<<ABP Frames >> Sessions

Document Directory

The content of this section:

• Brief introduction
  • About Iabpseesion
• Inject session
• Session Properties
• User identifiers

Brief introduction

If an app needs to sign in, it needs to know what the current user is doing. Although ASP. NET itself provides session objects at the presentation layer, the ABP provides the Iabpsession interface to fetch the current user and tenant without the session of the ASP.

About Iabpsession

The Iabpsession interface must be implemented to obtain real-world session information. Although you can do it your way, it has been completely implemented in the Module-zero project.

IABP is also a complete integration, which can be used in other ABPR structures (setting up systems and authorization systems).

Inject session

Iabpsession is usually injected into the desired class, otherwise it is impossible to have session information. If we use attribute injection, we can use Nullabpsession.instance as the default value, as shown above:

 public  class   myclass:itransientdependency{ public  Iabpsession abpsession {get ; set      public   MyClass () {abpsession  =     nullabpsession.instance;  public  void   MyMethod () { var  currentuserid = ABP        Session.userid;  //  ...   

Because authentication/authorization is an application-level task, it is recommended to use Iabpsession at the application layer or the higher layer (usually we do not use it in the domain layer). Applicationservice.abpcontroller, Abpapicontroller, and other base classes have been fully injected into abpsession. So in the method of applying the service instance, you can use the Abpsession property directly.

Session Properties

Abpsession defines several key attributes:

• USERID: The ID of the current user or null (if there is no current user), it cannot be empty if the code that requires authorization is called.
• TENANTID: The ID of the current tenant or empty (if there is no current tenant: not logged in or a host user).
• Impersonatoruserid: Impersonate the user's ID (if another user impersonates the current session), or null if it is not an impersonation login.
• Impersonatortenantid: The ID of the impersonated user's tenant (if another user impersonates the current session), or null if it is not an impersonation login.
• Multitenancyside: May be a host or tenant.

UserID and Tenantid are nullable, there are non-nullable methods GetUserID and Gettenantid, and if you can ensure that there are current users, you can call GetUserID (). If the current user is empty, this method throws an exception, Gettenantid () is identical.

The impersonator (analog) attribute cannot be used in conjunction with other properties and is generally used only for the purpose of auditing the log.

User identifiers

You are available. Touseridentifier () extension method to create a Useridentifier object from Iabpsession. Since Useridentifier is used in a multitude of APIs, this simplifies creating a useridentifier for the current user.

<<ABP Frames >> Sessions