affolterNET.Web.Api
0.1.18
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package affolterNET.Web.Api --version 0.1.18
NuGet\Install-Package affolterNET.Web.Api -Version 0.1.18
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="affolterNET.Web.Api" Version="0.1.18" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="affolterNET.Web.Api" Version="0.1.18" />
<PackageReference Include="affolterNET.Web.Api" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add affolterNET.Web.Api --version 0.1.18
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: affolterNET.Web.Api, 0.1.18"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package affolterNET.Web.Api@0.1.18
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=affolterNET.Web.Api&version=0.1.18
#tool nuget:?package=affolterNET.Web.Api&version=0.1.18
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
affolterNET.Web - Authentication & Authorization Libraries
This library collection provides flexible authentication and authorization modes for ASP.NET Core applications with YARP reverse proxy integration.
NuGet Packages
| Package | NuGet | Description |
|---|---|---|
| affolterNET.Web.Core |  |
Core authentication and authorization components |
| affolterNET.Web.Api |  |
API authentication components |
| affolterNET.Web.Bff |  |
BFF authentication with YARP reverse proxy integration |
Installation
# Core package (required)
dotnet add package affolterNET.Web.Core
# For API authentication
dotnet add package affolterNET.Web.Api
# For BFF (Backend-for-Frontend) with YARP
dotnet add package affolterNET.Web.Bff
Development
Building Packages Locally
Use the provided script to build and test packages locally:
# Build, test, and pack version 1.0.0
./manage-packages.sh 1.0.0
# Only build
./manage-packages.sh 1.0.0 build
# Only pack packages
./manage-packages.sh 1.0.0 pack
# Publish to local NuGet source for testing
./manage-packages.sh 1.0.0 publish-local
CI/CD Pipeline
The repository includes GitHub Actions workflows for:
- Continuous Integration: Build and test on every push/PR
- Package Publishing: Automatic NuGet publishing on releases
- Version Management: Automatic versioning with preview builds
To publish to NuGet.org:
- Add
NUGET_API_KEYto repository secrets - Create a release with version tag (e.g.,
v1.0.0) - Packages will be automatically published
This library provides flexible authentication and authorization modes for ASP.NET Core applications with YARP reverse proxy integration.
Authentication Modes
┌─────────────────────────────────────────────────────────────────────────────────┐
│ AUTHENTICATION MODES │
└─────────────────────────────────────────────────────────────────────────────────┘
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────────────────────────┐
│ NONE │ │ AUTHENTICATE │ │ AUTHORIZE │
│ │ │ (LOGIN) │ │ │
│ Anonymous │ │ Login Required │ │ Login + Permission Claims Required │
│ Access │ │ No Permissions │ │ Fine-grained Access Control │
└─────────────────┘ └─────────────────┘ └─────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────────┐
│ ALWAYS ENABLED SERVICES │
│ (Security & Infrastructure) │
├─────────────────────────────────────────────────────────────────────────────────┤
│ ✅ SecurityHeadersMiddleware │ CSP, HSTS, X-Frame-Options, etc. │
│ ✅ AntiforgeryTokenMiddleware │ CSRF protection │
│ ✅ HTTP Context Accessor │ Core infrastructure │
│ ✅ Memory Cache │ Performance & caching │
│ ✅ YARP Reverse Proxy │ Frontend/API proxying │
└─────────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────────┐
│ MODE-SPECIFIC SERVICES │
└─────────────────────────────────────────────────────────────────────────────────┘
MODE: NONE MODE: AUTHENTICATE MODE: AUTHORIZE
├─────────────────────┐ ├─────────────────────────┐ ├──────────────────────────┐
│ Services: │ │ Services: │ │ Services: │
│ • Basic Routing │ │ • Cookie Authentication │ │ • Cookie Authentication │
│ • Static Files │ │ • OIDC Integration │ │ • OIDC Integration │
│ │ │ • Token Refresh │ │ • Token Refresh │
│ Middleware: │ │ • Claims Enrichment │ │ • Claims Enrichment │
│ • No Auth Pipeline │ │ • Basic Authorization │ │ • Permission Policies │
│ │ │ │ │ • RPT Token Service │
