Activities of "shijo"

Hi, Nothing is working out.

See I want to switch users based on token claim data emailid, before calling the APIs, I think now that's user switching is not happening, and thats why API authorization is failing.

When I am calling API, lifecycle is somethings like this

  1. https://localhost:44316/api/app/authors >>>
  2. AuthorsAppService constructor
  3. AuthorController constructor
  4. Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input) in AuthorController
  5. TokenValidated(TokenValidatedContext context) in JWTToken validator
    • Inside here I am trying to switch user but not working
  6. Response 401 UnAuthorized ** service (AuthorsAppService) layer method not calling at all

TestApp.HttpApi.Host

All APIs are in TestApp.HttpApi.Host, how to access API by external user? Strange thing is when I placed [Authorize(AuthenticationSchemes = "Bearer,jwt2")] in controller attribute api returning data and same thing when I placed in Service not working

hi

I downloaded the code. Any steps?

You can see there, I used 2 JWTbearer, One is Internal, and the other is external,

  1. You have to create an external sso
  2. Create User in external SSO, email exp:** test@test.com**
  3. In the shared project create a new tenant and create a user for that tenant with same email id ** test@test.com**
  4. Create a sample API like getAuthors retrun some data
  5. Create a Client App and Authenticate user with that external SSO
  6. After getting the token Call getAuthor API with that token ( tenant you can hardcoded)
  7. Return author data For me this is giving UnAuthorised exception because of user not loggin in

hi

Can you share a simple project to reproduce the above exception?

liming.ma@volosoft.com

Hi,

I have shared sample code here, can you check

hi

I guess on the JwtBearerEvents method the authentication has not finished.

You can call the app service after app.UseAuthentication

I am looking to impersonate a user after token validation, I did this but user unauthorised exception coming, After fetching the user I want to sign in with that user in order to access APIs, where should I exactly place the code to impersonate user after validation?

public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                var checkUser = await UserManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    checkUser = new Volo.Abp.Identity.IdentityUser(Guid.NewGuid(), this.UserEmail, this.UserEmail, _currentTenant.Id);

                    var result = await UserManager.CreateAsync(checkUser);

                    // Assign Roles
                    if (result != null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
                else
                {
                    var newPrincipal = new ClaimsPrincipal(
                                        new ClaimsIdentity(
                                            new Claim[]
                                            {
                                                    new Claim(AbpClaimTypes.UserId, checkUser.Id.ToString()),
                                                    new Claim(AbpClaimTypes.TenantId, checkUser.TenantId.ToString()),
                                                    new Claim(AbpClaimTypes.UserName, checkUser.Email),
                                                    new Claim(AbpClaimTypes.Role, "admin")
                                            }
                                        )
                                     );
                    _currentPrincipalAccessor.Change(newPrincipal);
                }
            }
            catch (Exception)
            {
                throw;
            }
        }

Hi, I found a way to execute code after token validation. Added a JWTBearerEvent. How can I access users' data in TokenValidated, I tried to access using IdentityUserAppService but throwing the exception ABP Unauthorized in await userManager.FindByEmailAsync(this.UserEmail);

options.EventsType = typeof(UserValidation);

public class UserValidation : JwtBearerEvents
    {
        private string UserEmail { get; set; }
        private string UserName { get; set; }
        public UserValidation()
        {
            
        }
        public override async Task TokenValidated(TokenValidatedContext context)
        {
            try
            {
                var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserAppService>();

                ClaimsPrincipal userPrincipal = context.Principal;

                if (userPrincipal.HasClaim(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"))
                {
                    this.UserEmail = userPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
                }
                
                var checkUser = await userManager.FindByEmailAsync(this.UserEmail);
                if (checkUser == null)
                {
                    var newUser = new IdentityUserCreateDto
                    {
                        Email = this.UserEmail,
                        UserName = this.UserEmail,
                    };

                    var result = await userManager.CreateAsync(newUser);

                    // Assign Roles
                    if (result!=null)
                    {
                        return;
                    }
                    else
                    {
                        throw new Exception("User Not added");
                    }
                }
            }
            catch (Exception)
            {
                throw;
            }
        }
    }

Hi, this is basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after token validation?

hi

Can you share a simple project? liming.ma@volosoft.com

I will download and check it.

Ok I will create and sample project and share. One more question regarding the user mapping, How can I map user which is authenticated by external sso and our admin api, we have to match the users with email and set currentuser for permission management.

hi

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0#use-multiple-authentication-schemes

I mapped the schemes globally, working fine when I placed [Authorize] attribute in controller. But in ABP we don't have any [Authorize] attribute, it is in ApplicationService. If I remove [Authorize] attribute from controller and keeping [Authorize] attribute in ApplicationService class, it's giving me unauthorized.

[RemoteService(IsEnabled = false)]
[Authorize]
public class AuthorsAppService : ApplicationService, IAuthorsAppService{
    ctor...
    
    public virtual async Task<PagedResultDto<AuthorDto>> GetListAsync(GetAuthorsInput input)
    {}
}

[RemoteService]
public class AuthorController : AbpController, IAuthorsAppService{

}

hi

You can call this code on controllers or Authorize with a specific scheme in ASP.NET Core

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0

Hi, I added [Authorize(AuthenticationSchemes = "Bearer,jwt2")] attribute in the controller it's working fine. How can I apply both schemes by default in all controllers?

Showing 21 to 30 of 78 entries
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on July 03, 2025, 08:38