Hi,
Our tenant will have a entity "Customer". We want to give that customer login capabilties. Perfarably a different login form that the form a regular user logs in.
When that customer log's in he should see a complete custom designed page with all the information relating to that customer. So no navigation bar, of a different navigation bar and so on.
We use ASP.NET CORE and angular setup.
My question is. How do we best tackle this problem? Do we create a property "User" on that Customer entity with a predefined role so we can restrict their access? Or..?
I've you need any more information let me know. Thx Jonas.
5 Answer(s)
-
0
Oh and ofcource i want that any user of a customer who is logged in can't call any service with the attribute [AbpAuthorize] . They only should be able to call services with a customer attribute(and no attribute). Something like [AbpCustomerAuthorize].
-
0
Regarding the AbpAuthorize. It feels like i'll have to override Abp.Authorization.AuthorizationHelper.
Is that correct?
-
0
<cite>TravelSoft: </cite> Regarding the AbpAuthorize. It feels like i'll have to override Abp.Authorization.AuthorizationHelper.
Is that correct?
you can add a new property to the AbpAuthorize attribute and check that property in AuthorizationHelper.
But there's another way; Add a new permission like "Backoffice.User" and put this permission to all methods excluding the ones that a customer shouldn't enter. For example put it to the UserApplicationService so that the customers cannot access user methods. And hide the menu according to this permission. You create a new role called customer and put this permission to all your roles except the customer role. The disadvantage of this way is you have to put this in most of your methods.
Another approach can be, not authenticating customers via ABP. So you create your own login page and member page. This will be a more time consuming thing.
Last approach; you leave AspNet Zero as is. And you create a new AspNet Core website from scratch that connects to the same database. So you can do all your custom stuff comfortably.
-
0
Okay, i am thinking your second option is the best as AuthorizationHelper is not virtual.
So if i get this right. I have to "change" all the services that a custeromeruser shouldn't be able to enter from [AbpAuthorize] to [AbpAutohorize("Backoffice.User")]
-
0
@TravelSoft yes, you need to change [AbpAuthorize] to [AbpAutohorize("Backoffice.User")] for all the services that a custeromeruser shouldn't be able to enter according to @alper's suggestion.
