Open Closed

Extending Identity Session module #7805


User avatar
0
aldhamdy created

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

  • ABP Framework version: v8.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: ns
  • Steps to reproduce the issue: na

Dears Abp Team,

Firstly, let me & my team thanks you for all time great job.

Regarding the Identity module new feature in v8.1 (Identity Session), we started to use this feature in our current enterprise project, and it adds a great addition to the security domain, but we wondered if it will support the following properties :

  1. Extendibility (extends IdentitySession entity and UIs) like other identity module parts ex.(Identity User). **! most important **
  2. Exposing ISessionIdProvider to be used as the source of sessionId creation instead of using GUID.toString() directly.
  3. Adding PreventNewLogins option to the IdentityProPreventConcurrentLoginBehaviour which will preventing user to login from a new device except he/she first logout from the previous device or have his/her session revoked/deleted.
  4. Ability to handle an event in the time of attempting to login from a new device
    1. can be used to send notification to the user (sms/email) let him/her know about the new activity on his/her account.
    2. rejected the login process for additional reasons like (user is linked to a customer profile, which for some reasons must be blocked form logging in)

Actually these point are critical for most of enterprise applications. We overcome the second point by removing the IdentitySessionClaimsPrincipalContributor

context.Services.RemoveAll(typeof(IdentitySessionClaimsPrincipalContributor));

//we used a uuid which sent by the client in the headers as the session-id which enables us to track the device used by user.

 var httpRequest = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext?.Request;

 var sessionId = identity.FindSessionId();
 if (sessionId == null)
 {
     sessionId = httpRequest?.GetDeviceIdFromHeader() ?? Guid.NewGuid().ToString();

     identity.AddClaim(new Claim(AbpClaimTypes.SessionId, sessionId));
 }

So, would please considering adding these features in the coming patches, especially point 1+ 2. or please guide us how to implement the above requirements.

Thanks & best regards.


6 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Based on your requirements, you should download and integrate the Identity Pro source code to implement these new features.

    Check the How it works section to extend yours.

    https://abp.io/docs/latest/modules/identity/session-management#how-it-works

  • User Avatar
    0
    aldhamdy created

    hi

    Based on your requirements, you should download and integrate the Identity Pro source code to implement these new features.

    Check the How it works section to extend yours.

    https://abp.io/docs/latest/modules/identity/session-management#how-it-works

    Thanks for response, But I think it's weird that almost all Abp modules are extendable except IdentitySession feature.

    At least supporting extending IdentitySession (entity, ui, api ..etc) to be able to add additional columns/properties is a critical and without it you break one of your offered values .

    Module Entity Extensions

    Module entity extension system is a high level extension system that allows you to define new properties for existing entities of the depended modules. It automatically adds properties to the entity, database, HTTP API and the user interface in a single point.

    The module must be developed the Module Entity Extensions system in mind. All the **official modules** supports this system wherever possible.

    Is this not possible for IdentitySession !? We prefer not to make changes in the modules source-codes to maintain versioning stability, expect when our use-case is unique.

    I think any customer forced to make simple/wide-used/core changes in the modules source-code (to complies their requirements), they eventually not in need for continues paid support. (here I'm talking about points like: missing extendibility, core things)

    thanks & best regards

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We will make entities and UI extensible in the next version.

    However, you still need to override some built-in services and UI pages to meet your requirements.

    Thank you

  • User Avatar
    0
    aldhamdy created

    hi

    We will make entities and UI extensible in the next version.

    However, you still need to override some built-in services and UI pages to meet your requirements.

    Thank you

    Do you mean in v9.0 or V8.3.1, because it's` highly needed, and I think It's does need to be late. About overriding we already done most of working, we are blocked only by unable to extend entity & UI/APIs.

    Thanks for you cooperation .

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We will implement it in 8.3.x asap.

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is a breaking change. So I move it to 9.0. sorry for that.

    There are source code of changes in abp and commercial

    https://github.com/abpframework/abp/pull/20771/

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54