how do I override it for nswag?
AbpSession.TenantId cannot be tampered or changed by the ?
Yes I know how to retrieve it.
What I am asking is when I do a where x.TenantId = tenantId; What shall I use the AbpSession.ToUserIdentifier().TenantId or the UserManager.FindByIdAsync(...).TenantId as tenantId.
In terms of security what is the correct approach?
I have a table X which references Tenant Table (each row has a TenantId)
I want to get contents of table that belong to Tenant that requested X table.
Which is best to use in terms of security
AbpSession.ToUserIdentifier() or UserManager.FindByIdAsync(...)
Thanks
Does UserManager hits database all the time or it caches results on memory?
Thanks
@aaron Thanks
@maliming Thanks for your reply. I am using asp.net boilerplate. Want to disable exception handling of abp. Don't want to send a Http 500 error in client never I have my own exception logic between client and server. So what I am looking is to remove exception handling completely from abp server
Thanks
Yes I am using it.
With all due respect. When you provide a product you have to offer the appropriate guides/manuals to the buyers/endusers. Especially when it concerns security which we all know today how crucial it is as it costs a lot. I will be waiting for your reply when you are sure and also for Identity Server.
Thanks
I type in anything I want or there is min and max length? Also for the IdentityServer what do I need to change?
Thanks
@ismcagdas OK But I need to know which settings I have to change once I deploy.
e.g under Authentication setting in appsettings do I need to change anything ?
