Activities of "aldhamdy"
- ABP Framework version: v8.0.4
- UI Type: Angular
- Database System: EF Core (SQL Server)
- Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
Dear Abp Team,
We want to have tow type of users (admins, customers),
- admins: are users of company stuffs which permitted to use the angular back-office for managing business.
- customers: are user who we register/collect a full KYC data of them and have separate table, and have there users linked to them in AbpUsers table (we extended the Abpusers and add cutomer_id column), also customer-user are designed to access the system via mobile app.
customer are enrolled via developed APIs which has many business rule like (KYC, ..etc). after customer enrolled they assigned to a specific group. Groups are acting like aggregate for many things ( allowed services, limits, fees, ...etc). we implement the following: 1- when admins create a group and link it with the allowed services, system create role with the same name of group and assign linked services permissions to this role. 2- when user added to group an event fired to give the customer-user the same role of group.
now we need to ensure the following: 1- admins can not change/delete the roles that have been created for group purposes. (except via our developed api Groups APIs) 2- admins can not add any user to those roles mentioned above. (except via our developed api Groups APIs) 3- customers-users can not login via angular/auth (the built-in apis) login page. (or if it possible to link users with a client_id, so how can we check this).
We are lookup for your support to implement the requirements with the best practices and methods.
Thanks & best regards,
hi
This may be a security risk.
You can change the
TokenController.Passwordbehavior to achieve it.https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L372-L377
https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L149
Thanks @mailming, Could you please give us more clarification about the security risk you mentioned above.
Also, Is it better to implement required use-case (above) in the new module (session management) that you are working on it (I'm following your branch) ?
thanks
- ABP Framework version: v8.0.4
- UI Type: Angular / Flutter
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace: n/a
- Steps to reproduce the issue: n/a
We need to implement 2FA for our mobile app, we use the password flow, we we enabled the 2FA the system requires/send OTP every time customer login to his account from mobile app. we want to implement the remember device 2FA which will let's sending/requiring 2FA for new device only per user.
this feature is available for web application users, but we have another use-case which mobile app users.
So, please we need your support for achieving this case.
thanks
Hi,
He is also a commercial customer not a support, you can see that he has no label of support teamYou've got to be kidding!!!!!!! You let non ABP support people answer support questions??????? WOW!!!! I share a company's project with someone not from ABP!!!!!!!!!
sorry for that , actually I just wanted to help, and you asked for my email, whatever, I was far a way from my laptop and couldn't help (so, be safe, I haven't access your repository at all)
Hi,
I have already done this previously before creating a ticket with ABP. If you give me an email address I will give you access to my project on GitHub that this issue is occurring with.
Steve
eng.aldhamdy@gmail.com
need to execute (abp install-libs ) inside the AuthServer project folder, and then re-build the project