Hello ABP Support Team,
We are using the ABP Identity module and appreciate the existing features like periodic password changes (password aging), which forces users to update their passwords after a set period.
However, we also have a requirement to implement password history to prevent users from reusing any of their last N passwords. From previous support discussions, it appears this functionality is not currently supported natively, and a custom implementation is required.
It would be ideal to have built-in support for password history as part of the Identity module. This is a common enterprise security requirement and helps align with compliance standards in industries such as finance, healthcare, and government systems.
Requested Feature:
Benefits:
Thank you for considering this request! We believe this would be a valuable addition to the ABP Identity module and look forward to your feedback.
Thanks. Adding it to the host application fixed my problem.
[AI-Bot] said: This is a known behavior in ABP Framework. When you set "Abp.Account.IsSelfRegistrationEnabled" in the AuthServer's appsettings.json, it only sets the default value for the setting. The UI on the settings page (host/tenant → Account tab) displays the value from the AbpSettings table, not the default from appsettings.json. If there is no record in the AbpSettings table, the UI will show the default (which is "true" unless overridden in the database), even if the actual behavior is "false" due to your appsettings.json.
Once you toggle and save the setting in the UI, a record is created in the AbpSettings table, and the UI will then reflect the correct value.
Workaround / Solution:
- To ensure the UI matches the actual behavior, you should create a record in the AbpSettings table for "Abp.Account.IsSelfRegistrationEnabled" with the value you want (e.g., "false") for the relevant provider (host/tenant).
- Alternatively, toggle and save the setting once in the UI to create the record.
Why this happens:
ABP's setting system uses the following precedence:
- Value in the AbpSettings table (per provider/tenant)
- Default value from code or appsettings.json (if no record in DB)
The UI only reads from the database, not from appsettings.json, unless a record is created.
References:
- ABP Support: Email settings not visible for tenant
- ABP Support: Email settings permission for tenant
This is the expected design in ABP Framework. If you want the UI to always reflect the appsettings.json value, you would need to customize the settings management UI to also read from configuration, which is not the default behavior.
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
However, from a user perspective, it feels inconsistent that the backend behavior (self-registration disabled via appsettings.json) does not match what the UI displays on the settings page. This can easily cause confusion for administrators who rely on the UI to verify the system’s configuration.
When I add "Abp.Account.IsSelfRegistrationEnabled": "false" in the AuthServer project's appsettings.json, the behavior works correctly (self-registration is disabled), but the UI still shows the checkbox as enabled on the host/tenant settings page under the Account tab.
If I toggle the value once in the UI and save, the display becomes correct, because a new record is created in the AbpSettings table.
Reproduction Steps:
abp new MyApp -u angular -t app-pro --theme lepton -m none --separate-auth-server --database-provider ef -csf --version 9.2.4
AccountAdminConfigModule.forRoot()
"Abp.Account.IsSelfRegistrationEnabled": "false"
Expected Result:
"Enable self registration" should be unchecked in the UI when the setting is false.
Actual Result:
The checkbox is still shown as enabled, even though self-registration is disabled in behavior.
