search

mo-esmp / DynamicRoleBasedAuthorizationNETCore

Dynamic Role-Based Access Control for ASP.NET Core MVC and Web API
GNU General Public License v3.0
451 stars 94 forks source link

An unhandled exception occurred while processing the request #32

Open kuldeep17910 opened 2 years ago

kuldeep17910 commented 2 years ago

Hi @mo-esmp Thanks for this excellent repository. Some initial small problems I faced are :

I am using .Net Core 6.0

  1. After successful login you can log out (error - Access denied You do not have access to this resource) because you do not have any default access and to give access you have to manually disable the restrictions (as comments [Authorize] in controllers & all required secure-content asp-area="" asp-controller="Role" asp-action="Index" in _Layout.cshtml).

  2. I found that when creating role without any access it is throwing the following errors and same error when we edit the role and try to give the access from access list ArgumentNullException: Value cannot be null. (Parameter 'value') Newtonsoft.Json.Utilities.ValidationUtils.ArgumentNotNull(object value, string parameterName) Newtonsoft.Json.JsonConvert.DeserializeObject(string value, Type type, JsonSerializerSettings settings) Newtonsoft.Json.JsonConvert.DeserializeObject(string value, JsonSerializerSettings settings) Newtonsoft.Json.JsonConvert.DeserializeObject(string value) eis4.Controllers.RoleController.Edit(string id) in RoleController.cs

        ViewData["Controllers"] = _mvcControllerDiscovery.GetControllers();
    var role = await _roleManager.FindByIdAsync(id);
    if (role == null)
        return NotFound();
    var viewModel = new RoleViewModel
    {
        Name = role.Name,
        SelectedControllers = JsonConvert.DeserializeObject<IEnumerable<MvcControllerInfo>>(role.Access)
    };
    return View(viewModel);

    lambda_method364(Closure , object )

mo-esmp commented 2 years ago

Hey @kuldeep17910,

Thanks for reporting. I will check the second one but didn't get you for the first one. On logout you get Access denied You do not have access to this resource error? The default behavior for a Controller/Action that does not have [Authorize] attribute, the library does not check the access.

kuldeep17910 commented 2 years ago

@mo-esmp Thanks for the support, I think I have not explained the first one in correct way.

Let me try again

Part A

  1. When you launch the app first time and register the first user, the user does not have any default access because no data seeding is there. 1.1 But to Logout from the system the user need Logout permission(Account Management) 1.2 Now if you want to give the Logout permission to user you have to remove all restriction like 1.2.1 - comments [Authorize] in controller 1.2.2 comments secure-content asp-area="" asp-controller="Role" asp-action="Index" in _Layout.cshtml

Part B

  1. Even you create another user and do not given any access he can not logout. I am thinking that Logout functionality should be default functionality to all users, no need to assign manually.

Thanks

mo-esmp commented 2 years ago

@kuldeep17910 Good catch! I need to think about that how to give the access to logout action without checking the access and the problem is everyone can name and implement logout in a different way. A workaround for now is removing [Authorize] from logout action.

kuldeep17910 commented 2 years ago

@mo-esmp Great! Thanks for the support. This is really good repository, keep adding to this ...

Role Deletion I have noticed that when trying to delete the role only alert (Are you sure want delete this role ?) is coming and role is not getting deleted when clicking on ok.