<cite>hikalkan: </cite> Hi,
IAbpSession only requires getting current UserId. You can get it from any source. Just provide it. Best method is to set userId (as lon integer) as encrypted to a cookie and get it from this cookie on next requests. You can also learn and use Microsoft's ASP.NET Identity Framework for membership management.
Since IAbpSession only defines a getter for UserId, the assumption must be that initializing the value happens in AbpSession??
I implemented AbpSession and now I just need to return a value from UserId. The value I need is in a cookie but HttpContext is not available in AbpSession. You mention providing it from a cookie but how do I get access to the cookies?
<cite>bogdan: </cite>
I've made the same conclusion some time ago and have made a wrapper around the ASP.Net Identity.
To use this data you need a custom implementation of IPermissionChecker interface which will be able to handle permissions in the form "Organisation=1234". You can use this permisson either by an attiribute [AbpAuthorize("Organisation=1234")] or by injecting IPermissionChecker and using it directly.
That is exactly what I'm looking for. I see how IPermissionsManager and IPermissionChecker work but where I do set up the claims and integrate the Identity and claims into AbpSession? There must be another class for that?
In my case, the Identity is determined before my app even starts. Our corporate STS puts our identity in a cookie. I guess I'm looking for the Abp version of the ClaimsTransformation - where I have access to the cookies and the database so I can assemble all the claims together.
I ran the 'update-database [connect string]' command in Package Manager to create a whole new database so I could compare the columns to my production database. I found I needed to add AuthenticationSource:
ALTER TABLE dbo.AbpUsers ADD AuthenticationSource nvarchar(64) NULL