Aktivity „Mohammad“

Hello

I am trying to add custom claims to the logged in user. The claims are getting added and can be viewed after the user has logged in. However when I try to get the claim value through a microservice it doesn't exists in the CurrentUser.

I have used the below example to provide custom claims.

public class MyClaimsPrincipalContributor: IAbpClaimsPrincipalContributor, ITransientDependency
{
    public async Task ContributeAsync(AbpClaimsPrincipalContributorContext context)
    {
        var currentTenant = context.ServiceProvider.GetRequiredService<ICurrentTenant>();
        if (currentTenant.Id != null)
        {
            var tenantStore = context.ServiceProvider.GetRequiredService<ITenantStore>();
            var tenant = await tenantStore.FindAsync(tenantId.Value);
            var claimsIdentity = new ClaimsIdentity();
            claimsIdentity.AddIfNotContains(new Claim("tenantname", tenant.Name));
            context.ClaimsPrincipal.AddIdentity(claimsIdentity);
        }
    }
}

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

• ABP Framework version: v4.2.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:

How can we use the extended property in LINQ to query the database?

Is the migration code generated automatically from the Efcore configuration or we need to manually write the migration code?

I have been following the above approach but the add-migration creates and empty migration file.

Hi @alper

I am using the microservices solution. we have 2 angular clients. When I signout from the 1st angular client and sign in as a different tenant. the 2nd Angular client remains logged in with the old signed in tenant till the cookies are cleared/deleted manually.

How can we overcome this issue?

Thanks

@hikalkan

Thanks for the Explaination.

How can we disable a permission when the Feature is Disabled. In our application the permissions are dependent on the features.

So if the feature is disabled we don't want the UI to show the Permissions for the Module. How can we acheive this scenario?

Thanks

How to implement the below method?

The docs doesn't provide any example. https://docs.abp.io/en/abp/4.1/Authorization

public override Task<MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context)

public class EntitiesPermissionValueProvider : PermissionValueProvider
    {
        public override string Name => "UE";

        public EntitiesPermissionValueProvider(IPermissionStore permissionStore)
        : base(permissionStore)
        {
        }

        public async override Task<PermissionGrantResult>
           CheckAsync(PermissionValueCheckContext context)
        {
            if (context.Principal?.FindFirst("User_Type")?.Value == "SystemAdmin")
            {
                return PermissionGrantResult.Granted;
            }

            return PermissionGrantResult.Undefined;
        }

        public override Task<MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context)
        {
            throw new NotImplementedException();
        }
    }

ERR] The method or operation is not implemented. System.NotImplementedException: The method or operation is not implemented. at Zenithr.Intelligence.Permissions.EntitiesPermissionValueProvider.CheckAsync(PermissionValuesCheckContext context) in C:\websites\ZENITHR3.0\modules\intelligence\src\Zenithr.Intelligence.Application.Contracts\Permissions\EntitiesPermissionValueProvider.cs:line 32 at Volo.Abp.Authorization.Permissions.PermissionChecker.IsGrantedAsync(ClaimsPrincipal claimsPrincipal, String[] names) at Volo.Abp.Authorization.Permissions.PermissionChecker.IsGrantedAsync(String[] names) at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationAppService.GetAuthConfigAsync() at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationAppService.GetAsync() at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Validation.ValidationInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync() at lambda_method1435(Closure , Object ) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)

at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)`

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

• ABP Framework version: v4.1.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:

Hi @gterdem

I tried the solution from that article it didnt work.

I added options.TokenValidationParameters.ValidateIssuer = false; for all my microservices now it works.

Is it a valid fix and is it applicable for production deployment?

context.Services.AddAuthentication("Bearer")
                .AddJwtBearer(options =>
                {
                    options.Authority = configuration["AuthServer:Authority"];
                    options.Audience = configuration["AuthServer:ApiName"];
                    options.RequireHttpsMetadata = false;
                    options.TokenValidationParameters.ValidateIssuer = false;
                });

So Far I have followed all the suggestions provided above

1. You need to create self-signed certificate and mount it when running the containers. - the Auth Server has a valid certificate.
2. http://YourIdentityServer/.well-known/openid-configuration - I made a CURL call from docker cli and the apis can fetch the openid configuration

This is the error i am getting in the logs

SELECT i."Id", i."ConcurrencyStamp", i."CreationTime", i."CreatorId", i."DeleterId", i."DeletionTime", i."Description", i."DisplayName", i."Emphasize", i."Enabled", i."ExtraProperties", i."IsDeleted", i."LastModificationTime", i."LastModifierId", i."Name", i."Required", i."ShowInDiscoveryDocument"
FROM "IdentityServerIdentityResources" AS i
WHERE @__ef_filter__p_0 OR NOT (i."IsDeleted")
ORDER BY i."Id"

Failed executing DbCommand ("1"ms) [Parameters=["@__ef_filter__p_0='?' (DbType = Boolean)"], CommandType='Text', CommandTimeout='30']"
""SELECT i.\"Id\", i.\"ConcurrencyStamp\", i.\"CreationTime\", i.\"CreatorId\", i.\"DeleterId\", i.\"DeletionTime\", i.\"Description\", i.\"DisplayName\", i.\"Emphasize\", i.\"Enabled\", i.\"ExtraProperties\", i.\"IsDeleted\", i.\"LastModificationTime\", i.\"LastModifierId\", i.\"Name\", i.\"Required\", i.\"ShowInDiscoveryDocument\"
FROM \"IdentityServerIdentityResources\" AS i
WHERE @__ef_filter__p_0 OR NOT (i.\"IsDeleted\")
ORDER BY i.\"Id\""

But the problem of angular application redirecting infinitely after login still persists.

It would be helpful if you can connect remotely and provide assistance.

Thank You

Hello @gterdem

I have followed this document. The dev certs only work for localhost.

The communication between containers is the problem since they use the service name as the url.

If you could share any article or documentation for hosting abp microservices with ssl support in docker containers that would be helpful.

thanks

Hi @maliming

I have installed ssl for the localhost.

The apis are unable to access identity server over https inside the container. Is there a way to install a ssl certificate inside the docker container?