Skip to content

Users Abstraction Module

Abstraction package for transmitting user information between modules

Most enterprise applications today need to have form of security and permissions components in place to ensure that people who try to use the system are authentic users and are authorized to do what they attemp to do. A naive approach to application security builds users and permission in with each discrete system, which creates a silo effect in every application.

Identity and Access Context and will be used by other Bounded Contexts through standard DDD integration techniquies. To the consuming contexts the Identity and Access Context is a generic subdomain.

Identity module implements the User and Role system of PSS®X application:

  • Built on the Microsoft's ASP.NET Core Identity library.
  • Manage roles and users in the system. A user is allowed to have multiple roles.
  • Set permissions in role and user levels.
  • Enable/disable two factor authentication and user lockout per user.
  • Manage basic user profile and password.
  • Manage claim types in the system, set claims to roles and users.
  • Setting page to manage password complexity, user sign-in, account and lockout.
  • Supports LDAP authentication.
  • Supports Periodic Password Change (Password Aging).
  • Provides email & phone number verification.
  • Supports social login integrations (Twitter, Facebook, GitHub etc...).
  • Manage organization units in the system.
  • View security logs (login, logout, change password...) in the system.

Multi-Tenancy

Multi-Tenancy is a widely used architecture to create SaaS applications where the hardware and software resources are shared by the customers (tenants).

In the PSS®X application, tenant management is done at the application level.

Database Architecture

PSS®X supports Database per Tenant approach: Every tenant has a separate, dedicated database to store the data related to that tenant.

Aggreates

User

A user is generally a person logins to and uses the application.

  • IdentityUser (aggregate root): Represents a user in the system.
    • IdentityUserRole (collection): Roles to the user.
    • IdentityUserClaim (collection): Custom claims of the user.
    • IdentityUserLogin (collection): External logins of the user.
    • IdentityUserToken (collection): Tokens of the user (used by the Microsoft Identity services)

Role

A role is typically a group of permissions to assign to the users.

  • IdentityRole (aggregate root): Represents a role in the system.
    • IdentityRoleClaim (collection): Custom claims of the role.

Claim type

A claim type is a definition of a custom claim that can be assigned to other entities (like roles and users) in the system.

  • IdentityClaimType (aggregate root): Represents a claim type definition. It contains some properties (e.g. Required, Regex, Description, ValueType) to define the claim type and the validation rules.

Identity Security Log

A IdentitySecurityLog represents an authentication related operation in the system.

  • IdentitySecurityLog (aggregate root): Represents a security log in the system

OrganizationUnit

An Organization unit is a entity in a hierarchical structure.

  • OrganizationUnit (aggregate root): Represents an organization unit in the system.
    • Roles (collection): Roles of the organization unit.

Reference Books

  • "Implementing Domain Driven Design: Chapte 2, Domains, Subdomains, and Bounded Contexts" by Vaughn Vernon