GodelTech.Microservices.Security 8.1.0

dotnet add package GodelTech.Microservices.Security --version 8.1.0                
NuGet\Install-Package GodelTech.Microservices.Security -Version 8.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="GodelTech.Microservices.Security" Version="8.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add GodelTech.Microservices.Security --version 8.1.0                
#r "nuget: GodelTech.Microservices.Security, 8.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install GodelTech.Microservices.Security as a Cake Addin
#addin nuget:?package=GodelTech.Microservices.Security&version=8.1.0

// Install GodelTech.Microservices.Security as a Cake Tool
#tool nuget:?package=GodelTech.Microservices.Security&version=8.1.0                

GodelTech.Microservices.Security

Overview

GodelTech.Microservices.Security contains initializer responsible for REST API endpoint security configuration.

Quick Start

REST API Security

In order to configure REST API security Startup.cs and application configuration files must be updated. Startup class must use ApiSecurityInitializer. The following snippet demonstrates one of possible options how to Startup may look like:

    public class Startup : MicroserviceStartup
    {
        public Startup(IConfiguration configuration) 
            : base(configuration)
        {

        }

        protected override IEnumerable<IMicroserviceInitializer> CreateInitializers()
        {
            yield return new DeveloperExceptionPageInitializer(Configuration);
            yield return new HstsInitializer();

            yield return new GenericInitializer(null, (app, _) => app.UseRouting());

            yield return new ApiSecurityInitializer(
                options => Configuration.Bind("ApiSecurityOptions", options),
                new PolicyFactory()
            );

            yield return new ApiInitializer(Configuration);
        }
    }

PolicyFactory class:

    public class PolicyFactory : IAuthorizationPolicyFactory
    {
        public IReadOnlyDictionary<string, AuthorizationPolicy> Create()
        {
            return new Dictionary<string, AuthorizationPolicy>
            {
                ["add"] = GetAuthorizationPolicy("fake.add"),
                ["edit"] = GetAuthorizationPolicy("fake.edit"),
                ["delete"] = GetAuthorizationPolicy("fake.delete")
            };
        }

        private static AuthorizationPolicy GetAuthorizationPolicy(string requiredScope)
        {
            var policyBuilder = new AuthorizationPolicyBuilder();

            policyBuilder.RequireAuthenticatedUser();
            policyBuilder.RequireClaim("scope", requiredScope);

            return policyBuilder.Build();
        }
    }

Configuration file may have configuration section similar to this:

  "ApiSecurityOptions": {
    "RequireHttpsMetadata": false,
    "Authority": "https://localhost:44300",
    "Issuer": "https://localhost:44300",
    "Audience": "DemoApi",
    "TokenValidation": {
      "ValidateAudience": true
    }
  }

NOTE: You controller or method must be decorated with [Authorize] attribute which has policy name specified. Here is how it may look like:

    [Authorize]
    [Route("fakes")]
    [ApiController]
    public class FakeController : ControllerBase
    {
        [HttpGet]
        [ProducesResponseType(typeof(IList<FakeModel>), StatusCodes.Status200OK)]
        public IActionResult GetList()
        {
            ...
        }

        [HttpGet("{id:int}")]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        [ProducesResponseType(typeof(FakeModel), StatusCodes.Status200OK)]
        public IActionResult Get(int id)
        {
            ...
        }

        [Authorize("add")]
        [HttpPost]
        [ProducesResponseType(typeof(FakeModel), StatusCodes.Status201Created)]
        public IActionResult Post([FromBody] FakePostModel model)
        {
            ...
        }
    }

UI Security

In order to configure UI security Startup.cs file needs to be updated. UiSecurityInitializer must be added to list of initializers. Here is example how your Startup class may look like:

    public class Startup : MicroserviceStartup
    {
        public Startup(IConfiguration configuration)
            : base(configuration)
        {

        }

        protected override IEnumerable<IMicroserviceInitializer> CreateInitializers()
        {
            yield return new DeveloperExceptionPageInitializer();
            yield return new ExceptionHandlerInitializer("/Home/Error");
            yield return new HstsInitializer();

            yield return new GenericInitializer(null, (app, _) => app.UseStaticFiles());

            yield return new GenericInitializer(null, (app, _) => app.UseRouting());

            yield return new UiSecurityInitializer(
                options => Configuration.Bind("UiSecurityOptions", options)
            );

            yield return new MvcInitializer();
        }
    }

The following configuration secription need to be added to appsettings.json:

  "UiSecurityOptions": {
    "Authority": "https://localhost:44300",
    "Issuer": "https://localhost:44300",
    "ClientId": "Mvc",
    "ClientSecret": "secret",
    "RequireHttpsMetadata": false,
    "Scopes": [
      "openid",
      "profile",
      "offline_access",
      "api"
    ]
  }

NOTE: You need to decorate your MVC / Razor Pages controllers with [Authorize] attribute or apply corresponding conventions by creating subclass of RazorPagesInitializer.

Configuration Options

ApiSecurityInitializer uses ApiSecurityOptions class. Full list of settings can be found in the following snippet:

  "ApiSecurityOptions": {
    "RequireHttpsMetadata": false,
    "Authority": "https://localhost:44300",
    "Issuer": "https://localhost:44300",
    "Audience": "DemoApi",
    "TokenValidation": {
      "ValidateAudience": true,
      "ValidateIssuer": true,
      "ValidateIssuerSigningKey": true,
      "ValidateLifetime": true
    },
    "SaveToken": true,
    "IncludeErrorDetails": true
  }

IMPORTANT: By default all validation and security restrictions are turned ON.

UiSecurityInitializer uses UiSecurityOptions class. Full list of settings can be found in the following snippet:

  "UiSecurityOptions": {
    "Authority": "https://localhost:44300",
    "Issuer": "https://localhost:44300",
    "ClientId": "Mvc",
    "ClientSecret": "secret",
    "GetClaimsFromUserInfoEndpoint": true,
    "RequireHttpsMetadata": false,
    "ResponseType": "code",
    "Scopes": [
      "openid",
      "profile",
      "offline_access",
      "api"
    ],
    "UsePkce": true,
    "PublicAuthorityUri": "https://localhost:44300",
    "SaveTokens": true
  }

NOTE: PublicAuthorityUri specific public address of identity provider. This setting might be useful when server-to-server communication happens within internal network (Kubernetes, docker-compose) but user uses public address to navigate to service.

The following resources might be useful to understand internals of current project:

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
8.1.0 211 7/2/2024
8.0.1 1,479 1/20/2024
8.0.0 125 1/18/2024
3.0.0 3,329 10/18/2023
2.7.0 4,809 11/2/2022
2.6.0 414 10/18/2022
2.4.0 4,294 7/7/2022
2.3.0 590 4/4/2022
2.2.0 466 4/3/2022
2.0.0 480 2/21/2022
1.3.0 5,889 3/21/2021
1.2.0 1,487 9/11/2020
1.1.0 485 7/31/2020
1.0.0 517 7/25/2020
0.0.1 499 7/21/2020