Merge pull request #9 from abpframework/master

Merge

framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Auditing/AspNetCoreCorrelationIdProvider.cs

@@ -0,0 +1,43 @@
+using System;
+using Microsoft.AspNetCore.Http;
+using Volo.Abp.Auditing;
+using Volo.Abp.DependencyInjection;
+
+namespace Volo.Abp.AspNetCore.Auditing
+{
+    [Dependency(ReplaceServices = true)]
+    public class AspNetCoreCorrelationIdProvider : ICorrelationIdProvider, ITransientDependency
+    {
+        public const string CorrelationIdKey = "_CorrelationId";
+
+        protected IHttpContextAccessor HttpContextAccessor { get; }
+
+        public AspNetCoreCorrelationIdProvider(IHttpContextAccessor httpContextAccessor)
+        {
+            HttpContextAccessor = httpContextAccessor;
+        }
+
+        public virtual string Get()
+        {
+            if (HttpContextAccessor.HttpContext?.Request?.Headers == null)
+            {
+                return CreateNewCorrelationId();
+            }
+
+            string correlationId = HttpContextAccessor.HttpContext.Request.Headers[CorrelationIdKey];
+
+            if (correlationId.IsNullOrEmpty())
+            {
+                correlationId = CreateNewCorrelationId();
+                HttpContextAccessor.HttpContext.Request.Headers[CorrelationIdKey] = correlationId;
+            }
+
+            return correlationId;
+        }
+
+        protected virtual string CreateNewCorrelationId()
+        {
+            return Guid.NewGuid().ToString("N");
+        }
+    }
+}

framework/src/Volo.Abp.Auditing/Volo/Abp/Auditing/AuditLogInfo.cs

@@ -24,6 +24,10 @@ namespace Volo.Abp.Auditing
 
         public int ExecutionDuration { get; set; }
 
+        public string ClientId { get; set; }
+
+        public string CorrelationId { get; set; }
+
         public string ClientIpAddress { get; set; }
 
         public string ClientName { get; set; }

framework/src/Volo.Abp.Auditing/Volo/Abp/Auditing/AuditingHelper.cs

@@ -5,6 +5,7 @@ using System.Reflection;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Volo.Abp.Clients;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.Timing;
@@ -18,30 +19,36 @@ namespace Volo.Abp.Auditing
         protected IAuditingStore AuditingStore { get; }
         protected ICurrentUser CurrentUser { get; }
         protected ICurrentTenant CurrentTenant { get; }
+        protected ICurrentClient CurrentClient { get; }
         protected IClock Clock { get; }
         protected AbpAuditingOptions Options;
         protected IAuditSerializer AuditSerializer;
         protected IServiceProvider ServiceProvider;
+        protected ICorrelationIdProvider CorrelationIdProvider { get; }
 
         public AuditingHelper(
             IAuditSerializer auditSerializer,
             IOptions<AbpAuditingOptions> options,
             ICurrentUser currentUser,
             ICurrentTenant currentTenant,
+            ICurrentClient currentClient,
             IClock clock,
             IAuditingStore auditingStore,
             ILogger<AuditingHelper> logger,
-            IServiceProvider serviceProvider)
+            IServiceProvider serviceProvider, 
+            ICorrelationIdProvider correlationIdProvider)
         {
             Options = options.Value;
             AuditSerializer = auditSerializer;
             CurrentUser = currentUser;
             CurrentTenant = currentTenant;
+            CurrentClient = currentClient;
             Clock = clock;
             AuditingStore = auditingStore;
 
             Logger = logger;
             ServiceProvider = serviceProvider;
+            CorrelationIdProvider = correlationIdProvider;
         }
 
         public virtual bool ShouldSaveAudit(MethodInfo methodInfo, bool defaultValue = false)
@@ -85,6 +92,8 @@ namespace Volo.Abp.Auditing
                 TenantId = CurrentTenant.Id,
                 UserId = CurrentUser.Id,
                 UserName = CurrentUser.UserName,
+                ClientId = CurrentClient.Id,
+                CorrelationId = CorrelationIdProvider.Get(),
                 //ImpersonatorUserId = AbpSession.ImpersonatorUserId, //TODO: Impersonation system is not available yet!
                 //ImpersonatorTenantId = AbpSession.ImpersonatorTenantId,
                 ExecutionTime = Clock.Now

framework/src/Volo.Abp.Auditing/Volo/Abp/Auditing/ICorrelationIdProvider.cs

@@ -0,0 +1,7 @@
+namespace Volo.Abp.Auditing
+{
+    public interface ICorrelationIdProvider
+    {
+        string Get();
+    }
+}

framework/src/Volo.Abp.Auditing/Volo/Abp/Auditing/NullCorrelationIdProvider.cs

@@ -0,0 +1,12 @@
+using Volo.Abp.DependencyInjection;
+
+namespace Volo.Abp.Auditing
+{
+    public class NullCorrelationIdProvider : ICorrelationIdProvider, ISingletonDependency
+    {
+        public string Get()
+        {
+            return null;
+        }
+    }
+}

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs

@@ -28,6 +28,7 @@ namespace Volo.Abp.Authorization
             {
                 options.ValueProviders.Add<UserPermissionValueProvider>();
                 options.ValueProviders.Add<RolePermissionValueProvider>();
+                options.ValueProviders.Add<ClientPermissionValueProvider>();
             });
         }
     }

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs

@@ -1,6 +1,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
+using Volo.Abp.Clients;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Users;
 
@@ -10,11 +11,16 @@ namespace Volo.Abp.Authorization
     {
         private readonly IAuthorizationService _authorizationService;
         private readonly ICurrentUser _currentUser;
+        private readonly ICurrentClient _currentClient;
 
-        public MethodInvocationAuthorizationService(IAuthorizationService authorizationService, ICurrentUser currentUser)
+        public MethodInvocationAuthorizationService(
+            IAuthorizationService authorizationService, 
+            ICurrentUser currentUser,
+            ICurrentClient currentClient)
         {
             _authorizationService = authorizationService;
             _currentUser = currentUser;
+            _currentClient = currentClient;
         }
 
         public async Task CheckAsync(MethodInvocationAuthorizationContext context)
@@ -53,7 +59,8 @@ namespace Volo.Abp.Authorization
         {
             if (authorizationAttribute.Policy == null)
             {
-                if (!_currentUser.IsAuthenticated) //TODO: What about API calls without user id?
+                //TODO: Can we find a better, unified, way of checking if current request has been authenticated
+                if (!_currentUser.IsAuthenticated && !_currentClient.IsAuthenticated)
                 {
                     throw new AbpAuthorizationException("Authorization failed! User has not logged in.");
                 }

