抠丁客
租户模拟与用户模拟
用户模拟功能允许您临时以租户内其他用户的身份登录。本文介绍如何在 ABP 中启用模拟功能。在 ABP v5.0 及更高版本中,默认已启用模拟功能。
介绍
在某些情况下,用户需要以另一个用户的身份登录并代表目标用户执行操作,而无需共享目标用户的密码。
如何启用模拟功能?
如果您的 ABP 版本低于 5.0,可以按照以下步骤实现模拟功能。
请记得配置
ImpersonationTenantPermission和ImpersonationUserPermission权限!!!
MVC
public override void ConfigureServices(ServiceConfigurationContext context)
{
var configuration = context.Services.GetConfiguration();
//用于 Saas 模块中的模拟
context.Services.Configure<AbpSaasHostWebOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityWebOptions>(options =>
{
options.EnableUserImpersonation = true;
});
context.Services.Configure<AbpAccountOptions>(options =>
{
//用于 Saas 模块中的模拟
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
//用于 Identity 模块中的模拟
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
}
MVC 分层
认证服务器 (AuthServer)
- 在您的
AuthServerModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和SaasHostApplicationContractsModule - 配置
AbpAccountOptions。
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.Configure<AbpAccountOptions>(options =>
{
//用于 Saas 模块中的模拟
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
//用于 Identity 模块中的模拟
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
}
HttpApi.Host
此处无需进行任何操作。
Web
- 在您的
WebModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation) - 将
AccountController的基类改为AbpAccountImpersonationChallengeAccountController
public class AccountController : AbpAccountImpersonationChallengeAccountController
{
}
- 在
\Components\Toolbar\Impersonation文件夹中添加ImpersonationViewComponent
public class ImpersonationViewComponent : AbpViewComponent
{
public virtual IViewComponentResult Invoke()
{
return View("~/Components/Toolbar/Impersonation/Default.cshtml");
}
}
@using Microsoft.AspNetCore.Mvc.Localization
@using Volo.Abp.Account.Localization
@inject IHtmlLocalizer<AccountResource> L
<form method="post" data-ajaxForm="false" action="~/Account/BackToImpersonator">
@Html.AntiForgeryToken()
<button type="submit" class="btn text-danger" data-bs-toggle="tooltip" data-bs-placement="left" title="@L["BackToImpersonator"]">
<i class="fa fa-undo"></i>
</button>
</form>
- 将
ImpersonationViewComponent添加到ToolbarContributor。
if (context.ServiceProvider.GetRequiredService<ICurrentUser>().FindImpersonatorUserId() != null)
{
context.Toolbar.Items.Add(new ToolbarItem(typeof(ImpersonationViewComponent), order: -1));
}
- 配置
AbpSaasHostWebOptions和AbpIdentityWebOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
var configuration = context.Services.GetConfiguration();
//用于 Saas 模块中的模拟
context.Services.Configure<AbpSaasHostWebOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityWebOptions>(options =>
{
options.EnableUserImpersonation = true;
});
}
Blazor Server
- 在您的
BlazorModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和AbpAccountPublicBlazorServerModule(Volo.Abp.Account.Pro.Public.Blazor.Server) - 配置
SaasHostBlazorOptions和AbpAccountOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
var configuration = context.Services.GetConfiguration();
//用于 Saas 模块中的模拟
context.Services.Configure<SaasHostBlazorOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityProBlazorOptions>(options =>
{
options.EnableUserImpersonation = true;
});
context.Services.Configure<AbpAccountOptions>(options =>
{
//用于 Saas 模块中的模拟
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
//用于 Identity 模块中的模拟
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
}
Blazor Server 分层
认证服务器 (AuthServer)
- 在您的
AuthServerModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和SaasHostApplicationContractsModule - 配置
AbpAccountOptions。
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.Configure<AbpAccountOptions>(options =>
{
//用于 Saas 模块中的模拟
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
//用于 Identity 模块中的模拟
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
}
HttpApi.Host
此处无需进行任何操作。
Blazor
在您的
BlazorModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和AbpAccountPublicBlazorServerModule(Volo.Abp.Account.Pro.Public.Blazor.Server)将
AccountController的基类改为AbpAccountImpersonationChallengeAccountController
public class AccountController : AbpAccountImpersonationChallengeAccountController
{
}
- 配置
SaasHostBlazorOptions和AbpAccountOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
