MinimalApi.Identity.API 1.0.128

Packages MinimalApi Identity API

Library for dynamically managing users, roles, claims, modules and license, using .NET 8 Minimal API, Entity Framework Core and SQL Server.

🛠️ Installation

The library is available on NuGet, just search for MinimalApi.Identity.API in the Package Manager GUI or run the following command in the .NET CLI:

dotnet add package MinimalApi.Identity.API

🚀 Configuration

Adding this sections in the appsettings.json file:

{
    "Logging": {
        "LogLevel": {
            "Default": "Information",
            "Microsoft.AspNetCore": "Warning"
        }
    },
    "Kestrel": {
        "Limits": {
            "MaxRequestBodySize": 5242880
        }
    },
    "JwtOptions": {
        "Issuer": "[ISSUER]",
        "Audience": "[AUDIENCE]",
        "SecurityKey": "[SECURITY-KEY-512-CHAR]",
        "AccessTokenExpirationMinutes": "60",
        "RefreshTokenExpirationMinutes": "60"
    },
    "NetIdentityOptions": {
        "RequireUniqueEmail": true,
        "RequireDigit": true,
        "RequiredLength": 8,
        "RequireUppercase": true,
        "RequireLowercase": true,
        "RequireNonAlphanumeric": true,
        "RequiredUniqueChars": 4,
        "RequireConfirmedEmail": true,
        "MaxFailedAccessAttempts": 3,
        "AllowedForNewUsers": true,
        "DefaultLockoutTimeSpan": "00:05:00"
    },
    "SmtpOptions": {
        "Host": "smtp.example.org",
        "Port": 25,
        "Security": "StartTls",
        "Username": "Username del server SMTP",
        "Password": "Password del server SMTP",
        "Sender": "MyApplication <noreply@example.org>",
        "SaveEmailSent": true
    },
    "UsersOptions": {
        "AssignAdminRoleOnRegistration": "admin@example.org",
        "PasswordExpirationDays": 90
    },
    "ApiValidationOptions": {
        "MinLengthFirstName": 3,
        "MaxLengthFirstName": 50,
        "MinLengthLastName": 3,
        "MaxLengthLastName": 50,
        "MinLengthUsername": 5,
        "MaxLengthUsername": 20,
        "MinLengthRoleName": 5,
        "MaxLengthRoleName": 20,
        "MinLengthModuleName": 5,
        "MaxLengthModuleName": 20,
        "MinLengthModuleDescription": 5,
        "MaxLengthModuleDescription": 100,
        "MinLengthLicenseName": 5,
        "MaxLengthLicenseName": 20,
        "MinLengthClaimValue": 5,
        "MaxLengthClaimValue": 20,
        "MinLengthPolicyName": 5,
        "MaxLengthPolicyName": 20,
        "MinLengthPolicyDescription": 5,
        "MaxLengthPolicyDescription": 100
    },
    "HostedServiceOptions": {
        "IntervalAuthPolicyUpdaterMinutes": 5
    },
    "ConnectionStrings": {
        "DefaultConnection": "Data Source=[HOSTNAME];Initial Catalog=[DATABASE];User ID=[USERNAME];Password=[PASSWORD];Encrypt=False"
    }
}

Registering services at Program.cs file

var builder = WebApplication.CreateBuilder(args);
var authConnection = builder.Configuration.GetDatabaseConnString("DefaultConnection");
var formatErrorResponse = ErrorResponseFormat.List; // or ErrorResponseFormat.Default

builder.Services.AddCors(options => options.AddPolicy("cors", builder
    => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()));

//...

//If you need to register additional services(transient, scoped, singleton) in dependency injection,
//you can use the related extension methods exposed by the library.

//NOTE: Service has already been used within the library to register the necessary services, it is
//recommended to use a different nomenclature.

//The library exposes the following extension methods that leverage the Scrutor package:
//- Transient lifecycle => builder.Services.AddRegisterTransientService<IAuthService>("Service");
//- Scoped lifecycle => builder.Services.AddRegisterScopedService<IAuthService>("Service");
//- Singleton lifecycle => builder.Services.AddRegisterSingletonService<IAuthService>("Service");

builder.Services.AddRegisterServices<Program>(builder.Configuration, authConnection, formatErrorResponse);
builder.Services.AddAuthorization(options =>
{
    // Here you can add additional authorization policies
});

//...

var app = builder.Build();

//Use this MinimalApiExceptionMiddleware in your pipeline if you don't need to add new exceptions.
app.UseMiddleware<MinimalApiExceptionMiddleware>();

//If you need to add more exceptions, you need to add the ExtendedExceptionMiddleware middleware to your pipeline.
//In the demo project, in the Middleware folder, you can find an example implementation, which you can use to add
//the exceptions you need.
//app.UseMiddleware<ExtendedExceptionMiddleware>();

app.UseRouting();
app.UseStatusCodePages();

if (app.Environment.IsDevelopment())
{
    app.UseSwagger().UseSwaggerUI(options =>
    {
        options.SwaggerEndpoint("/swagger/v1/swagger.json", builder.Environment.ApplicationName);
    });
}

app.UseCors("cors");

app.UseAuthentication();
app.UseAuthorization();

app.UseMapEndpoints();
app.Run();

📡 API Reference

See the documentation for a list of all available API endpoints.

📚 Demo

You can find a sample project in the example project.

📦 Dependencies

• .NET 8
• ASP.NET Core Identity
• Entity Framework Core
• Entity Framework Core for SQL Server
• JWT Bearer Token
• MailKit
• Scrutor

🔜 Future implementations

• Replacing the hosted service authorization policy updater using Coravel jobs
• Add support for relational databases other than MS SQLServer (e.g. MySQL and PostgreSQL)

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🤝 Contributing

Suggestions are always welcome! Feel free to open suggestion issues in the repository and we will implement them as possible.