│ Use Cases: │ │ Middleware: │ │ • Keycloak Integration │
│ • Public websites │ │ • UseAuthentication() │ │ │
│ • Static content │ │ • UseAuthorization() │ │ Middleware: │
│ • Development │ │ • RefreshTokenMware │ │ • UseAuthentication() │
└─────────────────────┘ │ • RptMiddleware │ │ • UseAuthorization() │
│ │ │ • RefreshTokenMware │
│ Use Cases: │ │ • RptMiddleware │
│ • Internal tools │ │ │
│ • Simple apps │ │ Use Cases: │
│ • Prototyping │ │ • Enterprise apps │
└─────────────────────────┘ │ • Multi-tenant systems │
│ • Fine-grained access │
└──────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ SERVICE MATRIX │
├─────────────────────────────────┬───────┬────────────────┬─────────────────────┤
│ Service/Middleware │ NONE │ AUTHENTICATE │ AUTHORIZE │
├─────────────────────────────────┼───────┼────────────────┼─────────────────────┤
│ SecurityHeadersMiddleware │ ✅ │ ✅ │ ✅ │
│ AntiforgeryTokenMiddleware │ ✅ │ ✅ │ ✅ │
│ HTTP Context Accessor │ ✅ │ ✅ │ ✅ │
│ Memory Cache │ ✅ │ ✅ │ ✅ │
│ YARP Reverse Proxy │ ✅ │ ✅ │ ✅ │
│ Static Files │ ✅ │ ✅ │ ✅ │
│ API NotFound Handling │ ✅ │ ✅ │ ✅ │
├─────────────────────────────────┼───────┼────────────────┼─────────────────────┤
│ Cookie Authentication │ ❌ │ ✅ │ ✅ │
│ OIDC Integration │ ❌ │ ✅ │ ✅ │
│ UseAuthentication() │ ❌ │ ✅ │ ✅ │
│ UseAuthorization() │ ❌ │ ✅ │ ✅ │
│ Session Management │ ❌ │ ✅ │ ✅ │
│ Token Refresh Middleware │ ❌ │ ✅ │ ✅ │
│ No Unauthorized Redirect │ ❌ │ ✅ │ ✅ │
├─────────────────────────────────┼───────┼────────────────┼─────────────────────┤
│ RPT Token Service │ ❌ │ ❌ │ ✅ │
│ Permission Policies │ ❌ │ ❌ │ ✅ │
│ Permission Claims Service │ ❌ │ ❌ │ ✅ │
└─────────────────────────────────┴───────┴────────────────┴─────────────────────┘
Configuration
Configure the authorization mode in your appsettings.json:
{
"Auth": {
"AuthenticationMode": "Authenticate",
"RequireHttpsMetadata": true,
"RedirectUri": "/signin-oidc",
"PostLogoutRedirectUri": "/",
"Cookie": {
"Secure": true
}
}
}
Available Authentication Modes
None: Anonymous access, no authentication requiredAuthenticate: Login required, no permission checksAuthorize: Login + fine-grained permission validation
Usage
1. Register Services
var bffOptions = builder.Services.AddBffServices(isDev, builder.Configuration, options =>
{
options.EnableSecurityHeaders = true;
options.ConfigureBff = bffOptions =>
{
bffOptions.AuthMode = AuthenticationMode.Authenticate;
bffOptions.EnableSessionManagement = true;
bffOptions.EnableTokenRefresh = true;
};
});
2. Configure Middleware Pipeline
app.ConfigureBffApp(bffOptions);
Key Features
- Progressive Enhancement: Each mode builds upon the previous one
- YARP Integration: Reverse proxy works seamlessly in all modes
- Security First: CSP, Antiforgery, and Security Headers always enabled
- Flexible Configuration: Easy mode switching via configuration
- Clean Service Registration: Only required services are registered per mode
- Swagger Integration: Built-in OpenAPI documentation support
- Multi-Section Configuration: Separate configuration sections for different concerns
Usage Pattern
The library follows a two-step configuration pattern:
- Service Registration:
AddBffServices()returns configuration object - Pipeline Configuration:
ConfigureBffApp()accepts the configuration object
// Step 1: Register services and get configuration
var bffOptions = builder.Services.AddBffServices(isDev, builder.Configuration, options => { /* configure */ });
// Step 2: Configure middleware pipeline
app.ConfigureBffApp(bffOptions);
Technical Configuration Switches
The BFF library provides fine-grained control over features through configuration switches. These can be set in appsettings.json or programmatically:
Core Application Switches (All Modes)
EnableSecurityHeaders: Security headers middleware at application level (default:true)
BFF-Specific Switches
EnableApiNotFound: API 404 handling for unmatched routes (default:true)EnableAntiforgery: CSRF protection with antiforgery tokens (default:true)EnableHttpsRedirection: HTTPS enforcement middleware (default:true)EnableStaticFiles: Static file serving capability (default:true)EnableYarp: Reverse proxy functionality (default:true)
Authentication Switches (Authenticate + Authorize Modes)
