Base solution for your next web application
Open Closed

encrypt AbpUsers Username field #11061


User avatar
0
sedulen created

Prerequisites

Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

  • What is your product version? v6.9.0
  • What is your product type (Angular or MVC)? Angular
  • What is product framework type (.net framework or .net core)? .net core

If issue related with ABP Framework

  • What is ABP Framework version? v4.5.0

Hello everyone! I realize I've been silent for a little while. Life has kept me pretty busy this past month. I know I owe a few people some outstanding action items, and I will work to get those done next wek.

In the meantime, I have a question. In working with a partner / reseller on my product, their security team did an audit of my database schema, and per their security requirements, they need the AbpUsers.Username field to be stored encrypted.

I'm comfortable doing the work to support that, but I was curious if: a.) this was already implemented in a later ABP framework version OR b.) if anyone else had already considered this, and if so, how they approached it. I see in UserManager and LoginManager, that they inherit from the AbpUserManager and AbpLogInManager classes, where the methods are defined as virtual. so I should be able to simply override the methods that I need, add my encryption / decryption where need it, and move on.

Before I started down this path I wanted to check and ask.
Thoughts?

Thanks! -Brian


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @sedulen

    Latest version doesn't have such a feature. It is hard to predict wht problems this action might cause. Please carefully test your changes :). Probably changing UserManager and LoginManager will be enough.

  • User Avatar
    0
    sedulen created

    Thanks @ismcagdas!

    I let you know how it goes. -Brian