RbacAuthorization 1.0.1

.NET 6.0
There is a newer version of this package available.
See the version list below for details. 
dotnet add package RbacAuthorization --version 1.0.1
NuGet\Install-Package RbacAuthorization -Version 1.0.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="RbacAuthorization" Version="1.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add RbacAuthorization --version 1.0.1
#r "nuget: RbacAuthorization, 1.0.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install RbacAuthorization as a Cake Addin
#addin nuget:?package=RbacAuthorization&version=1.0.1

// Install RbacAuthorization as a Cake Tool
#tool nuget:?package=RbacAuthorization&version=1.0.1

RbacAuthorization

A simple role based access control library for single and multi tenant applications.

Single Tenant Application

The below task management application has two types of users, Supervisors and Assistants. Only supervisors can create and delete tasks while both can read and update the tasks.

Endpoint Permission Roles
POST /tasks Tasks.Create MyApp.Supervisor
GET /tasks Tasks.Read MyApp.Assistant <br> MyApp.Supervisor
PUT /tasks/{taskId} Tasks.Update MyApp.Assistant <br> MyApp.Supervisor
DELETE /tasks/{taskId} Tasks.Delete MyApp.Supervisor

Configuration steps

  1. Add the RbacAuthorization Nuget package.
dotnet add package RbacAuthorization
  1. Define your permissions. These can use any format you like but typically include a resource and an action. For example:
public static class Permissions
{
    public const string TasksCreate = "Tasks.Create";
    public const string TasksRead = "Tasks.Read";
    public const string TasksUpdate = "Tasks.Update";
    public const string TasksDelete = "Tasks.Delete";
}
  1. Define your roles. These can also use any format you like but typically include the app name and a job role. For example:
public static class Roles
{
    public const string Supervisor = "MyApp.Supervisor";
    public const string Assistant = "MyApp.Assistant";
}
  1. Define a policy to map your roles to permissions. In the below example the application has two types of users, Supervisors and Assistants. Only supervisors can create and delete tasks while both can read and update the tasks.
builder.Services.AddRbacAuthorization(builder.Configuration, options =>
{
    options.Policy = new StaticPolicyBuilder()
        .AddRolePermissions(Roles.Supervisor, Permissions.TasksCreate, Permissions.TasksRead, Permissions.TasksUpdate, Permissions.TasksDelete)
        .AddRolePermissions(Roles.Assistant, Permissions.TasksRead, Permissions.TasksUpdate)
        .Build();
});
  1. Assign the permissions to your controller actions using the standard authorize attribute:
app.MapGet("/tasks", [Authorize(Permissions.TasksRead)] () =>
{
    return Results.Ok(tasks.GetAll());
});

  1. Configure your Identity Provider to include the relevant roles as role claims for your users. This typically involves creating a group with the name of each role and assigning them to your users.

Multi Tenant Application

This multi tenant example builds on top the single tenant example above. There are still two types of users, Supervisors and Assistants but this time they are per tenant to provide tenant isolation.

To avoid mapping the same roles for each tenant, multi tenant roles contain a placeholder for the tenant identifier. By default the placeholder is $TenantId but it can be changed to match what you call your tenant identifier. For example $AccountName or $CompanyId.

By default the library will obtain the tenant identifier from the request RouteData value named TenantId. You can also obtain the tenant identifier from a request header or subdomain if its not included in the path.

Request Permission Roles
POST /{TenantId}/tasks Tasks.Create MyApp.$TenantId.Supervisor
GET /{TenantId}/tasks Tasks.Read MyApp.$TenantId.Assistant <br> MyApp.$TenantId.Supervisor
PUT /{TenantId}/tasks/{taskId} Tasks.Update MyApp.$TenantId.Assistant <br> MyApp.$TenantId.Supervisor
DELETE /{TenantId}/tasks/{taskId} Tasks.Delete MyApp.$TenantId.Supervisor

View Source

Configuration steps

  1. Add the RbacAuthorization Nuget package.
dotnet add package RbacAuthorization
  1. Define your permissions. These can use any format you like but typically include a resource and an action. For example:
public static class Permissions
{
    public const string TasksCreate = "Tasks.Create";
    public const string TasksRead = "Tasks.Read";
    public const string TasksUpdate = "Tasks.Update";
    public const string TasksDelete = "Tasks.Delete";
}
  1. Define your roles. These can also use any format you like but typically include the app name, tenant identifier and a job role. You can also include roles that span all tenants like a customer support role. For example:
public static class Roles
{
    public const string TenantSupervisor = "MyApp.$TenantId.Supervisor";
    public const string TenantAssistant = "MyApp.$TenantId.Assistant";
    public const string CustomerSupport = "MyApp.CustomerSupport";
}
  1. Define a policy to map your roles to permissions. In the below example the application has three types of users, per tenant Supervisors and Assistants users and application wide Customer Support staff. Only supervisors can create and delete tasks in their tenant while both Supervisor and Assistants can read and update tasks in their tenant. Customer Support staff can read tasks in any tenant due to their role not being scoped to a tenant with the $TenantId placeholder.
builder.Services.AddRbacAuthorization(builder.Configuration, options =>
{
    options.Policy = new StaticPolicyBuilder()
        .AddRolePermissions(Roles.TenantSupervisor, Permissions.TasksCreate, Permissions.TasksRead, Permissions.TasksUpdate, Permissions.TasksDelete)
        .AddRolePermissions(Roles.TenantAssistant, Permissions.TasksRead, Permissions.TasksUpdate)
        .AddRolePermissions(Roles.CustomerSupport, Permissions.TasksRead)
        .Build();
});
  1. Assign the permissions to your controller actions using the standard authorize attribute:
app.MapGet("/tasks", [Authorize(Permissions.TasksRead)] () =>
{
    return Results.Ok(tasks.GetAll());
});

  1. Configure your Identity Provider to include the relevant roles as role claims for your users. This typically involves creating a group with the name of each role and assigning them to your users.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.0 74 4/26/2024
2.0.0-prerelease.1 47 4/23/2024
1.0.1 193 4/30/2023
1.0.0 166 4/30/2023
1.0.0-alpha.4 124 12/28/2022
1.0.0-alpha.3 103 12/25/2022
1.0.0-alpha.2 105 12/22/2022
1.0.0-alpha.1 109 12/22/2022