Closed geekz-reno closed 2 years ago
As per the design, only the Root Admin of the application has access to create new tenants. This comes as a part of Tenant Management. I believe this will be a secure way to manage tenants in enterprise applications.
Hi @iammukeshm very clear, thank you for your great effort.
Hi @iammukeshm just tested again, on IdentityController
,
ForgotPasswordAsync
https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/777d74feb5271b8d09e9d5f61739cd7a74cfc31b/src/Bootstrapper/Controllers/Identity/IdentityController.cs#L51
and other that have [AllowAnonymous]
attribute all was not accessible without performing get-token first. Are this expected?
@geekz-reno
You need to add the tenant header to request. I have updated the postman collection. Please fetch the latest code and try.
Confirm, many thanks @iammukeshm
Describe the bug Its possible to create tenant without doing any authentication?
To Reproduce Steps to reproduce the behavior: Change
[MustHavePermission(RootPermissions.Tenants.Create)]
to[AllowAnonymous]
on TenantController -> CreateAsync, still return unauthorizedExpected behavior Create tenant without perform any authentication