Activities of "bogdan"

Sorry, for the delay.

but where I do set up the claims and integrate the Identity and claims into AbpSession? There must be another class for that?

Yes. Create your own AbpSessionWithClaims following the same approach as Abp.Zero.

In my case, the Identity is determined before my app even starts. Our corporate STS puts our identity in a cookie. I guess I'm looking for the Abp version of the ClaimsTransformation - where I have access to the cookies and the database so I can assemble all the claims together.

Not sure if I understand correctly. Abp does not support claims so far. You can pretend that permissions are claims. I'm using something like this: [AbpPermission("MyClaim=MyValue")] public void MyAppMethod() {..}

and my implementation of IPermissionChecker parses such permission text into claim objects. Then you need to verify these claims against user claims:

{ ... ClaimsPrincipal userPrincipal = ... get current from session ...; var (claimType, claimValue) = ParsePermission(permissionName);
bool isPermissioned = AbpSession.UserPrincipal.HasClaim(claimType, claimValue); ... }

Tuple<string,string> ParsePermissionInfo(string permission) {...}

I hope that implementing just what ABP needs will be simpler.

I've made the same conclusion some time ago and have made a wrapper around the ASP.Net Identity.

The Zero table structure and Permission methods don't take Organization into account.

It looks like claims-based authorization can help you. They are supported by ASP.Net Identity.

My table structures to support User-Organization-Role already exist.

To use this data you need a custom implementation of IPermissionChecker interface which will be able to handle permissions in the form "Organisation=1234". You can use this permisson either by an attiribute [AbpAuthorize("Organisation=1234")] or by injecting IPermissionChecker and using it directly.

True, ABP does not force Anemic but IMO ABP is also to demo for best practices. It means that adding at least basic AggregateRoot to show how to do things properly before project becomes too large will be very useful. Anyway it's just my 5c.