//用于 Saas 模块中的模拟
context.Services.Configure<SaasHostBlazorOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityProBlazorOptions>(options =>
{
options.EnableUserImpersonation = true;
});
}
Angular
将 Impersonation 添加到 Angular 的授权类型中。
//Console Test / Angular Client
var consoleAndAngularClientId = configurationSection["MyProjectName_App:ClientId"];
if (!consoleAndAngularClientId.IsNullOrWhiteSpace())
{
var consoleAndAngularClientRootUrl = configurationSection["MyProjectName_App:RootUrl"]?.TrimEnd('/');
await CreateApplicationAsync(
name: consoleAndAngularClientId,
type: OpenIddictConstants.ClientTypes.Public,
consentType: OpenIddictConstants.ConsentTypes.Implicit,
displayName: "Console Test / Angular Application",
secret: null,
grantTypes: new List<string>
{
OpenIddictConstants.GrantTypes.AuthorizationCode,
OpenIddictConstants.GrantTypes.Password,
OpenIddictConstants.GrantTypes.ClientCredentials,
OpenIddictConstants.GrantTypes.RefreshToken,
"LinkLogin",
"Impersonation"
},
scopes: commonScopes,
redirectUri: consoleAndAngularClientRootUrl,
postLogoutRedirectUri: consoleAndAngularClientRootUrl,
clientUri: consoleAndAngularClientRootUrl,
logoUri: "/images/clients/angular.svg"
);
}
如果不存在,请在 environment 的 oAuthConfig 中添加 impersonation: { userImpersonation: true, tenantImpersonation: true} 对象。
export const environment = {
//其他属性..
oAuthConfig: {
//其他属性..
impersonation: {
userImpersonation: true,
tenantImpersonation: true,
},
},
Blazor WASM
目前不支持。
微服务
认证服务器 (AuthServer)
- 在您的
AuthServerModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和SaasHostApplicationContractsModule - 配置
AbpAccountOptions。
public override void ConfigureServices(ServiceConfigurationContext context)
{
context.Services.Configure<AbpAccountOptions>(options =>
{
//用于 Saas 模块中的模拟
options.TenantAdminUserName = "admin";
options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation;
//用于 Identity 模块中的模拟
options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
});
}
Web
- 在您的
WebModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation) - 将
AccountController的基类改为AbpAccountImpersonationChallengeAccountController
public class AccountController : AbpAccountImpersonationChallengeAccountController
{
}
- 在
\Components\Toolbar\Impersonation文件夹中添加ImpersonationViewComponent
public class ImpersonationViewComponent : AbpViewComponent
{
public virtual IViewComponentResult Invoke()
{
return View("~/Components/Toolbar/Impersonation/Default.cshtml");
}
}
@using Microsoft.AspNetCore.Mvc.Localization
@using Volo.Abp.Account.Localization
@inject IHtmlLocalizer<AccountResource> L
<form method="post" data-ajaxForm="false" action="~/Account/BackToImpersonator">
@Html.AntiForgeryToken()
<button type="submit" class="btn text-danger" data-bs-toggle="tooltip" data-bs-placement="left" title="@L["BackToImpersonator"]">
<i class="fa fa-undo"></i>
</button>
</form>
- 将
ImpersonationViewComponent添加到ToolbarContributor。
if (context.ServiceProvider.GetRequiredService<ICurrentUser>().FindImpersonatorUserId() != null)
{
context.Toolbar.Items.Add(new ToolbarItem(typeof(ImpersonationViewComponent), order: -1));
}
- 配置
AbpSaasHostWebOptions和AbpIdentityWebOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
var configuration = context.Services.GetConfiguration();
//用于 Saas 模块中的模拟
context.Services.Configure<AbpSaasHostWebOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityWebOptions>(options =>
{
options.EnableUserImpersonation = true;
});
}
Blazor.Server
在您的
BlazorModule中依赖AbpAccountPublicWebImpersonationModule(Volo.Abp.Account.Pro.Public.Web.Impersonation)和AbpAccountPublicBlazorServerModule(Volo.Abp.Account.Pro.Public.Blazor.Server)将
AccountController的基类改为AbpAccountImpersonationChallengeAccountController
public class AccountController : AbpAccountImpersonationChallengeAccountController
{
}
- 配置
SaasHostBlazorOptions和AbpAccountOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
//用于 Saas 模块中的模拟
context.Services.Configure<SaasHostBlazorOptions>(options =>
{
options.EnableTenantImpersonation = true;
});
//用于 Identity 模块中的模拟
context.Services.Configure<AbpIdentityProBlazorOptions>(options =>
{
options.EnableUserImpersonation = true;
});
}
Blazor 和 PublicWeb
目前不支持。
租户与用户模拟权限
