AuthorizationHub.Data.SqlServer 1.0.2

AuthorizationHub

Overview

AuthorizationHub adds a user interface to your existing ASP.net application, so you can manage users, groups, and roles. More importantly, it allows you to build an organizational tree that can be transformed into claims and used in authorization policies.

Turn Organizational Trees Into Claims

The power of AuthorizationHub is that the tenants, groups, and roles a user is related to, become identity claims as the user�s request gets processed inside the ASP.net core pipeline. Those claims are specific to your application and can be used in Authorization Policies. This neatly aligns with the security model in ASP.net core. It means you can change who can perform operations in your application by changing the user�s role and group memberships. There�s no need to make code changes and redeploy web applications.

Database Options

MS SQL Server, and coming soon SQLite and Postgres.

These options give you the ability to choose a database provider that fits with your existing databases, and the performance profile of your application. We never take your data.

Why Create Another UI?

We get it. Your team has better things to do. We made a UI to help you manage users, groups, roles, and tenants. Just pick a route in your own web application, we�ll provide the UI, and stay out of your way.

We Love Application Admins

Managing users, groups, and roles for an application can be a giant time sink, and it should be as easy as possible. AuthorizationHub supports nested groups and allows users to be part of multiple tenants. Even better, changes to users can be scheduled before they need to take effect. That means that application administrators will spend less time doing data entry and do it when they want to.

Installation

AuthorizationHub is available as a NuGet package. You can install it using the NuGet Package Console window:

PM> Install-Package AuthorizationHub

After installation, update your Program.cs file.

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthorizationHub();  // Sets up DI and needed authorization policies.
builder.Services.AddSQLServerToAuthorizationHub();  // Configures AuthorizationHub to use SQL Server

var app = builder.Build();

app.UseRouting();
app.UseAuthorization();

app.UseAuthorizationHubUI();  // Adds routes for UI and rest endpoints.

app.Run();

Configuration

Configuration for AuthorizationHub is made in the App.Config file. Create a configuration section named, "AuthorizationHubOptions".

If you want to use SQL Server, create a database to save the organizational tree data. In the app.config file, add a section matching the one below. Put a valid connection string in the "SqlConnection" property.

  "AuthorizationHubOptions": {
    "SqlServerConnection": "Server=localhost;Database=AuthorizationHub;User ID=;Password=;MultipleActiveResultSets=true;TrustServerCertificate=True",
    "Administrators": [
      "b52d1aef-cf08-41dc-8e39-be197be6874c",
      "0478bd7d-9ae8-4657-8d58-2b418f00cab7"
    ],
    "LicenseKey": "xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xx"
  }

AuthorizationHub administrators are defined in the configuration section. Any user in your identity store can be added to the configuration file. Use the value associated with the "nameIdentifier" claim for the user. Add it to the list of values associated with the "Administrators" property. In the case of using Microsoft's ASP.NET Core Identity features, you can get the "Id" value from the AspNetUsers table.

A license key in required to use AuthorizationHub, so enter it in the "LicenseKey" property.

Advanced Setup

If your web application has been configured to redirect unauthenticated requests to a login page, AuthorizationHub's rest endpoints will do the same if an unauthenticated user makes a request. If you wish to correct the problem, you can add the following code to your Program.cs file.

builder.Services.ConfigureApplicationCookie(_ => 
{
    _.Events.OnRedirectToLogin = context =>
    {
        var options = new AuthorizationHub.UI.Configuration.Options();
        
        if (context.Request.Path.Value.StartsWith(options.ApiPath))
        {
            context.Response.Headers["Location"] = context.RedirectUri;
            context.Response.StatusCode = 401;
        }

        return Task.CompletedTask;
    };
});

Quickstart Tip

Developers using Microsoft's ASP.NET Core Identity feature can use a SQL script to populate the users in AuthorizationHub.

INSERT INTO AuthorizationHub.dbo.Party (PartyType, DisplayName, [Description], ExternalId, IsRoot)
SELECT 1, NormalizedUserName, NormalizedUserName, Id, 0 FROM AspNetUsers
LEFT JOIN AuthorizationHub.dbo.Party AS Party ON Party.ExternalId = AspNetUsers.Id
WHERE Party.PartyId IS NULL