Activities of "Navneet@aol.com.au"
Hi gterdem and Nico,
Thank you both for giving me extensive help; it took me a little while to digest.
@gtendem: I agree with you that Authorization in Web API is not straight and after discussing with the client, we have decided that the client with handle Authorization by themself, I will be helping them only with Authentication. So, your above steps work perfectly to Authenticate.
@Nico: your suggestion to create an entity to assign User/Role to ~~Application or~~ Scope is perfect, as it supports the below scenario.
Is Controller right place to check if user/role has assigned scope?
Regards,
Hi gterdem,
Thanks for your response, after reading and researching your "You can not pre-authenticate" I now completely agree with you and apologise for this confusion.
Let me give you a little more info about what I am trying to achieve, I am working on a project for a client that has two WebApi for Stock Management and Currency Management designed in asp.net core (I cannot change and it is out of ABP Solution), so I have:
- I have created two Applications via UI CREATE APPLICATION
- I have created two Scopes via UI CREATE SCOPE
Everything is working fine, but I don't know how can I assign permission to users or roles to above-created application or scope so that not all users can access.
Can you please suggest which AppService or Domain Manager I can investigate or customize so that my clients can assign users/roles to scope/applications?
Regards, Bunty
Hello team,
Any update on my request please
Thx Navneet
Bug Report: IdentityClaimType Version: 7.4.1 App: MVC Application How to reproduce Bug:-
- Create a new ClaimType
- Assign ClaimType to Users and Roles
- Bug1: When you delete previously created and assigned ClaimTypes, it doesn't give any error that this claim is in use in User & Role.
- Bug 2: Deleting Claim Types, delete from AbpClaimTypes but it doesn't delete from AbpRoleClaims and AbpUserClaims.
- Bug 3: AbpRoleClaims and AbpUserClaims can only be deleted by deleting them from the backend DatabaseServer, not from UI
. . . Is there any quickfix I can use in my production server?
Hi gterdem,
Many thx for replying on behalf of Anjali, I will try your suggestions, however, I am still not sure how to pre-authenticated only selected users, if you look at the screenshot earlier, I want to control users' access to the application and in generating token via https://localhost:44359/connect/token
Regards, Navneet
Hi Anjali,
Hope you are doing well Any update on this
Thx, Navneet
Hi Anjali,
Just checking if there is any suggestion or help
Regards Navneet
Hi Anjali, any update?
Thx, Navneet
Hi Anjali,
Any update?
Thx, Navneet
Hi Anjali,
It's not working with MVC, please see the attached screenshot
. . . By default, all users have access to all applications in the screenshot below, I want to restrict the access to applications and don't want them to get tokens as well when they use Postman https://localhost:44359/connect/token, how can I restrict the access by USER or ROLE management
Many thx, Navneet