Sure, I will try to explain:-
My client has 20 users, and 4 Applications created via UI.
He don't want all users to access all 4 Application. He wants to assign users to application so that only allowed users can access.
In Nutshell, my client is looking a relation between Users and Application a N-2-N relationship.
Regards, Navneet
Many thanks liangshiwei,
The code you have suggested doesn't work in my case.
I need to allocated multiple users to the application, that's why I was trying to
application.AddOrUpdateProperty<IdentityUsers>
I need to set permission in a way so that only selected users can access
Regards, Navneet
Can you use a minimum project to reproduce the problem and share it with me? shiwei.liang@volosoft.com I will check it
I have sent you the project by email
Regards, Navneet
Thanks liangshiwei,
I have already considered your method, but the issue is:- my client want to assign users or roles to individual Application. The method you have suggested allow users to access all applications in OpenIddictApplication.
My undressing is if I add a new N-2-N property "AppUser" in OpenIddictApplication, then each application created in OpenIddictApplication, I can select individual user, the trouble is I am getting below error at AddOrUpdateProperty<IdentityUser>
The type or namespace name 'IdentityUser' could not be found (are you missing a using directive or an assembly reference?) [Acme.BookStore.Domain.Shared]
private static void ConfigureExtraProperties()
{
OneTimeRunner.Run(() =>
{
ObjectExtensionManager.Instance.Modules()
.ConfigureOpenIddict(openIddictApplication =>
{
openIddictApplication.ConfigureApplication(application =>
{
application.AddOrUpdateProperty<IdentityUser>( //property type: IdentityUser
"AppUser", //property name
property =>
{
property.UI.Lookup.Url = "/api/identity/users";
property.UI.Lookup.DisplayPropertyName = "userName";
}
);
});
});
});
. . If you believe that above is not the right way, then please suggest how can I achieve it? . . Regards, Navneet
Hi liangshiwei,
So far I manage to build below but there are some issues I am facing:
a) in below is not resolving error: The type or namespace name 'IdentityUser' could not be found (are you missing a using directive or an assembly reference?) [Acme.BookStore.Domain.Shared]
private static void ConfigureExtraProperties()
{
OneTimeRunner.Run(() =>
{
ObjectExtensionManager.Instance.Modules()
.ConfigureOpenIddict(openIddictApplication =>
{
openIddictApplication.ConfigureApplication(application =>
{
application.AddOrUpdateProperty<IdentityUser>( //property type: IdentityUser
"AppUser", //property name
property =>
{
property.UI.Lookup.Url = "/api/identity/users";
property.UI.Lookup.DisplayPropertyName = "userName";
}
);
});
});
});
b) Do you think below code is sufficient to create a dedicated column in database
ObjectExtensionManager.Instance
.MapEfCoreProperty<OpenIddictApplication, IdentityUser>(
"AppUser"
);
c) Most time was taken to read https://docs.abp.io/en/abp/latest/Authorization, but it was worth reading :-). what I understand is Permission like CRUD can be design but that is for Entity level, however I need to define permission for each application created in Volo.Abp.OpenIddict.OpenIddictApplication Individual Application created in OpenIddictApplication
Regards, Navneet
Many thx,
Let me give a try and will come back to you
Hi,
You can use the ASPNET Core standard middleware to do it, it's not related to ABP : https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-7.0
Hi liangshiwei,
Sorry, maybe I wasn't clear, how can i configure Application to allow certain users only
Regards, Navneet
Hi liangshiwei,
That I have done it, but how to intercept in middleware to allow or restrict the access
Regards Navneet
Hi liangshiwei,
Any update on how to achieve on point number 4
Regards, Navneet