KeycloakAuth 1.0.44-alpha-gc43f7ab31f
What is this?
KeycloakAuth is a package that provides AICORE authentication services to ASP.NET APIs.
How to use
Add this like to program.cs before builder.Build():
builder.Services.AddAICOREAuthentication();
And this line before app.Run():
app.UseAICOREAuthentication();
And add a block in appsettings somewhere like this with the auth server URL and list of valid realms:
"KeycloakSetting": {
"AuthServerUrl": "https://auth.aicore.ca/",
"CustomerRootUrl": "https://aicoreio.coredata.ca/Customer/CustomerManager/GetCustomerRoot",
"KeycloakRealmList": [ "coredata", "imeccore", "medlior" ]
}
(CustomerRootURL is only necessary when using AuthUtilService)
By default, this will apply mandatory authentication to every controller, meaning that all endpoints will require a valid Bearer token to be provided in the Authorization header in order to be called. To restrict endpoints to only users with certain realm roles, create a policy section somewhere in appsettings:
"AuthorizationPolicies": [
{
"Policy": "FileRead",
"Roles": [
{
"RequireRealmRole": [ "file_read" ]
}
]
},
{
"Policy": "FileReadWrite",
"Roles": [
{
"RequireRealmRole": [ "file_read" ]
},
{
"RequireRealmRole": [ "file_write" ]
}
]
}
]
And then use the policy in a decorator on any endpoint like this:
[Route("Upload")]
[HttpPost]
[AuthService("FileReadWrite")]
public async Task<IActionResult> Upload(IFormFile UploadedFile, IFormCollection data) { ... }
To completely remove the authentication from an endpoint:
[Unauthenticated]
[HttpGet]
[Route("schema/{*path}")]
public async Task<IActionResult> GetSchema(string path) { ... }
!! NOTE !! Please keep in mind that a policy like this:
{
"Policy": "FileReadOrWrite",
"Roles": [
{
"RequireRealmRole": [ "file_read", "file_write" ]
}
]
}
Will allow a user through if they have either file_read OR file_write.
AuthUtilService
AuthUtilService can be scope-injected into any class where an HTTP context is present:
public FilesController(ILogger<FilesController> logger, IConfiguration configuration, IHostEnvironment env, AuthUtilService auth_util)
{
_logger = logger;
Configuration = configuration;
environment = env;
_auth_util = auth_util;
}
And is then used for these functions:
_auth_util.CanWriteToFile(path) - Returns true if the authenticated user is allowed to write to a given path, file does not need to exist yet
_auth_util.CanReadFromFile(path) - Returns true if the authenticated user is allowed to read from a given path
No packages depend on KeycloakAuth.
.NET 8.0
- Microsoft.IdentityModel.JsonWebTokens (>= 8.5.0)
- Microsoft.IdentityModel.Protocols (>= 8.5.0)
- Microsoft.IdentityModel.Protocols.OpenIdConnect (>= 8.5.0)
- Newtonsoft.Json (>= 13.0.3)
- RestSharp (>= 112.1.0)
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.44-alpha-gc43f7ab31f | 1 | 03/11/2025 |
| 1.0.41-alpha-g6afcde9d8d | 1 | 03/11/2025 |
| 1.0.40-alpha-ga720d6e416 | 1 | 03/11/2025 |
| 1.0.38-alpha-g7c82d573e1 | 1 | 03/11/2025 |
| 1.0.37-alpha-gacacd941aa | 8 | 02/21/2025 |
| 1.0.36-alpha-gc735290a15 | 4 | 02/20/2025 |
| 1.0.34-alpha-g6e38015e09 | 3 | 02/20/2025 |
| 1.0.27-alpha-g33a23ab4d7 | 14 | 11/29/2024 |
| 1.0.26-alpha-g17e4ead61e | 8 | 11/29/2024 |
| 1.0.22-alpha-g67652a52cf | 15 | 11/01/2024 |
| 1.0.21-alpha-g9aabe112c5 | 8 | 11/01/2024 |
| 1.0.18-alpha-g8598a4e7e7 | 11 | 10/17/2024 |
| 1.0.15-alpha-g80522182d6 | 15 | 09/09/2024 |