[go: up one dir, main page]

Skip to content

An unofficial adapters to use KeyCloak as Authentication and Authorization server

License

Notifications You must be signed in to change notification settings

Wissance/Authorization

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Wissance.Authorization Project

GitHub code size in bytes GitHub issues GitHub Release Date GitHub release (latest by date)

LabWatcher: is automated Mossbauer laboratory control toolset

C# class library that helps to add authorization into any type of applycation (Web, Desktop and others easily). Supports OpenId-Connect private and public authentication using **token ** and authorization code flows in KeyCloak. Works with any version of KeyCloak, supporting old platforms (netcore 3.1+, netstandard2.0+).

Functionality

  • Easily integrate KeyCloak as authorization server into any application (Web, Desktop or Console)
  • Protect swagger with KeyCloak Authorization

Example of usage

1. Authentication & Authorization on Keycloak

don't forget to add this usage:

using Wissance.Authorization.Config;
using Wissance.Authorization.Extensions;

In my Startup.cs i have ConfigureService method that calls ConfigureWeb:

public void ConfigureServices(IServiceCollection services)
{
     // Configure subsystems before ...
     ConfigureWeb(services);
     // Configure subsystems after ...
}

// ...

private void ConfigureWeb(IServiceCollection services)
{
     // ...
     // Authorization, here we need only config which is very simple, see KeyCloakAuthenticator tests
     KeyCloakServerConfig authConfig = BuildKeyCloakConfig();
     services.AddKeyCloak(authConfig);
     // ...
}

// don't forget to add Authentication & Authorization in Configure function, like this:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // ...
    app.UseAuthentication();
    // app.UseHttpsRedirection();

    app.UseRouting();

    app.UseAuthorization();

    app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
    //...
}

if you would like to just Restrict access to you controllers to only Autenticated users (without Claims check) your could add following (i suppose that Controllers configuretion is implemented in upper mentioned ConfigureWeb(IServiceCollection services) method:

services.AddControllers(config =>
{
    AuthorizationPolicy policy = new AuthorizationPolicyBuilder()
                                    .RequireAuthenticatedUser()
                                    .Build();
    config.Filters.Add(new AuthorizeFilter(policy));
});

this requires to add a couple of using:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Authorization;

If you would like to use Role-based acces to controllers (we form Roles property (propper mapper have to be configured on a KeyCloak side)) use [Authorize] attribute on controllers, i.e.

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;

[ApiController]
[Authorize(Roles = "user")]
 public class MyController : ControllerBase
{
    // ...
}

2. Use swagger under Authorization

See the structure of Startup class in part related to Keycloak, so to configure Swagger with Keycloak add following line to you ConfigureWeb(IServiceCollection services method:

IDictionary<string, string> scopes = _authConfig.Scopes.Select(s => s).ToDictionary(k => k, v => v);
Action<SwaggerGenOptions> generalOptionSwaggerConfigure = options =>
{
    options.MapType<TimeSpan>(() => new OpenApiSchema
    {
        Type = "string",
        Example = new OpenApiString("00:00:00")
     });
};
services.AddSwaggerWithKeyCloakPasswordAuthentication(authConfig, generalOptionSwaggerConfigure, scopes);

and to Configure(IApplicationBuilder app, IWebHostEnvironment env) method:

   app.UseSwaggerWithKeyCloakAuthentication("Wissance.BusinessTools", BuildKeyCloakConfig(), _authConfig.Scopes);

_authConfig.Scopes is array of strings (public string[] Scopes { get; set; }), by default Keycloak works with profile scope. var Scopes = new string[]{"profile"};

!!! DON'T forget to add * or your app base URI i.e. http://localhost:8421/* to WebOrigin of Keycloak client settings (subscribe to our medium because we are writing interesting articles and in particular about Authorization and Keycloak usage aspects: https://m-ushakov.medium.com/)

Additional docs with images with examples will be soon.

Nuget package

https://www.nuget.org/packages/Wissance.Authorization/