Aktivity „shijo“

• ABP Framework version: v7.2.0
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Auth Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

I am getting this exception in production, even I disabled the health check in configuration

hi

You can add your code to:

app.Use(async (ctx, next) => 
{ 
    if (ctx.User.Identity?.IsAuthenticated != true) 
    { 
        var result = await ctx.AuthenticateAsync("jwt2"); 
        if (result.Succeeded && result.Principal != null) 
        { 
            // add your logic 
            ctx.User = result.Principal; 
            // add your logic 
 
        } 
    } 
 
    await next(); 
}); 
         

Production environment _currentTenant is null inside TokenValidated method, locally I am getting the value what could be the reason?

hi

You can keep testing it and give feedback here.

Working fine, I mapped the role in admin to give permission to access the APIs.

One more question, Is that a good approach to check user availability from db on the token-validated event?

Hi, Can you update me on this, the task is bit urgent

hi

I can check it remotely. My time zone is utc+8.

I have teamviewer, can you access ?? Let me know your convenient time, I am available any time.

Hi, Nothing is working out.

See I want to switch users based on token claim data emailid, before calling the APIs, I think now that's user switching is not happening, and thats why API authorization is failing.

When I am calling API, lifecycle is somethings like this

1. https://localhost:44316/api/app/authors >>>
2. AuthorsAppService constructor
3. AuthorController constructor
4. Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input) in AuthorController
5. TokenValidated(TokenValidatedContext context) in JWTToken validator
   • Inside here I am trying to switch user but not working
6. Response 401 UnAuthorized ** service (AuthorsAppService) layer method not calling at all

TestApp.HttpApi.Host

All APIs are in TestApp.HttpApi.Host, how to access API by external user? Strange thing is when I placed [Authorize(AuthenticationSchemes = "Bearer,jwt2")] in controller attribute api returning data and same thing when I placed in Service not working

hi

I downloaded the code. Any steps?

You can see there, I used 2 JWTbearer, One is Internal, and the other is external,

1. You have to create an external sso
2. Create User in external SSO, email exp:** test@test.com**
3. In the shared project create a new tenant and create a user for that tenant with same email id ** test@test.com**
4. Create a sample API like getAuthors retrun some data
5. Create a Client App and Authenticate user with that external SSO
6. After getting the token Call getAuthor API with that token ( tenant you can hardcoded)
7. Return author data For me this is giving UnAuthorised exception because of user not loggin in

hi

Can you share a simple project to reproduce the above exception?

liming.ma@volosoft.com

Hi,

I have shared sample code here, can you check

hi

I guess on the JwtBearerEvents method the authentication has not finished.

You can call the app service after app.UseAuthentication

I am looking to impersonate a user after token validation, I did this but user unauthorised exception coming, After fetching the user I want to sign in with that user in order to access APIs, where should I exactly place the code to impersonate user after validation?

public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                var checkUser = await UserManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    checkUser = new Volo.Abp.Identity.IdentityUser(Guid.NewGuid(), this.UserEmail, this.UserEmail, _currentTenant.Id);

                    var result = await UserManager.CreateAsync(checkUser);

                    // Assign Roles
                    if (result != null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
                else
                {
                    var newPrincipal = new ClaimsPrincipal(
                                        new ClaimsIdentity(
                                            new Claim[]
                                            {
                                                    new Claim(AbpClaimTypes.UserId, checkUser.Id.ToString()),
                                                    new Claim(AbpClaimTypes.TenantId, checkUser.TenantId.ToString()),
                                                    new Claim(AbpClaimTypes.UserName, checkUser.Email),
                                                    new Claim(AbpClaimTypes.Role, "admin")
                                            }
                                        )
                                     );
                    _currentPrincipalAccessor.Change(newPrincipal);
                }
            }
            catch (Exception)
            {
                throw;
            }
        }