Open Closed

How to block backoffice access to certain roles? #2189


0
sukeshchand created

Hi,

I wanted only certain users/roles can able login to backoffice (https://localhost/Account/Login), but the all user must be able to sign in using api auth, Is there any standard way to achive this in ABP IO?

Thanks. sukesh chand


2 Answer(s)
  • 0
    berkansasmaz created
    Support Team

    I'm trying to understand your use case, will back-office application pages require a specific role but not end-points, aren't they?

    If so, a code like the one below might work for you:

    options.Conventions.AuthorizeFolder("/YourFolderName", MyProjectNamePermissions.Backoffice.Default);
    

    I would like to share a little more information on the subject 😊

    ABP extends ASP.NET Core Authorization by adding permissions as auto policies and allowing the authorization system to be usable in the application services too. Therefore, you can refer to these documents on the subject 👇👇

    1. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/razor-pages-authorization?view=aspnetcore-6.0#require-authorization-to-access-a-folder-of-pages
    2. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-6.0
    3. https://docs.abp.io/en/abp/latest/Authorization
  • 0
    sukeshchand created

    Thanks for the help.

    I found a way to do it. Override/Customize the SiginIn manager and implement the custom logic.

    https://docs.abp.io/en/abp/2.9/How-To/Customize-SignIn-Manager