hi

We will make entities and UI extensible in the next version.

However, you still need to override some built-in services and UI pages to meet your requirements.

Thank you

Do you mean in v9.0 or V8.3.1, because it's` highly needed, and I think It's does need to be late. About overriding we already done most of working, we are blocked only by unable to extend entity & UI/APIs.

Thanks for you cooperation .

hi

Based on your requirements, you should download and integrate the Identity Pro source code to implement these new features.

Check the How it works section to extend yours.

https://abp.io/docs/latest/modules/identity/session-management#how-it-works

Thanks for response, But I think it's weird that almost all Abp modules are extendable except IdentitySession feature.

At least supporting extending IdentitySession (entity, ui, api ..etc) to be able to add additional columns/properties is a critical and without it you break one of your offered values .

Module Entity Extensions

Module entity extension system is a high level extension system that allows you to define new properties for existing entities of the depended modules. It automatically adds properties to the entity, database, HTTP API and the user interface in a single point.

The module must be developed the Module Entity Extensions system in mind. All the **official modules** supports this system wherever possible.

Is this not possible for IdentitySession !? We prefer not to make changes in the modules source-codes to maintain versioning stability, expect when our use-case is unique.

I think any customer forced to make simple/wide-used/core changes in the modules source-code (to complies their requirements), they eventually not in need for continues paid support. (here I'm talking about points like: missing extendibility, core things)

thanks & best regards

Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

• ABP Framework version: v8.2.2
• UI Type: Angular
• Database System: EF Core (SQL Server)
• Tiered (for MVC) or Auth Server Separated (for Angular): yes
• Exception message and full stack trace: ns
• Steps to reproduce the issue: na

Dears Abp Team,

Firstly, let me & my team thanks you for all time great job.

Regarding the Identity module new feature in v8.1 (Identity Session), we started to use this feature in our current enterprise project, and it adds a great addition to the security domain, but we wondered if it will support the following properties :

1. Extendibility (extends IdentitySession entity and UIs) like other identity module parts ex.(Identity User). **! most important **
2. Exposing ISessionIdProvider to be used as the source of sessionId creation instead of using GUID.toString() directly.
3. Adding PreventNewLogins option to the IdentityProPreventConcurrentLoginBehaviour which will preventing user to login from a new device except he/she first logout from the previous device or have his/her session revoked/deleted.
4. Ability to handle an event in the time of attempting to login from a new device
   1. can be used to send notification to the user (sms/email) let him/her know about the new activity on his/her account.
   2. rejected the login process for additional reasons like (user is linked to a customer profile, which for some reasons must be blocked form logging in)

Actually these point are critical for most of enterprise applications. We overcome the second point by removing the IdentitySessionClaimsPrincipalContributor

context.Services.RemoveAll(typeof(IdentitySessionClaimsPrincipalContributor));

//we used a uuid which sent by the client in the headers as the session-id which enables us to track the device used by user.

 var httpRequest = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext?.Request;

 var sessionId = identity.FindSessionId();
 if (sessionId == null)
 {
     sessionId = httpRequest?.GetDeviceIdFromHeader() ?? Guid.NewGuid().ToString();

     identity.AddClaim(new Claim(AbpClaimTypes.SessionId, sessionId));
 }

So, would please considering adding these features in the coming patches, especially point 1+ 2. or please guide us how to implement the above requirements.

Thanks & best regards.

• ABP Framework version: v8.0.4
• UI Type: Angular
• Database System: EF Core (SQL Server)
• Auth Server Separated (for Angular): yes
• Exception message and full stack trace:
• Steps to reproduce the issue:

Dear Abp Team,

We want to have tow type of users (admins, customers),

• admins: are users of company stuffs which permitted to use the angular back-office for managing business.
• customers: are user who we register/collect a full KYC data of them and have separate table, and have there users linked to them in AbpUsers table (we extended the Abpusers and add cutomer_id column), also customer-user are designed to access the system via mobile app.

customer are enrolled via developed APIs which has many business rule like (KYC, ..etc). after customer enrolled they assigned to a specific group. Groups are acting like aggregate for many things ( allowed services, limits, fees, ...etc). we implement the following: 1- when admins create a group and link it with the allowed services, system create role with the same name of group and assign linked services permissions to this role. 2- when user added to group an event fired to give the customer-user the same role of group.

now we need to ensure the following: 1- admins can not change/delete the roles that have been created for group purposes. (except via our developed api Groups APIs) 2- admins can not add any user to those roles mentioned above. (except via our developed api Groups APIs) 3- customers-users can not login via angular/auth (the built-in apis) login page. (or if it possible to link users with a client_id, so how can we check this).

We are lookup for your support to implement the requirements with the best practices and methods.

Thanks & best regards,

hi

This may be a security risk.

You can change the TokenController.Password behavior to achieve it.

https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L372-L377

https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L149

Thanks @mailming, Could you please give us more clarification about the security risk you mentioned above.

Also, Is it better to implement required use-case (above) in the new module (session management) that you are working on it (I'm following your branch) ?

thanks

• ABP Framework version: v8.0.4
• UI Type: Angular / Flutter
• Database System: EF Core (SQL Server)
• Tiered (for MVC) or Auth Server Separated (for Angular): yes
• Exception message and full stack trace: n/a
• Steps to reproduce the issue: n/a

We need to implement 2FA for our mobile app, we use the password flow, we we enabled the 2FA the system requires/send OTP every time customer login to his account from mobile app. we want to implement the remember device 2FA which will let's sending/requiring 2FA for new device only per user.

this feature is available for web application users, but we have another use-case which mobile app users.

So, please we need your support for achieving this case.

thanks

Hi,

He is also a commercial customer not a support, you can see that he has no label of support team

You've got to be kidding!!!!!!! You let non ABP support people answer support questions??????? WOW!!!! I share a company's project with someone not from ABP!!!!!!!!!

sorry for that , actually I just wanted to help, and you asked for my email, whatever, I was far a way from my laptop and couldn't help (so, be safe, I haven't access your repository at all)

Hi,

I have already done this previously before creating a ticket with ABP. If you give me an email address I will give you access to my project on GitHub that this issue is occurring with.

Steve

eng.aldhamdy@gmail.com

need to execute (abp install-libs ) inside the AuthServer project folder, and then re-build the project