EnableSessionManagement: Session handling and management (default:true)EnableTokenRefresh: Automatic token renewal middleware (default:true)EnableNoUnauthorizedRedirect: Prevent API route redirects on 401 (default:true)RevokeRefreshTokenOnLogout: Cleanup tokens on logout (default:true)
Authorization Switches (Authorize Mode Only)
EnableRptTokens: Resource Permission Token support (default:true)
Configuration Example
{
"affolterNET.Web": {
"Bff": {
"Options": {
"AuthMode": "Authorize",
"EnableSessionManagement": true,
"EnableTokenRefresh": true,
"EnableRptTokens": true,
"EnableAntiforgery": true,
"EnableApiNotFound": true,
"EnableStaticFiles": true,
"EnableYarp": true,
"EnableHttpsRedirection": false,
"RevokeRefreshTokenOnLogout": true
}
}
}
}
Programmatic Configuration
var bffOptions = builder.Services.AddBffServices(isDev, builder.Configuration, options =>
{
// Core application options
options.EnableSecurityHeaders = true;
// BFF-specific configuration
options.ConfigureBff = bffOptions =>
{
bffOptions.AuthMode = AuthenticationMode.Authorize;
bffOptions.EnableSessionManagement = true;
bffOptions.EnableTokenRefresh = true;
bffOptions.EnableRptTokens = true;
bffOptions.EnableAntiforgery = false; // Disable for APIs
bffOptions.EnableHttpsRedirection = false; // For development
};
// Swagger/OpenAPI configuration (optional)
options.ConfigureSwagger = swaggerOptions =>
{
swaggerOptions.Title = "My API";
swaggerOptions.Version = "v1";
swaggerOptions.ConfigureApiDocumentation = app =>
{
app.UseSwagger();
app.UseSwaggerUI();
};
};
});
Architecture
Core Components
- affolterNET.Auth.Core: Base authorization policies, middleware, and services
- affolterNET.Auth.Bff: Backend-for-Frontend pattern with YARP integration
- affolterNET.Auth.Api: API-specific authentication (if needed)
Security Services (Always Active)
- SecurityHeadersMiddleware: Applies CSP, HSTS, X-Frame-Options
- AntiforgeryTokenMiddleware: CSRF protection
- YARP Reverse Proxy: Frontend/API gateway functionality
Authentication Services (AuthenticatedOnly + PermissionBased)
- Cookie Authentication: Secure session management
- OIDC Integration: Keycloak/OAuth2 authentication
- Token Refresh: Automatic token renewal
- Claims Enrichment: User information processing
Authorization Services (PermissionBased Only)
- PermissionAuthorizationPolicyProvider: Dynamic policy creation
- PermissionAuthorizationHandler: Permission validation
- RPT Token Service: Resource Permission Token handling
- Keycloak Integration: Permission claim processing
Examples
Development Mode (No Authentication)
{
"affolterNET.Web": {
"Bff": {
"Options": {
"AuthMode": "None",
"EnableHttpsRedirection": false
}
}
}
}
Internal Tools (Simple Authentication)
{
"affolterNET.Web": {
"Bff": {
"Options": {
"AuthMode": "Authenticate",
"EnableSessionManagement": true,
"EnableTokenRefresh": true
}
}
}
}
Enterprise Applications (Full Authorization)
{
"affolterNET.Web": {
"Bff": {
"Options": {
"AuthMode": "Authorize",
"EnableSessionManagement": true,
"EnableTokenRefresh": true,
"EnableRptTokens": true,
"RevokeRefreshTokenOnLogout": true
}
}
}
}
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net9.0
- affolterNET.Web.Core (>= 0.1.18)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 9.0.9)
- Microsoft.Extensions.Http (>= 9.0.9)
- System.IdentityModel.Tokens.Jwt (>= 8.14.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 0.3.13 | 0 | 11/7/2025 |
| 0.3.12 | 0 | 11/7/2025 |
| 0.3.11 | 0 | 11/7/2025 |
| 0.3.10 | 66 | 11/6/2025 |
| 0.3.9 | 66 | 11/6/2025 |
| 0.3.8 | 166 | 10/26/2025 |
| 0.3.7 | 153 | 10/26/2025 |
| 0.3.6 | 142 | 10/24/2025 |
| 0.3.5 | 174 | 10/23/2025 |
| 0.3.4 | 302 | 10/8/2025 |
| 0.3.3 | 158 | 10/8/2025 |
| 0.3.2 | 193 | 10/6/2025 |
| 0.1.23 | 164 | 10/6/2025 |
| 0.1.22 | 174 | 10/6/2025 |
| 0.1.21 | 157 | 10/2/2025 |
| 0.1.19 | 164 | 10/2/2025 |
| 0.1.18 | 156 | 9/29/2025 |
| 0.1.17 | 186 | 9/22/2025 |
| 0.1.16 | 193 | 9/19/2025 |
| 0.1.14 | 205 | 9/19/2025 |
| 0.1.13 | 208 | 9/19/2025 |
| 0.1.12 | 304 | 9/17/2025 |
| 0.1.11 | 294 | 9/17/2025 |
| 0.1.9 | 294 | 9/17/2025 |
| 0.1.8 | 297 | 9/17/2025 |
| 0.1.7 | 300 | 9/17/2025 |
| 0.1.3 | 307 | 9/16/2025 |
See https://github.com/Mcafee123/affolterNET.Web/commits for recent changes.