hi
We will make entities and UI extensible in the next version.
However, you still need to override some built-in services and UI pages to meet your requirements.
Thank you
Do you mean in v9.0 or V8.3.1, because it's` highly needed, and I think It's does need to be late. About overriding we already done most of working, we are blocked only by unable to extend entity & UI/APIs.
Thanks for you cooperation .
hi
Based on your requirements, you should download and integrate the Identity Pro source code to implement these new features.
Check the
How it works
section to extend yours.https://abp.io/docs/latest/modules/identity/session-management#how-it-works
Thanks for response, But I think it's weird that almost all Abp modules are extendable except IdentitySession feature.
At least supporting extending IdentitySession (entity, ui, api ..etc) to be able to add additional columns/properties is a critical and without it you break one of your offered values .
Module Entity Extensions
Module entity extension system is a high level extension system that allows you to define new properties for existing entities of the depended modules. It automatically adds properties to the entity, database, HTTP API and the user interface in a single point.
The module must be developed the Module Entity Extensions system in mind.
All the **official modules** supports this system wherever possible.
Is this not possible for IdentitySession !? We prefer not to make changes in the modules source-codes to maintain versioning stability, expect when our use-case is unique.
I think any customer forced to make simple/wide-used/core changes in the modules source-code (to complies their requirements), they eventually not in need for continues paid support. (here I'm talking about points like: missing extendibility, core things)
thanks & best regards
Check the docs before asking a question: https://abp.io/docs/latest Check the samples to see the basic tasks: https://abp.io/docs/latest/samples The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:
Dears Abp Team,
Firstly, let me & my team thanks you for all time great job.
Regarding the Identity module new feature in v8.1 (Identity Session), we started to use this feature in our current enterprise project, and it adds a great addition to the security domain, but we wondered if it will support the following properties :
Actually these point are critical for most of enterprise applications. We overcome the second point by removing the IdentitySessionClaimsPrincipalContributor
context.Services.RemoveAll(typeof(IdentitySessionClaimsPrincipalContributor));
//we used a uuid which sent by the client in the headers as the session-id which enables us to track the device used by user.
var httpRequest = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>().HttpContext?.Request;
var sessionId = identity.FindSessionId();
if (sessionId == null)
{
sessionId = httpRequest?.GetDeviceIdFromHeader() ?? Guid.NewGuid().ToString();
identity.AddClaim(new Claim(AbpClaimTypes.SessionId, sessionId));
}
So, would please considering adding these features in the coming patches, especially point 1+ 2. or please guide us how to implement the above requirements.
Thanks & best regards.
Dear Abp Team,
We want to have tow type of users (admins, customers),
customer are enrolled via developed APIs which has many business rule like (KYC, ..etc). after customer enrolled they assigned to a specific group. Groups are acting like aggregate for many things ( allowed services, limits, fees, ...etc). we implement the following: 1- when admins create a group and link it with the allowed services, system create role with the same name of group and assign linked services permissions to this role. 2- when user added to group an event fired to give the customer-user the same role of group.
now we need to ensure the following: 1- admins can not change/delete the roles that have been created for group purposes. (except via our developed api Groups APIs) 2- admins can not add any user to those roles mentioned above. (except via our developed api Groups APIs) 3- customers-users can not login via angular/auth (the built-in apis) login page. (or if it possible to link users with a client_id, so how can we check this).
We are lookup for your support to implement the requirements with the best practices and methods.
Thanks & best regards,
hi
This may be a security risk.
You can change the
TokenController.Password
behavior to achieve it.https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L372-L377
https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L149
Thanks @mailming, Could you please give us more clarification about the security risk you mentioned above.
Also, Is it better to implement required use-case (above) in the new module (session management) that you are working on it (I'm following your branch) ?
thanks
We need to implement 2FA for our mobile app, we use the password flow, we we enabled the 2FA the system requires/send OTP every time customer login to his account from mobile app. we want to implement the remember device 2FA which will let's sending/requiring 2FA for new device only per user.
this feature is available for web application users, but we have another use-case which mobile app users.
So, please we need your support for achieving this case.
thanks
Hi,
He is also a commercial customer not a support, you can see that he has no label of support teamYou've got to be kidding!!!!!!! You let non ABP support people answer support questions??????? WOW!!!! I share a company's project with someone not from ABP!!!!!!!!!
sorry for that , actually I just wanted to help, and you asked for my email, whatever, I was far a way from my laptop and couldn't help (so, be safe, I haven't access your repository at all)
Hi,
I have already done this previously before creating a ticket with ABP. If you give me an email address I will give you access to my project on GitHub that this issue is occurring with.
Steve
eng.aldhamdy@gmail.com
need to execute (abp install-libs ) inside the AuthServer project folder, and then re-build the project