My goal is to be able to call the methods of the application services marked with AbpAuthorize without being logged in by passing an api key in the header.
I've overwritten the default authorization helper to identify the user the api key instead of the JWT token. I can retrieve the user, Now I just need to set the user and tenant to the session.
public override async Task AuthorizeAsync(IEnumerable<IAbpAuthorizeAttribute> authorizeAttributes)
{
//API CALL
if (_httpContextAccessor.HttpContext.Request.Headers["x-api-key"].Count==1)
{
var key = _httpContextAccessor.HttpContext.Request.Headers["x-api-key"].First();
User user;
using (var uow = _unitOfWorkManager.Begin())
{
using (_unitOfWorkManager.Current.DisableFilter(new string[] { AbpDataFilters.MustHaveTenant, AbpDataFilters.MayHaveTenant }))
{
user = await _apiAuthorizationManager.UserFromApiKey(key);
}
if (user == null)
{
await base.AuthorizeAsync(authorizeAttributes);
}
else
{
if (AbpSession.UserId.HasValue && AbpSession.TenantId.HasValue && user.TenantId == AbpSession.TenantId.Value && user.Id == AbpSession.UserId.Value)
{
//Nothing to do
}
else
{
await _signInManager.SignInAsync(user, false);
}
}
uow.Complete();
}
}
else
{
await base.AuthorizeAsync(authorizeAttributes);
}
}
}
But I'm getting the following error when calling the signinmanager
"Cannot access a disposed object.Object name: 'UserManagerProxy'."
Some help with the error? Am I taking the right approach?
Might it have to do with the unit of work? Thanks
I expect to be able to call the service methods from a 3rd party without the need of deploy a new set of sertices just for the API