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/ClientPermissionValueProvider.cs

@@ -0,0 +1,35 @@
+using System.Threading.Tasks;
+using Volo.Abp.Security.Claims;
+
+namespace Volo.Abp.Authorization.Permissions
+{
+    public class ClientPermissionValueProvider : PermissionValueProvider
+    {
+        public const string ProviderName = "Client";
+
+        public override string Name => ProviderName;
+
+        public ClientPermissionValueProvider(IPermissionStore permissionStore)
+            : base(permissionStore)
+        {
+
+        }
+
+        public override async Task<PermissionValueProviderGrantInfo> CheckAsync(PermissionValueCheckContext context)
+        {
+            var clientId = context.Principal?.FindFirst(AbpClaimTypes.ClientId)?.Value;
+
+            if (clientId == null)
+            {
+                return PermissionValueProviderGrantInfo.NonGranted;
+            }
+
+            if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, clientId))
+            {
+                return new PermissionValueProviderGrantInfo(true, clientId);
+            }
+
+            return PermissionValueProviderGrantInfo.NonGranted;
+        }
+    }
+}

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs

@@ -1,10 +1,10 @@
-using System;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Security.Claims;
 
@@ -40,7 +40,7 @@ namespace Volo.Abp.Authorization.Permissions
                 true
             );
         }
-        
+
         public virtual Task<PermissionGrantInfo> CheckAsync(string name)
         {
             return CheckAsync(PrincipalAccessor.Principal, name);
@@ -57,6 +57,12 @@ namespace Volo.Abp.Authorization.Permissions
 
             foreach (var provider in ValueProviders)
             {
+                if (context.Permission.Providers.Any() &&
+                    !context.Permission.Providers.Contains(provider.Name))
+                {
+                    continue;
+                }
+
                 var result = await provider.CheckAsync(context);
                 if (result.IsGranted)
                 {

framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs

@@ -18,6 +18,8 @@ namespace Volo.Abp.Authorization.Permissions
         /// </summary>
         public PermissionDefinition Parent { get; private set; }
 
+        public List<string> Providers { get; }
+
         public ILocalizableString DisplayName
         {
             get => _displayName;
@@ -53,6 +55,7 @@ namespace Volo.Abp.Authorization.Permissions
             DisplayName = displayName ?? new FixedLocalizableString(name);
 
             Properties = new Dictionary<string, object>();
+            Providers = new List<string>();
             _children = new List<PermissionDefinition>();
         }
 
@@ -68,6 +71,30 @@ namespace Volo.Abp.Authorization.Permissions
             return child;
         }
 
+        /// <summary>
+        /// Sets a property in the <see cref="Properties"/> dictionary.
+        /// This is a shortcut for nested calls on this object.
+        /// </summary>
+        public virtual PermissionDefinition WithProperty(string key, object value)
+        {
+            Properties[key] = value;
+            return this;
+        }
+
+        /// <summary>
+        /// Sets a property in the <see cref="Properties"/> dictionary.
+        /// This is a shortcut for nested calls on this object.
+        /// </summary>
+        public virtual PermissionDefinition WithProviders(params string[] providers)
+        {
+            if (!providers.IsNullOrEmpty())
+            {
+                Providers.AddRange(providers);
+            }
+
+            return this;
+        }
+
         public override string ToString()
         {
             return $"[{nameof(PermissionDefinition)} {Name}]";

framework/src/Volo.Abp.Http.Client.IdentityModel/Volo/Abp/Http/Client/IdentityModel/IdentityModelRemoteServiceHttpClientAuthenticator.cs

@@ -22,26 +22,24 @@ namespace Volo.Abp.Http.Client.IdentityModel
 
         public async Task Authenticate(RemoteServiceHttpClientAuthenticateContext context)
         {
-            var accessToken = await GetAccessTokenFromHttpContextOrNullAsync();
-
-            if (accessToken != null)
-            {
-                context.Client.SetBearerToken(accessToken);
-            }
-            else
+            if (context.RemoteService.GetUseCurrentAccessToken() != false)
             {
-                await IdentityModelHttpClientAuthenticator.AuthenticateAsync(
-                    new IdentityModelHttpClientAuthenticateContext(
-                        context.Client,
-                        context.RemoteService.GetIdentityClient()
-                    )
-                );
+                var accessToken = await GetAccessTokenFromHttpContextOrNullAsync();
+                if (accessToken != null)
+                {
+                    context.Client.SetBearerToken(accessToken);
+                    return;
+                }
             }
+
+            await IdentityModelHttpClientAuthenticator.AuthenticateAsync(
+                context.Client,
+                context.RemoteService.GetIdentityClient()
+            );
         }
 
         protected virtual async Task<string> GetAccessTokenFromHttpContextOrNullAsync()
         {
-            //TODO: What if the access_token in the current Http Request is not usable for this client?
             var httpContext = HttpContextAccessor?.HttpContext;
             if (httpContext == null)
             {

framework/src/Volo.Abp.Http.Client.IdentityModel/Volo/Abp/Http/Client/RemoteServiceConfigurationExtensions.cs

@@ -5,19 +5,48 @@ namespace Volo.Abp.Http.Client
 {
     public static class RemoteServiceConfigurationExtensions
     {
-        public const string IdentityClient = "IdentityClient";
+        public const string IdentityClientName = "IdentityClient";
+        public const string UseCurrentAccessTokenName = "UseCurrentAccessToken";
 
         [CanBeNull]
         public static string GetIdentityClient([NotNull] this RemoteServiceConfiguration configuration)
         {
             Check.NotNullOrEmpty(configuration, nameof(configuration));
 
-            return configuration.GetOrDefault(IdentityClient);
+            return configuration.GetOrDefault(IdentityClientName);
         }
 
         public static RemoteServiceConfiguration SetIdentityClient([NotNull] this RemoteServiceConfiguration configuration, [CanBeNull] string value)
         {
-            configuration[IdentityClient] = value;
+            configuration[IdentityClientName] = value;
+            return configuration;
+        }
+
+        [CanBeNull]
+        public static bool? GetUseCurrentAccessToken([NotNull] this RemoteServiceConfiguration configuration)
+        {
+            Check.NotNullOrEmpty(configuration, nameof(configuration));
+
+            var value = configuration.GetOrDefault(UseCurrentAccessTokenName);
+            if (value == null)
+            {
+                return null;
+            }
+
+            return bool.Parse(value);
+        }
+
+        public static RemoteServiceConfiguration SetUseCurrentAccessToken([NotNull] this RemoteServiceConfiguration configuration, [CanBeNull] bool? value)
+        {
+            if (value == null)
+            {
+                configuration.Remove(UseCurrentAccessTokenName);
+            }
+            else
+            {
+                configuration[UseCurrentAccessTokenName] = value.Value.ToString().ToLowerInvariant();
+            }
+
             return configuration;
         }
     }

framework/src/Volo.Abp.Http.Client/Volo/Abp/Http/Client/Authentication/RemoteServiceHttpClientAuthenticateContext.cs

@@ -10,14 +10,18 @@ namespace Volo.Abp.Http.Client.Authentication
 
         public RemoteServiceConfiguration RemoteService { get; }
 
+        public string RemoteServiceName { get; }
+
         public RemoteServiceHttpClientAuthenticateContext(
             HttpClient client, 
             HttpRequestMessage request,
-            RemoteServiceConfiguration remoteService)
+            RemoteServiceConfiguration remoteService,
+            string remoteServiceName)
         {
             Client = client;
             Request = request;
             RemoteService = remoteService;
+            RemoteServiceName = remoteServiceName;
         }
     }
 }

framework/src/Volo.Abp.Http.Client/Volo/Abp/Http/Client/DynamicProxying/DynamicHttpProxyInterceptor.cs

@@ -132,7 +132,8 @@ namespace Volo.Abp.Http.Client.DynamicProxying
                     new RemoteServiceHttpClientAuthenticateContext(
                         client,
                         requestMessage,
-                        remoteServiceConfig
+                        remoteServiceConfig,
+                        clientConfig.RemoteServiceName
                     )
                 );
 

framework/src/Volo.Abp.Http/Volo/Abp/Http/AbpHttpModule.cs

@@ -1,5 +1,4 @@
-using Microsoft.Extensions.DependencyInjection;
-using Volo.Abp.Http.ProxyScripting.Configuration;
+using Volo.Abp.Http.ProxyScripting.Configuration;
 using Volo.Abp.Http.ProxyScripting.Generators.JQuery;
 using Volo.Abp.Json;
 using Volo.Abp.Modularity;

framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs

@@ -21,6 +21,21 @@ namespace System.Security.Principal
             return Guid.Parse(userIdOrNull.Value);
         }
 
+        public static Guid? FindUserId([NotNull] this IIdentity identity)
+        {
+            Check.NotNull(identity, nameof(identity));
+
+            var claimsIdentity = identity as ClaimsIdentity;
+
+            var userIdOrNull = claimsIdentity?.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.UserId);
+            if (userIdOrNull == null || userIdOrNull.Value.IsNullOrWhiteSpace())
+            {
+                return null;
+            }
+
+            return Guid.Parse(userIdOrNull.Value);
+        }
+
         public static Guid? FindTenantId([NotNull] this ClaimsPrincipal principal)
         {
             Check.NotNull(principal, nameof(principal));
@@ -34,34 +49,47 @@ namespace System.Security.Principal
             return Guid.Parse(tenantIdOrNull.Value);
         }
 
-        public static Guid? FindUserId([NotNull] this IIdentity identity)
+        public static Guid? FindTenantId([NotNull] this IIdentity identity)
         {
             Check.NotNull(identity, nameof(identity));
 
             var claimsIdentity = identity as ClaimsIdentity;
 
-            var userIdOrNull = claimsIdentity?.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.UserId);
-            if (userIdOrNull == null || userIdOrNull.Value.IsNullOrWhiteSpace())
+            var tenantIdOrNull = claimsIdentity?.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.TenantId);
+            if (tenantIdOrNull == null || tenantIdOrNull.Value.IsNullOrWhiteSpace())
             {
                 return null;
             }
 
-            return Guid.Parse(userIdOrNull.Value);
+            return Guid.Parse(tenantIdOrNull.Value);
         }
 
-        public static Guid? FindTenantId([NotNull] this IIdentity identity)
+        public static string FindClientId([NotNull] this ClaimsPrincipal principal)
+        {
+            Check.NotNull(principal, nameof(principal));
+
+            var clientIdOrNull = principal.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.ClientId);
+            if (clientIdOrNull == null || clientIdOrNull.Value.IsNullOrWhiteSpace())
+            {
+                return null;
+            }
+
+            return clientIdOrNull.Value;
+        }
+
+        public static string FindClientId([NotNull] this IIdentity identity)
         {
             Check.NotNull(identity, nameof(identity));
 
             var claimsIdentity = identity as ClaimsIdentity;
 
-            var tenantIdOrNull = claimsIdentity?.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.TenantId);
-            if (tenantIdOrNull == null || tenantIdOrNull.Value.IsNullOrWhiteSpace())
+            var clientIdOrNull = claimsIdentity?.Claims?.FirstOrDefault(c => c.Type == AbpClaimTypes.ClientId);
+            if (clientIdOrNull == null || clientIdOrNull.Value.IsNullOrWhiteSpace())
             {
                 return null;
             }
 
-            return Guid.Parse(tenantIdOrNull.Value);
+            return clientIdOrNull.Value;
         }
     }
 }

framework/src/Volo.Abp.Security/Volo/Abp/Clients/CurrentClient.cs

@@ -0,0 +1,20 @@
+using System.Security.Principal;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Security.Claims;
+
+namespace Volo.Abp.Clients
+{
+    public class CurrentClient : ICurrentClient, ITransientDependency
+    {
+        public virtual string Id => _principalAccessor.Principal?.FindClientId();
+
+        public virtual bool IsAuthenticated => Id != null;
+
+        private readonly ICurrentPrincipalAccessor _principalAccessor;
+
+        public CurrentClient(ICurrentPrincipalAccessor principalAccessor)
+        {
+            _principalAccessor = principalAccessor;
+        }
+    }
+}

framework/src/Volo.Abp.Security/Volo/Abp/Clients/ICurrentClient.cs

@@ -0,0 +1,9 @@
+namespace Volo.Abp.Clients
+{
+    public interface ICurrentClient
+    {
+        string Id { get; }
+
+        bool IsAuthenticated { get; }
+    }
+}

framework/src/Volo.Abp.Security/Volo/Abp/Security/Claims/AbpClaimTypes.cs

@@ -47,5 +47,10 @@ namespace Volo.Abp.Security.Claims
         /// Default: "phone_number_verified".
         /// </summary>
         public static string TenantId { get; set; } = "tenantid";
+
+        /// <summary>
+        /// Default: "client_id".
+        /// </summary>
+        public static string ClientId { get; set; } = "client_id";
     }
 }

modules/audit-logging/src/Volo.Abp.AuditLogging.Domain.Shared/Volo/Abp/AuditLogging/AuditLogConsts.cs

