Open Closed

[Authorize] not working properly after implementing AbpRefreshEditionIdFilter class #3435


User avatar
0
christophe.baille created
  • ABP Framework version: v5.2.2
  • UI type:Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

I need to change permission on some classes/methods to simple [Authorize], which means that the user need to be login only.

However, it doesn't work on my solution. The page show this error load on bottom

and have this errors on the log file:

2022-07-15 14:20:02.757 +02:00 [INF] Authorization failed. These requirements were not met: DenyAnonymousAuthorizationRequirement: Requires an authenticated user. 2022-07-15 14:20:02.842 +02:00 [WRN] Unhandled exception rendering component: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.

2022-07-15 14:20:02.842 +02:00 [ERR] Unhandled exception in circuit 'qZKqOCZWoaXjbht_1Vh0-0hjcjLK2a3oEPL04FrfALM'. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)

After some tests, I saw that the issue is caused by the class **AbpRefreshEditionIdFilter ** previously implemented regarding another issue:

https://support.abp.io/QA/Questions/2698/Features-availability-based-on-editions-not-working-well

It seems the **InvokeMethodAsync ** fromt the class **AbpRefreshEditionIdFilter ** produce the error "Unhandled exception in circuit", but I am not completely sure. I run into debug and can not find out what is wrong.

Thanks for your support


3 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team

    Hi,

    Can you share a project that can reproduce the problem with me? shiwei.liang@volosoft.com I will check it out. thanks.

  • User Avatar
    0
    liangshiwei created
    Support Team

    Hi,

    Yes, AbpRefreshEditionIdFilter was a problem, you can use the following code:

    public class AbpRefreshEditionIdFilter : IHubFilter
    {
    
        public virtual async ValueTask<object> InvokeMethodAsync(HubInvocationContext invocationContext,
            Func<HubInvocationContext, ValueTask<object>> next)
    
        {
            var currentTenant = invocationContext.ServiceProvider.GetRequiredService<ICurrentTenant>();
            var currentUser = invocationContext.ServiceProvider.GetRequiredService<ICurrentUser>();
    
            if (!currentUser.IsAuthenticated || !currentUser.TenantId.HasValue)
            {
                return await next(invocationContext);
            }
    
            var tenantStore = invocationContext.ServiceProvider.GetRequiredService<ITenantRepository>();
            var currentPrincipalAccessor = invocationContext.ServiceProvider.GetRequiredService<ICurrentPrincipalAccessor>();
            var tenant = await tenantStore.FindAsync(currentTenant.GetId());
    
            var claimsIdentity = currentPrincipalAccessor.Principal.Identities.First();
            
            var editionId = tenant.GetActiveEditionId();
            if (editionId != null)
            {
                claimsIdentity.AddOrReplace(new Claim(AbpClaimTypes.EditionId, editionId.Value.ToString()));
            }
            else
            {
                foreach (var x in claimsIdentity.FindAll(AbpClaimTypes.EditionId).ToList())
                {
                    claimsIdentity.RemoveClaim(x);
                }
            }
    
            using (currentPrincipalAccessor.Change(claimsIdentity))
            {
                return await next(invocationContext);
            }
    
        }
    }
    
  • User Avatar
    0
    christophe.baille created

    All is working well now, thanks :)

Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54