Add IdentitySession infrastructure.

[maliming]

No description provided.

[codecov]

Codecov Report

Attention: Patch coverage is 14.33824% with 233 lines in your changes are missing coverage. Please review.

Project coverage is 51.48%. Comparing base (60f1823) to head (09cd2a9).
Report is 45 commits behind head on dev.

Files	Patch %	Lines
...entity.Domain/Volo/Abp/Identity/IdentitySession.cs	0.00%	54 Missing ⚠️
...Identity/MongoDB/MongoIdentitySessionRepository.cs	0.00%	43 Missing ⚠️
...tyFrameworkCore/EfCoreIdentitySessionRepository.cs	0.00%	39 Missing ⚠️
.../WebClientInfo/HttpContextWebClientInfoProvider.cs	0.00%	20 Missing ⚠️
.../Security/Principal/AbpClaimsIdentityExtensions.cs	0.00%	17 Missing ⚠️
...Core/Security/Claims/AbpDynamicClaimsMiddleware.cs	0.00%	16 Missing ⚠️
...ty/AspNetCore/AbpSecurityStampValidatorCallback.cs	0.00%	11 Missing ⚠️
...re/VirtualFileSystem/NullWebContentFileProvider.cs	0.00%	9 Missing ⚠️
...p.Security/Volo/Abp/Users/CurrentUserExtensions.cs	0.00%	8 Missing ⚠️
...entity/AspNetCore/AbpRefreshingPrincipalOptions.cs	0.00%	8 Missing ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##              dev   #18242      +/-   ##
==========================================
- Coverage   51.57%   51.48%   -0.10%     
==========================================
  Files        3098     3106       +8     
  Lines       98540    98847     +307     
  Branches     7878     7897      +19     
==========================================
+ Hits        50823    50890      +67     
- Misses      46152    46395     +243     
+ Partials     1565     1562       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[aldhamdy]

dose this capable of managing session for mobile app scenarios.
ex:
if user logged in from a new device we force him/her for 2FA and save unique id of the device.
next time user logged in from previously registered device, system does not require 2FA.
also need to allow user to only have 1 concurrent session.

Cloud please help how can we implement this strategy.

[maliming]

This is a different business. The session will currently be designed to Prevent concurrent login and manage user sessions

[aldhamdy]

This is a different business. The session will currently be designed to Prevent concurrent login and manage user sessions

We can use the session history for the user to check if this user has previously succeeded session from the same device then we don't require 2FA.

I think the right module to implement this is the openidconnect, but we need the session entity to store the unique terminal/browser/mobile id.

after that we can edit the token handler in openidconnect to check for existing sessions for the same user & device-id so no need to force 2FA.
Also it will be linked to the same option of 2FA (remember browser).