-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should trigger AbpHandledException for auth exceptions. #1390
Comments
Hi, This is done in the framework, not in the startup template. This is the filter does authorization: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeFilter.cs It uses some other classes, and finally the exception is thrown here: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp/Authorization/PermissionCheckerExtensions.cs#L276 |
Actually, I have tried to handle the 403 exception by using
but it didn't work, even exception could't enter the |
Hi, Exception filters can not handle authorization errors (this is by design of ASP.NET MVC. You can probably find info in it's own documentation). And also auth filters can not throw exceptions. This is why we handled it and didn't throwed here: https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeFilter.cs#L40 But, it seems we skipped triggering AbpHandledException event for auth exceptions. We will do it in a short time. |
…ned Error Code for AJAX requests. Resolved aspnetboilerplate#1390: Should trigger AbpHandledException for auth exceptions.
when I created a new user named 'cargo', he was not assigned any permissions(I just try to tested). Then I use the
[AbpMvcAuthorize(PermissionNames.Pages_Users)]
attribute with the HomeController, it was obvious that cargo's login to the /home/index would be denied,So… how can I handle the 403 exception in abp.zero, I think
HandleErrorAttribute
would work, but I found the MyCompanyName.Template.Project didn's write any code to deal with the situation that when the users' permissions was denied byAttribute
, but it worked well, or I just didn's found?Some code & exception
exception:
'HTTP Error 403.0 - Required permissions are not granted. At least one of these permissions must be granted: Pages.Users'
code:
The text was updated successfully, but these errors were encountered: