Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AbpProfileService.IsActiveAsync doesn't check if the user is Active

See original GitHub issue

I’ve only just started using this boiler templates and its been good for a lot of things but I’m unsure of the issue with implementation of this code in the AbpProfileService

[UnitOfWork] public override async Task IsActiveAsync(IsActiveContext context) { var tenantId = context.Subject.Identity.GetTenantId(); using (_unitOfWorkManager.Current.SetTenantId(tenantId)) { await base.IsActiveAsync(context); } }

It doesn’t check if the user is active or not and hence my Identitysever4 integration always validates the user.

I thought referencing the class would automatically do the job or I’m I meant to use it as an example to implement my own logic. Apologies for my ignorance on the usage of some of this modules.

Here is the code where I have used the AbpProfileService class

services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources()) .AddInMemoryApiResources(IdentityServerConfig.GetApiResources()) .AddInMemoryClients(IdentityServerConfig.GetClients(configuration)) .AddAbpPersistedGrants<IAbpPersistedGrantDbContext>() .AddAbpIdentityServer<User>() .AddProfileService<AbpProfileService<User>>();

Please could someone explain the best approach to use the AbpProfileService such that it can check the user is inactive or Active? This is meant for IdentityServer4 intergration

Thanks

Issue Analytics

State:
Created 5 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

Mardoxxcommented, Aug 18, 2018

Awesome!

Please, however, see Brock’s response in my PR https://github.com/IdentityServer/IdentityServer4.AspNetIdentity/pull/59#issuecomment-414067474

On Sat, 18 Aug 2018, 16:53 Estar1, notifications@github.com wrote:

@Mardoxx https://github.com/Mardoxx I think you are might be right. It’s embarassing I’ve never tried this since over a decade of dev! lol

So to basically inherit from this class and override the already ovverriden method

https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.ZeroCore.IdentityServer4/IdentityServer4/AbpProfileService.cs http://url

Overriding the override of the base class (I like it). I will give it a go…thanks!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aspnetboilerplate/aspnetboilerplate/issues/3762#issuecomment-414067769, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOoMU0gtdG6cqypFL6UH1HyMAWl3qI4ks5uSDhrgaJpZM4WCUIA .

1reaction

Mardoxxcommented, Aug 18, 2018

It should do. Impl is here https://github.com/IdentityServer/IdentityServer4.AspNetIdentity/blob/dev/src/ProfileService.cs

If you want to check if the user is locked out before issuing a token then change the logic here.

I’m unsure if it should. I’ll have to have a think about it. Does it make sense to restrict a locked out user from receiving tokens? Or does it make sense to issue a token from the STS since they are authenticated, then throw unauthorised if the user is inactive when trying to access protected resource.