How to use AbpAuthorize or AbpAllowAnonymous attributes? What's the default behaviour for these controllers? Could not find in docs.
Asked
Active
Viewed 895 times
2 Answers
0
AbpAuthorize is just used to check for permissions. This for example:
[AbpAuthorize("Administration.UserManagement.CreateUser")]
public void CreateUser(CreateUserInput input)
{
//A user can not execute this method if he is not granted for "Administration.UserManagement.CreateUser" permission.
}
Checks if he has the Administration.UserManagement.CreateUserpermission. Before allowing the user to execute the method.
AbpAuthorize, if left without parameters just checks if the user is logged in.
[AbpAuthorize]
public void SomeMethod(SomeMethodInput input)
{
//A user can not execute this method if he did not login.
}
This for example, will check if the user is logged in before he can execute the method.
Try reading here for more detailed stuff:
https://aspnetboilerplate.com/Pages/Documents/Authorization#DocCheckPermission
It will explain it better than me.
WilsonPena
- 1,451
- 2
- 18
- 37
-
I don't think you understand my question. I know the difference between them. I want to know how can I use these attributes in Dynamic Web API Controllers – Cristina Pereira Cunha Dec 01 '17 at 19:28
-
You use them in your AppService. When you create a method in the Application Service you can use these annotations to control permission. Like the examples I showed in my post, these are methods inside the AppService. – WilsonPena Dec 01 '17 at 19:32
-
@CristinaPereiraCunha Does that answer your question? – aaron Dec 02 '17 at 01:08
0
You can add these attributes to your Application Services or Controllers derived from AbpController. Basically it uses interception and checks the current user has the required permission or not. (Hence an authenticated user is needed to check a permission). So first you have to authenticate the user to dive into these permissions.
Alper Ebicoglu
- 8,884
- 1
- 49
- 55