Activities of "aldhamdy"

All Question Answer
Newest Oldest
Extending Identity Session module #7805
Question

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

  • ABP Framework version: v8.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: ns
  • Steps to reproduce the issue: na

Dears Abp Team,

Firstly, let me & my team thanks you for all time great job.

Regarding the Identity module new feature in v8.1 (Identity Session), we started to use this feature in our current enterprise project, and it adds a great addition to the security domain, but we wondered if it will support the following properties :

  1. Extendibility (extends IdentitySession entity and UIs) like other identity module parts ex.(Identity User). **! most important **
  2. Exposing ISessionIdProvider to be used as the source of sessionId creation instead of using GUID.toString() directly.
  3. Adding PreventNewLogins option to the IdentityProPreventConcurrentLoginBehaviour which will preventing user to login from a new device except he/she first logout from the previous device or have his/her session revoked/deleted.
  4. Ability to handle an event in the time of attempting to login from a new device
    1. can be used to send notification to the user (sms/email) let him/her know about the new activity on his/her account.
    2. rejected the login process for additional reasons like (user is linked to a customer profile, which for some reasons must be blocked form logging in)

Actually these point are critical for most of enterprise applications. We overcome the second point by removing the IdentitySessionClaimsPrincipalContributor

context.Services.RemoveAll(typeof(IdentitySessionClaimsPrincipalContributor));

//we used a uuid which sent by the client in the headers as the session-id which enables us to track the device used by user.

 var httpRequest = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext?.Request;

 var sessionId = identity.FindSessionId();
 if (sessionId == null)
 {
     sessionId = httpRequest?.GetDeviceIdFromHeader() ?? Guid.NewGuid().ToString();

     identity.AddClaim(new Claim(AbpClaimTypes.SessionId, sessionId));
 }

So, would please considering adding these features in the coming patches, especially point 1+ 2. or please guide us how to implement the above requirements.

Thanks & best regards.

Overriding Roles #7131
Question
  • ABP Framework version: v8.0.4
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Dear Abp Team,

We want to have tow type of users (admins, customers),

  • admins: are users of company stuffs which permitted to use the angular back-office for managing business.
  • customers: are user who we register/collect a full KYC data of them and have separate table, and have there users linked to them in AbpUsers table (we extended the Abpusers and add cutomer_id column), also customer-user are designed to access the system via mobile app.

customer are enrolled via developed APIs which has many business rule like (KYC, ..etc). after customer enrolled they assigned to a specific group. Groups are acting like aggregate for many things ( allowed services, limits, fees, ...etc). we implement the following: 1- when admins create a group and link it with the allowed services, system create role with the same name of group and assign linked services permissions to this role. 2- when user added to group an event fired to give the customer-user the same role of group.

now we need to ensure the following: 1- admins can not change/delete the roles that have been created for group purposes. (except via our developed api Groups APIs) 2- admins can not add any user to those roles mentioned above. (except via our developed api Groups APIs) 3- customers-users can not login via angular/auth (the built-in apis) login page. (or if it possible to link users with a client_id, so how can we check this).

We are lookup for your support to implement the requirements with the best practices and methods.

Thanks & best regards,

Implement member 2FA for mobile app #6921
Question
  • ABP Framework version: v8.0.4
  • UI Type: Angular / Flutter
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: n/a
  • Steps to reproduce the issue: n/a

We need to implement 2FA for our mobile app, we use the password flow, we we enabled the 2FA the system requires/send OTP every time customer login to his account from mobile app. we want to implement the remember device 2FA which will let's sending/requiring 2FA for new device only per user.

this feature is available for web application users, but we have another use-case which mobile app users.

So, please we need your support for achieving this case.

thanks

Showing 1 to 3 of 3 entries
Made with ❤️ on ABP v9.0.0-preview Updated on September 19, 2024, 10:13