method

[AbpAuthorize("CurrentState")]
        public CurrentState GetCurrentState(int Id)
        {
             // do stuff
        }

Neither IsGrantedAsync methods get called. The method just executes. (AbpSession.UserId is correctly set via the NameIdentifier claim.) I've looked over the guide <a class="postlink" href="http://aspnetboilerplate.com/Pages/Documents/Authorization">http://aspnetboilerplate.com/Pages/Docu ... horization</a> but can't see what I'm missing.

3 Answer(s)

0

hikalkan created 7 years ago
Support Team

I assume that you are using ABP v1.0.

Can you try to add this into your module's PreInitialize:

Configuration.ReplaceService<IPermissionChecker, PermissionsChecker>(DependencyLifeStyle..Transient);

Be sure that the PermissionsChecker is your class (since abp.zero has same class name). To be sure, rename your class to CustomPermissionsChecker or something you more like.
0
pnw created 7 years ago
<cite>hikalkan: </cite> I assume that you are using ABP v1.0.

Can you try to add this into your module's PreInitialize:

Configuration.ReplaceService<IPermissionChecker, PermissionsChecker>(DependencyLifeStyle..Transient);

Be sure that the PermissionsChecker is your class (since abp.zero has same class name). To be sure, rename your class to CustomPermissionsChecker or something you more like.

I am using ABP 1.0. I renamed my checker to MyPermissionChecker.

When I try to add that line of code to my MyApplicationModule.PreInitialize()

using Abp.Authorization; using Abp.Dependency; ... Configuration.ReplaceService<IPermissionChecker, MyPermissionsChecker>(DependencyLifeStyle.Transient);

Visual Studio says "<span style="color:#FF0040">CS0308: This non-generic method 'IAbpStartupConfiguration.ReplaceService(Type,Action)' cannot be used with type arguments</span>."
0
hikalkan created 7 years ago
Support Team
You should use Resharper :)

Add this to top of your code file:

using Abp.Configuration.Startup;

Have an answer to this question? Log in and write your answer.