@@ -6,6 +6,10 @@
 
         public const int MaxClientNameLength = 128;
 
+        public const int MaxClientIdLength = 64;
+
+        public const int MaxCorrelationIdLength = 64;
+
         public const int MaxBrowserInfoLength = 512;
 
         public const int MaxExceptionsLength = 4000;

modules/audit-logging/src/Volo.Abp.AuditLogging.Domain/Volo/Abp/AuditLogging/AuditLog.cs

@@ -30,6 +30,10 @@ namespace Volo.Abp.AuditLogging
 
         public virtual string ClientName { get; protected set; }
 
+        public string ClientId { get; set; }
+
+        public string CorrelationId { get; set; }
+
         public virtual string BrowserInfo { get; protected set; }
 
         public virtual string HttpMethod { get; protected set; }
@@ -61,6 +65,8 @@ namespace Volo.Abp.AuditLogging
             ExecutionDuration = auditInfo.ExecutionDuration;
             ClientIpAddress = auditInfo.ClientIpAddress.Truncate(AuditLogConsts.MaxClientIpAddressLength);
             ClientName = auditInfo.ClientName.Truncate(AuditLogConsts.MaxClientNameLength);
+            ClientId = auditInfo.ClientId.Truncate(AuditLogConsts.MaxClientIdLength);
+            CorrelationId = auditInfo.CorrelationId.Truncate(AuditLogConsts.MaxCorrelationIdLength);
             BrowserInfo = auditInfo.BrowserInfo.Truncate(AuditLogConsts.MaxBrowserInfoLength);
             HttpMethod = auditInfo.HttpMethod.Truncate(AuditLogConsts.MaxHttpMethodLength);
             Url = auditInfo.Url.Truncate(AuditLogConsts.MaxUrlLength);

modules/audit-logging/src/Volo.Abp.AuditLogging.EntityFrameworkCore/Volo/Abp/AuditLogging/EntityFrameworkCore/AbpAuditLoggingtDbContextModelBuilderExtensions.cs

@@ -26,6 +26,8 @@ namespace Volo.Abp.AuditLogging.EntityFrameworkCore
 
                 b.Property(x => x.ClientIpAddress).HasMaxLength(AuditLogConsts.MaxClientIpAddressLength).HasColumnName(nameof(AuditLog.ClientIpAddress));
                 b.Property(x => x.ClientName).HasMaxLength(AuditLogConsts.MaxClientNameLength).HasColumnName(nameof(AuditLog.ClientName));
+                b.Property(x => x.ClientId).HasMaxLength(AuditLogConsts.MaxClientIdLength).HasColumnName(nameof(AuditLog.ClientId));
+                b.Property(x => x.CorrelationId).HasMaxLength(AuditLogConsts.MaxCorrelationIdLength).HasColumnName(nameof(AuditLog.CorrelationId));
                 b.Property(x => x.BrowserInfo).HasMaxLength(AuditLogConsts.MaxBrowserInfoLength).HasColumnName(nameof(AuditLog.BrowserInfo));
                 b.Property(x => x.HttpMethod).HasMaxLength(AuditLogConsts.MaxHttpMethodLength).HasColumnName(nameof(AuditLog.HttpMethod));
                 b.Property(x => x.Url).HasMaxLength(AuditLogConsts.MaxUrlLength).HasColumnName(nameof(AuditLog.Url));

modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs

@@ -60,20 +60,19 @@ namespace Volo.Blogging.Posts
             {
                 if (postDto.CreatorId.HasValue)
                 {
-                    var creatorUser = await UserLookupService.FindByIdAsync(postDto.CreatorId.Value);
-
-                    if (creatorUser != null && !userDictionary.ContainsKey(creatorUser.Id))
+                    if (!userDictionary.ContainsKey(postDto.CreatorId.Value))
                     {
-                        userDictionary.Add(creatorUser.Id, ObjectMapper.Map<BlogUser, BlogUserDto>(creatorUser));
+                        var creatorUser = await UserLookupService.FindByIdAsync(postDto.CreatorId.Value);
+                        if (creatorUser != null)
+                        {
+                            userDictionary[creatorUser.Id] = ObjectMapper.Map<BlogUser, BlogUserDto>(creatorUser);
+                        }
                     }
-                }
-            }
 
-            foreach (var postDto in postDtos)
-            {
-                if (postDto.CreatorId.HasValue && userDictionary.ContainsKey((Guid)postDto.CreatorId))
-                {
-                    postDto.Writer = userDictionary[(Guid)postDto.CreatorId];
+                    if (userDictionary.ContainsKey(postDto.CreatorId.Value))
+                    {
+                        postDto.Writer = userDictionary[(Guid)postDto.CreatorId];
+                    }
                 }
             }
 

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo.Abp.Identity.Application.Contracts.csproj

@@ -19,9 +19,8 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Volo.Abp.Identity.Domain.Shared\Volo.Abp.Identity.Domain.Shared.csproj" />
-
     <ProjectReference Include="..\..\..\permission-management\src\Volo.Abp.PermissionManagement.Application.Contracts\Volo.Abp.PermissionManagement.Application.Contracts.csproj" />
-
+    <ProjectReference Include="..\..\..\users\src\Volo.Abp.Users.Abstractions\Volo.Abp.Users.Abstractions.csproj" />
     <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Authorization\Volo.Abp.Authorization.csproj" />
     <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Ddd.Application\Volo.Abp.Ddd.Application.csproj" />
   </ItemGroup>

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/AbpIdentityApplicationContractsModule.cs

@@ -1,19 +1,22 @@
-using Microsoft.Extensions.DependencyInjection;
-using Volo.Abp.Application;
+using Volo.Abp.Application;
 using Volo.Abp.Authorization;
 using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.Identity.Localization;
 using Volo.Abp.Localization;
 using Volo.Abp.Modularity;
 using Volo.Abp.PermissionManagement;
+using Volo.Abp.Users;
 using Volo.Abp.VirtualFileSystem;
 
 namespace Volo.Abp.Identity
 {
-    [DependsOn(typeof(AbpIdentityDomainSharedModule))]
-    [DependsOn(typeof(AbpAuthorizationModule))]
-    [DependsOn(typeof(AbpDddApplicationModule))]
-    [DependsOn(typeof(AbpPermissionManagementApplicationContractsModule))]
+    [DependsOn(
+        typeof(AbpIdentityDomainSharedModule),
+        typeof(AbpUsersAbstractionModule),
+        typeof(AbpAuthorizationModule),
+        typeof(AbpDddApplicationModule),
+        typeof(AbpPermissionManagementApplicationContractsModule)
+        )]
     public class AbpIdentityApplicationContractsModule : AbpModule
     {
         public override void ConfigureServices(ServiceConfigurationContext context)

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/IIdentityUserLookupAppService.cs

@@ -0,0 +1,14 @@
+using System;
+using System.Threading.Tasks;
+using Volo.Abp.Application.Services;
+using Volo.Abp.Users;
+
+namespace Volo.Abp.Identity
+{
+    public interface IIdentityUserLookupAppService : IApplicationService
+    {
+        Task<UserData> FindByIdAsync(Guid id);
+
+        Task<UserData> FindByUserNameAsync(string userName);
+    }
+}

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/IdentityPermissionDefinitionProvider.cs

@@ -21,6 +21,8 @@ namespace Volo.Abp.Identity
             usersPermission.AddChild(IdentityPermissions.Users.Update, L("Permission:Edit"));
             usersPermission.AddChild(IdentityPermissions.Users.Delete, L("Permission:Delete"));
             usersPermission.AddChild(IdentityPermissions.Users.ManagePermissions, L("Permission:ChangePermissions"));
+
+            identityGroup.AddPermission(IdentityPermissions.UserLookup.Default, L("Permission:UserLookup"));
         }
 
         private static LocalizableString L(string name)

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/IdentityPermissions.cs

@@ -22,6 +22,11 @@
             public const string ManagePermissions = Default + ".ManagePermissions";
         }
 
+        public static class UserLookup
+        {
+            public const string Default = GroupName + ".UserLookup";
+        }
+
         public static string[] GetAll()
         {
             return new[]

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/Localization/ApplicationContracts/en.json

@@ -7,6 +7,7 @@
     "Permission:Edit": "Edit",
     "Permission:Delete": "Delete",
     "Permission:ChangePermissions": "Change permissions",
-    "Permission:UserManagement": "User management"
+    "Permission:UserManagement": "User management",
+    "Permission:UserLookup": "User lookup"
   }
 }

modules/identity/src/Volo.Abp.Identity.Application.Contracts/Volo/Abp/Identity/Localization/ApplicationContracts/tr.json

@@ -7,6 +7,7 @@
     "Permission:Edit": "Düzenleme",
     "Permission:Delete": "Silme",
     "Permission:ChangePermissions": "İzinleri değiştirme",
-    "Permission:UserManagement": "Kullanıcı yönetimi"
+    "Permission:UserManagement": "Kullanıcı yönetimi",
+    "Permission:UserLookup": "Kullanıcı sorgulama"
   }
 }

modules/identity/src/Volo.Abp.Identity.Application/Volo/Abp/Identity/IdentityUserLookupAppService.cs

@@ -0,0 +1,41 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Volo.Abp.Users;
+
+namespace Volo.Abp.Identity
+{
+    [Authorize(IdentityPermissions.UserLookup.Default)]
+    public class IdentityUserLookupAppService : IdentityAppServiceBase, IIdentityUserLookupAppService
+    {
+        protected IdentityUserRepositoryExternalUserLookupServiceProvider UserLookupServiceProvider { get; }
+
+        public IdentityUserLookupAppService(
+            IdentityUserRepositoryExternalUserLookupServiceProvider userLookupServiceProvider)
+        {
+            UserLookupServiceProvider = userLookupServiceProvider;
+        }
+
+        public virtual async Task<UserData> FindByIdAsync(Guid id)
+        {
+            var userData = await UserLookupServiceProvider.FindByIdAsync(id);
+            if (userData == null)
+            {
+                return null;
+            }
+
+            return new UserData(userData);
+        }
+
+        public virtual async Task<UserData> FindByUserNameAsync(string userName)
+        {
+            var userData = await UserLookupServiceProvider.FindByUserNameAsync(userName);
+            if (userData == null)
+            {
+                return null;
+            }
+
+            return new UserData(userData);
+        }
+    }
+}

modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/IdentityUserRepositoryExternalUserLookupServiceProvider.cs

@@ -30,7 +30,7 @@ namespace Volo.Abp.Identity
                     includeDetails: false,
                     cancellationToken: cancellationToken
                 )
-            ).ToAbpUserData();
+            )?.ToAbpUserData();
         }
 
         public async Task<IUserData> FindByUserNameAsync(
@@ -43,7 +43,7 @@ namespace Volo.Abp.Identity
                     includeDetails: false,
                     cancellationToken: cancellationToken
                 )
-            ).ToAbpUserData();
+            )?.ToAbpUserData();
         }
     }
 }

modules/identity/src/Volo.Abp.Identity.HttpApi.Client/Volo.Abp.Identity.HttpApi.Client.csproj

@@ -15,9 +15,6 @@
 
   <ItemGroup>
     <ProjectReference Include="..\Volo.Abp.Identity.Application.Contracts\Volo.Abp.Identity.Application.Contracts.csproj" />
-
-    <ProjectReference Include="..\..\..\users\src\Volo.Abp.Users.Abstractions\Volo.Abp.Users.Abstractions.csproj" />
-    
     <ProjectReference Include="..\..\..\..\framework\src\Volo.Abp.Http.Client\Volo.Abp.Http.Client.csproj" />
   </ItemGroup>
 

modules/identity/src/Volo.Abp.Identity.HttpApi.Client/Volo/Abp/Identity/AbpIdentityHttpApiClientModule.cs

