RbacAuthorization 2.0.0-prerelease.1
See the version list below for details.
dotnet add package RbacAuthorization --version 2.0.0-prerelease.1
NuGet\Install-Package RbacAuthorization -Version 2.0.0-prerelease.1
<PackageReference Include="RbacAuthorization" Version="2.0.0-prerelease.1" />
paket add RbacAuthorization --version 2.0.0-prerelease.1
#r "nuget: RbacAuthorization, 2.0.0-prerelease.1"
// Install RbacAuthorization as a Cake Addin #addin nuget:?package=RbacAuthorization&version=2.0.0-prerelease.1&prerelease // Install RbacAuthorization as a Cake Tool #tool nuget:?package=RbacAuthorization&version=2.0.0-prerelease.1&prerelease
RbacAuthorization
A flexible Role Based Access Control library that's simple to setup and configure.
The library allows you to assign permissions to controller actions and then group these permissions into roles which are then assigned to users.
The default implementation stores the role definitions in memory and retrieves the user's id and roles from their token claims. However these can be retrieved from any location. See Customizing Role Retrieval.
Roles can be scoped to a particular request path to further restrict the assigned permissions. See Scoping Role Permissions.
Basic Configuration
- Add the RbacAuthorization Nuget package.
dotnet add package RbacAuthorization
- Configure and assign permissions to you controller actions.
public static class Permissions
{
public const string TasksCreate = "Tasks.Create";
public const string TasksRead = "Tasks.Read";
}
[HttpPost]
[AuthorizePermission(Permissions.TasksCreate)]
public ActionResult<TaskDto> CreateTask(TaskCreateDto dto)
{
...
}
[HttpGet("{taskId}")]
[AuthorizePermission(Permissions.TasksRead)]
public ActionResult<TaskDto> GetTask(int taskId)
{
...
}
- Configure your role definitions.
public static class Roles
{
public static readonly RoleDefinition Admin = new(
name: "Admin",
permissions:
[
Permissions.TasksCreate,
Permissions.TasksRead,
]);
}
builder.Services.AddRbacAuthorization(options =>
{
options.AddClaimsPrincipalUserId(ClaimTypes.NameIdentifier);
options.AddClaimsPrincipalUserRoles(ClaimTypes.Role);
options.AddInMemoryRoleDefinitions(
Roles.Admin);
});
Configure users with roles.
Configure your Identity Provider to include the relevant roles as
role
claims for your users. This typically involves creating a group with the name of each role and assigning them to your users.For example: Configuring roles in Active Directory
Scoping Role Permissions
Roles can be scoped to a particular request path to further restrict the assigned permissions. The path scope can also include parameters to avoid having to define multiple similar roles.
In the below example a role called ProjectAdmin
has been scoped to the path
/projects/{ProjectId}
which restricts its permissions to a particular project.
When the role is assigned to a user, it must also include the path scope and any parameters must be replaced with values.
For example a user with the ProjectAdmin:/projects/123
role would have the admin
permissions for only project 123
.
public static readonly RoleDefinition ProjectAdmin = new(
name: "ProjectAdmin",
permissions:
[
Permissions.TasksCreate,
Permissions.TasksDelete,
],
pathScope: "/projects/{ProjectId}");
Customizing Role Retrieval
How role definitions and user roles are retrieved can be customized by implementing a custom locator. The following are available:
- IRoleDefinitionsLocator
- IUserRolesLocator
- IUserIdLocator
A common scenario would be to retrieve the user's roles from a database instead of from the user's token.
The custom locator will be called for each authorization.
The custom implementations should be registered as a singleton. For example:
options.Services.AddSingleton<IUserRolesLocator, MyCustomUserRolesLocator>();
Example WebApi
An example WebApi showing the core functionality is available below:
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Microsoft.Identity.Web (>= 2.18.0)
-
net8.0
- Microsoft.Identity.Web (>= 2.18.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
2.0.0 | 219 | 4/26/2024 |
2.0.0-prerelease.1 | 68 | 4/23/2024 |
1.0.1 | 228 | 4/30/2023 |
1.0.0 | 195 | 4/30/2023 |
1.0.0-alpha.4 | 137 | 12/28/2022 |
1.0.0-alpha.3 | 116 | 12/25/2022 |
1.0.0-alpha.2 | 118 | 12/22/2022 |
1.0.0-alpha.1 | 122 | 12/22/2022 |