@@ -1,13 +1,11 @@
 using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.Http.Client;
 using Volo.Abp.Modularity;
-using Volo.Abp.Users;
 
 namespace Volo.Abp.Identity
 {
     [DependsOn(
         typeof(AbpIdentityApplicationContractsModule),
-        typeof(AbpUsersAbstractionModule),
         typeof(AbpHttpClientModule))]
     public class AbpIdentityHttpApiClientModule : AbpModule
     {

modules/identity/src/Volo.Abp.Identity.HttpApi.Client/Volo/Abp/Identity/HttpClientIdentityUserLookupService.cs

@@ -1,5 +1,4 @@
 using System;
-using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using Volo.Abp.DependencyInjection;
@@ -10,24 +9,21 @@ namespace Volo.Abp.Identity
     [Dependency(TryRegister = true)]
     public class HttpClientExternalUserLookupServiceProvider : IExternalUserLookupServiceProvider, ITransientDependency
     {
-        private readonly IIdentityUserAppService _userAppService;
+        private readonly IIdentityUserLookupAppService _userLookupAppService;
 
-        public HttpClientExternalUserLookupServiceProvider(IIdentityUserAppService userAppService)
+        public HttpClientExternalUserLookupServiceProvider(IIdentityUserLookupAppService userLookupAppService)
         {
-            _userAppService = userAppService;
+            _userLookupAppService = userLookupAppService;
         }
 
         public async Task<IUserData> FindByIdAsync(Guid id, CancellationToken cancellationToken = default)
         {
-            //TODO: Should return null if not found!
-            return (await _userAppService.GetAsync(id)).ToUserInfo();
+            return await _userLookupAppService.FindByIdAsync(id);
         }
 
         public async Task<IUserData> FindByUserNameAsync(string userName, CancellationToken cancellationToken = default)
         {
-            //TODO: Should return null if not found!
-            //TODO: Search by UserName, not by a general filter!
-            return (await _userAppService.GetListAsync(new GetIdentityUsersInput { Filter = userName })).Items.FirstOrDefault()?.ToUserInfo();
+            return await _userLookupAppService.FindByUserNameAsync(userName);
         }
     }
 }

modules/identity/src/Volo.Abp.Identity.HttpApi/Volo/Abp/Identity/IdentityUserLookupController.cs

@@ -0,0 +1,36 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Volo.Abp.AspNetCore.Mvc;
+using Volo.Abp.Users;
+
+namespace Volo.Abp.Identity
+{
+    [RemoteService]
+    [Area("identity")]
+    [ControllerName("UserLookup")]
+    [Route("api/identity/user-lookup")]
+    public class IdentityUserLookupController : AbpController, IIdentityUserLookupAppService
+    {
+        protected IIdentityUserLookupAppService LookupAppService { get; }
+
+        public IdentityUserLookupController(IIdentityUserLookupAppService lookupAppService)
+        {
+            LookupAppService = lookupAppService;
+        }
+
+        [HttpGet]
+        [Route("{id}")]
+        public Task<UserData> FindByIdAsync(Guid id)
+        {
+            return LookupAppService.FindByIdAsync(id);
+        }
+
+        [HttpGet]
+        [Route("by-username/{userName}")]
+        public Task<UserData> FindByUserNameAsync(string userName)
+        {
+            return LookupAppService.FindByUserNameAsync(userName);
+        }
+    }
+}

modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/RolePermissionManagementProvider.cs

@@ -36,7 +36,7 @@ namespace Volo.Abp.PermissionManagement.Identity
                 );
             }
 
-            if (providerName == "User")
+            if (providerName == UserPermissionValueProvider.ProviderName)
             {
                 var userId = Guid.Parse(providerKey);
                 var roleNames = await _userRoleFinder.GetRolesAsync(userId);

modules/identity/src/Volo.Abp.PermissionManagement.Domain.Identity/Volo/Abp/PermissionManagement/Identity/UserPermissionManagementProvider.cs

@@ -8,8 +8,8 @@ namespace Volo.Abp.PermissionManagement.Identity
     {
         public override string Name => UserPermissionValueProvider.ProviderName;
 
-        public UserPermissionManagementProvider(IPermissionGrantRepository 
-            permissionGrantRepository, 
+        public UserPermissionManagementProvider(
+            IPermissionGrantRepository permissionGrantRepository, 
             IGuidGenerator guidGenerator,
             ICurrentTenant currentTenant) 
             : base(

modules/identityserver/Volo.Abp.IdentityServer.sln

@@ -21,7 +21,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Volo.Abp.IdentityServer.Tes
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Volo.Abp.IdentityServer.MongoDB.Tests", "test\Volo.Abp.IdentityServer.MongoDB.Tests\Volo.Abp.IdentityServer.MongoDB.Tests.csproj", "{2E18B471-7FCA-497B-90FF-6AA9172CC62F}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Volo.Abp.IdentityServer.Domain.Tests", "test\Volo.Abp.IdentityServer.Domain.Tests\Volo.Abp.IdentityServer.Domain.Tests.csproj", "{0680D0B6-51C0-4812-8A0B-192FDE717E60}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Volo.Abp.IdentityServer.Domain.Tests", "test\Volo.Abp.IdentityServer.Domain.Tests\Volo.Abp.IdentityServer.Domain.Tests.csproj", "{0680D0B6-51C0-4812-8A0B-192FDE717E60}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Volo.Abp.PermissionManagement.Domain.IdentityServer", "src\Volo.Abp.PermissionManagement.Domain.IdentityServer\Volo.Abp.PermissionManagement.Domain.IdentityServer.csproj", "{072BD630-FB89-45FC-BA2D-12A9745AAB93}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -61,6 +63,10 @@ Global
 		{0680D0B6-51C0-4812-8A0B-192FDE717E60}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{0680D0B6-51C0-4812-8A0B-192FDE717E60}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{0680D0B6-51C0-4812-8A0B-192FDE717E60}.Release|Any CPU.Build.0 = Release|Any CPU
+		{072BD630-FB89-45FC-BA2D-12A9745AAB93}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{072BD630-FB89-45FC-BA2D-12A9745AAB93}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{072BD630-FB89-45FC-BA2D-12A9745AAB93}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{072BD630-FB89-45FC-BA2D-12A9745AAB93}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -74,6 +80,7 @@ Global
 		{9CD1BFDB-DD76-4194-ACAD-A64541AC2069} = {2C792EC1-BA27-44ED-B7CC-D0939553F1B2}
 		{2E18B471-7FCA-497B-90FF-6AA9172CC62F} = {2C792EC1-BA27-44ED-B7CC-D0939553F1B2}
 		{0680D0B6-51C0-4812-8A0B-192FDE717E60} = {2C792EC1-BA27-44ED-B7CC-D0939553F1B2}
+		{072BD630-FB89-45FC-BA2D-12A9745AAB93} = {59A0FC0F-EA6D-477B-84A7-3B1E41B4C858}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {45562023-C330-4060-A583-2BA10F472D3D}

modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo.Abp.PermissionManagement.Domain.IdentityServer.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <Import Project="..\..\..\..\common.props" />
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <AssemblyName>Volo.Abp.PermissionManagement.Domain.IdentityServer</AssemblyName>
+    <PackageId>Volo.Abp.PermissionManagement.Domain.IdentityServer</PackageId>
+    <AssetTargetFallback>$(AssetTargetFallback);portable-net45+win8+wp8+wpa81;</AssetTargetFallback>
+    <GenerateAssemblyConfigurationAttribute>false</GenerateAssemblyConfigurationAttribute>
+    <GenerateAssemblyCompanyAttribute>false</GenerateAssemblyCompanyAttribute>
+    <GenerateAssemblyProductAttribute>false</GenerateAssemblyProductAttribute>
+    <RootNamespace />
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Volo.Abp.IdentityServer.Domain.Shared\Volo.Abp.IdentityServer.Domain.Shared.csproj" />
+    <ProjectReference Include="..\..\..\permission-management\src\Volo.Abp.PermissionManagement.Domain\Volo.Abp.PermissionManagement.Domain.csproj" />
+  </ItemGroup>
+
+</Project>

modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs

@@ -0,0 +1,18 @@
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Modularity;
+
+namespace Volo.Abp.PermissionManagement.IdentityServer
+{
+    public class AbpPermissionManagementDomainIdentityServerModule : AbpModule
+    {
+        public override void ConfigureServices(ServiceConfigurationContext context)
+        {
+            Configure<PermissionManagementOptions>(options =>
+            {
+                options.ManagementProviders.Add<ClientPermissionManagementProvider>();
+
+                options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = "IdentityServer.Client.ManagePermissions";
+            });
+        }
+    }
+}

modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/ClientPermissionManagementProvider.cs

@@ -0,0 +1,23 @@
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Guids;
+using Volo.Abp.MultiTenancy;
+
+namespace Volo.Abp.PermissionManagement.IdentityServer
+{
+    public class ClientPermissionManagementProvider : PermissionManagementProvider
+    {
+        public override string Name => ClientPermissionValueProvider.ProviderName;
+
+        public ClientPermissionManagementProvider(
+            IPermissionGrantRepository permissionGrantRepository,
+            IGuidGenerator guidGenerator,
+            ICurrentTenant currentTenant)
+            : base(
+                permissionGrantRepository,
+                guidGenerator,
+                currentTenant)
+        {
+
+        }
+    }
+}

modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Localization;
@@ -51,6 +52,11 @@ namespace Volo.Abp.PermissionManagement
 
                 foreach (var permission in group.GetPermissionsWithChildren())
                 {
+                    if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+                    {
+                        continue;
+                    }
+
                     var grantInfoDto = new PermissionGrantInfoDto
                     {
                         Name = permission.Name,
@@ -75,7 +81,10 @@ namespace Volo.Abp.PermissionManagement
                     groupDto.Permissions.Add(grantInfoDto);
                 }
 
-                result.Groups.Add(groupDto);
+                if (groupDto.Permissions.Any())
+                {
+                    result.Groups.Add(groupDto);
+                }
             }
 
             return result;
@@ -85,9 +94,16 @@ namespace Volo.Abp.PermissionManagement
         {
             await CheckProviderPolicy(providerName);
 
-            foreach (var permission in input.Permissions)
+            foreach (var permissionDto in input.Permissions)
             {
-                await _permissionManager.SetAsync(permission.Name, providerName, providerKey, permission.IsGranted);
+                var permissionDefinition = _permissionDefinitionManager.Get(permissionDto.Name);
+                if (permissionDefinition.Providers.Any() && 
+                    !permissionDefinition.Providers.Contains(providerName))
+                {
+                    throw new ApplicationException($"The permission named '{permissionDto.Name}' has not compatible with the provider named '{providerName}'");
+                }
+
+                await _permissionManager.SetAsync(permissionDto.Name, providerName, providerKey, permissionDto.IsGranted);
             }
         }
 

modules/users/src/Volo.Abp.Users.Abstractions/Volo/Abp/Users/UserData.cs

@@ -28,6 +28,19 @@ namespace Volo.Abp.Users
 
         }
 
+        public UserData(IUserData userData)
+        {
+            Id = userData.Id;
+            UserName = userData.UserName;
+            Email = userData.Email;
+            Name = userData.Name;
+            Surname = userData.Surname;
+            EmailConfirmed = userData.EmailConfirmed;
+            PhoneNumber = userData.PhoneNumber;
+            PhoneNumberConfirmed = userData.PhoneNumberConfirmed;
+            TenantId = userData.TenantId;
+        }
+
         public UserData(
             Guid id,
             [NotNull] string userName,

nupkg/common.ps1

@@ -140,6 +140,7 @@ $projects = (
     # modules/identityserver
     "modules/identityserver/src/Volo.Abp.IdentityServer.Domain.Shared",
     "modules/identityserver/src/Volo.Abp.IdentityServer.Domain",
+    "modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer",
     "modules/identityserver/src/Volo.Abp.IdentityServer.EntityFrameworkCore", 
     "modules/identityserver/src/Volo.Abp.IdentityServer.MongoDB",
 

samples/MicroserviceDemo/applications/AuthServer.Host/Migrations/20190208210234_Added_ClientId_And_CorrelationId_To_AuditLogs.cs

@@ -0,0 +1,72 @@
+using System.Reflection.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace AuthServer.Host.Migrations
+{
+    public partial class Added_ClientId_And_CorrelationId_To_AuditLogs : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropPrimaryKey(
+                "PK_IdentityServerClientPostLogoutRedirectUris",
+                "IdentityServerClientPostLogoutRedirectUris"
+            );
+
+            migrationBuilder.AlterColumn<string>(
+                name: "PostLogoutRedirectUri",
+                table: "IdentityServerClientPostLogoutRedirectUris",
+                maxLength: 200,
+                nullable: false,
+                oldClrType: typeof(string),
+                oldMaxLength: 2000);
+
+            migrationBuilder.AddPrimaryKey(
+                "PK_IdentityServerClientPostLogoutRedirectUris",
+                "IdentityServerClientPostLogoutRedirectUris",
+                new[] {"ClientId", "PostLogoutRedirectUri"}
+            );
+
+            migrationBuilder.AddColumn<string>(
+                name: "ClientId",
+                table: "AbpAuditLogs",
+                maxLength: 64,
+                nullable: true);
+
+            migrationBuilder.AddColumn<string>(
+                name: "CorrelationId",
+                table: "AbpAuditLogs",
+                maxLength: 64,
+                nullable: true);
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "ClientId",
+                table: "AbpAuditLogs");
+
+            migrationBuilder.DropColumn(
+                name: "CorrelationId",
+                table: "AbpAuditLogs");
+
+            migrationBuilder.DropPrimaryKey(
+                "PK_IdentityServerClientPostLogoutRedirectUris",
+                "IdentityServerClientPostLogoutRedirectUris"
+            );
+
+            migrationBuilder.AlterColumn<string>(
+                name: "PostLogoutRedirectUri",
+                table: "IdentityServerClientPostLogoutRedirectUris",
+                maxLength: 2000,
+                nullable: false,
+                oldClrType: typeof(string),
+                oldMaxLength: 200);
+
+            migrationBuilder.AddPrimaryKey(
+                "PK_IdentityServerClientPostLogoutRedirectUris",
+                "IdentityServerClientPostLogoutRedirectUris",
+                new[] { "ClientId", "PostLogoutRedirectUri" }
+            );
+        }
+    }
+}

samples/MicroserviceDemo/applications/AuthServer.Host/Migrations/AuthServerDbContextModelSnapshot.cs

@@ -28,6 +28,10 @@ namespace AuthServer.Host.Migrations
                         .HasColumnName("BrowserInfo")
                         .HasMaxLength(512);
 
+                    b.Property<string>("ClientId")
+                        .HasColumnName("ClientId")
+                        .HasMaxLength(64);
+
                     b.Property<string>("ClientIpAddress")
                         .HasColumnName("ClientIpAddress")
                         .HasMaxLength(64);
@@ -42,6 +46,10 @@ namespace AuthServer.Host.Migrations
 
                     b.Property<string>("ConcurrencyStamp");
 
+                    b.Property<string>("CorrelationId")
+                        .HasColumnName("CorrelationId")
+                        .HasMaxLength(64);
+
                     b.Property<string>("Exceptions")
                         .HasColumnName("Exceptions")
                         .HasMaxLength(4000);
@@ -753,7 +761,7 @@ namespace AuthServer.Host.Migrations
                     b.Property<Guid>("ClientId");
 
                     b.Property<string>("PostLogoutRedirectUri")
-                        .HasMaxLength(2000);
+                        .HasMaxLength(200);
 
                     b.HasKey("ClientId", "PostLogoutRedirectUri");
 

samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGateway.Host.csproj

@@ -27,6 +27,7 @@
     <ProjectReference Include="..\..\..\..\modules\identity\src\Volo.Abp.Identity.HttpApi\Volo.Abp.Identity.HttpApi.csproj" />
     <ProjectReference Include="..\..\..\..\modules\identity\src\Volo.Abp.Identity.HttpApi.Client\Volo.Abp.Identity.HttpApi.Client.csproj" />
     <ProjectReference Include="..\..\..\..\modules\identity\src\Volo.Abp.PermissionManagement.Domain.Identity\Volo.Abp.PermissionManagement.Domain.Identity.csproj" />
+    <ProjectReference Include="..\..\..\..\modules\identityserver\src\Volo.Abp.PermissionManagement.Domain.IdentityServer\Volo.Abp.PermissionManagement.Domain.IdentityServer.csproj" />
     <ProjectReference Include="..\..\..\..\modules\permission-management\src\Volo.Abp.PermissionManagement.Application\Volo.Abp.PermissionManagement.Application.csproj" />
     <ProjectReference Include="..\..\..\..\modules\permission-management\src\Volo.Abp.PermissionManagement.HttpApi\Volo.Abp.PermissionManagement.HttpApi.csproj" />
     <ProjectReference Include="..\..\..\..\modules\permission-management\src\Volo.Abp.PermissionManagement.EntityFrameworkCore\Volo.Abp.PermissionManagement.EntityFrameworkCore.csproj" />

samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGatewayHostModule.cs

@@ -14,6 +14,7 @@ using Volo.Abp.PermissionManagement;
 using Volo.Abp.PermissionManagement.EntityFrameworkCore;
 using Volo.Abp.PermissionManagement.HttpApi;
 using Volo.Abp.PermissionManagement.Identity;
+using Volo.Abp.PermissionManagement.IdentityServer;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.SettingManagement.EntityFrameworkCore;
 using Volo.Blogging;
@@ -31,7 +32,8 @@ namespace BackendAdminAppGateway.Host
         typeof(AbpPermissionManagementHttpApiModule),
         typeof(AbpSettingManagementEntityFrameworkCoreModule),
         typeof(BloggingApplicationContractsModule),
-        typeof(AbpPermissionManagementDomainIdentityModule)
+        typeof(AbpPermissionManagementDomainIdentityModule),
+        typeof(AbpPermissionManagementDomainIdentityServerModule)
         )]
     public class BackendAdminAppGatewayHostModule : AbpModule
     {

samples/MicroserviceDemo/microservices/BloggingService.Host/appsettings.json

@@ -9,7 +9,17 @@
   },
   "RemoteServices": {
     "Default": {
-      "BaseUrl": "http://localhost:65129/"
+      "BaseUrl": "http://localhost:65129/",
+      "UseCurrentAccessToken": "false"
+    }
+  },
+  "IdentityClients": {
+    "Default": {
+      "GrantType": "client_credentials",
+      "ClientId": "blogging-service-client",
+      "ClientSecret": "1q2w3e*",
+      "Authority": "http://localhost:64999",
+      "Scope": "InternalGateway IdentityService"
     }
   },
   "Redis": {