A set of libraries to easily integrate and extend authentication in ASP.NET Core projects, using ASP.NET Core Identity.
🏷️ Introduction
MinimalApi.Identity is a dynamic and modular identity manager for managing users, roles, claims and more for access control in Asp.Net Mvc Core and Web API, using .NET 8 Minimal API, Entity Framework Core and relational database (of your choice).
[!IMPORTANT]
This library is still under development of new implementations and in the process of creating the related documentation.
🧩 Features
Minimal API: Built using .NET 8 Minimal API for a lightweight and efficient implementation.
Entity Framework Core: Uses EF Core for data access, making it easy to integrate with your existing database.
Modular: The library is designed to be modular, allowing you to add or remove features as needed.
Dynamic: Supports dynamic management of users, roles, claims, forms, licensing and policies.
Flexible Configuration: Easily configurable via appsettings.json to suit your application's needs.
[!NOTE]
For migrations you can use a specific project to add to your solution, then configuring the assembly in AppSettings:MigrationsAssembly, otherwise leave it blank and the assembly containing the Program.cs class will be used.
🗃️ Database
Configuration
The library uses Entity Framework Core to manage the database.
The connection string is configured in the AppSettings section of the appsettings.json file.
Database Type: Set via AppSettings:DatabaseType (supported values: sqlserver, azuresql, postgresql, mysql, sqlite)
After setting the type of database you want to use, modify the corresponding connection string.
Migrations
[!TIP]
To update the database schema you need to create migrations, they will be applied automatically at the next application startup.
To create database migrations select MinimalApi.Identity.Core as the default project from the drop-down menu in the Package Manager Console
and run the command: Add-Migration MIGRATION-NAME
[!NOTE]
if you use a separate project for migrations (It is recommended to add a reference in the project name to the database used, in this case it is SQL Server),
make sure to set the -Project parameter to the name of that project.
📎 Swagger / OpenAPI
It is possible to protect access to the Swagger UI with the following configuration in SwaggerSettings:
RequiredAuth: set via AuthSettings:IsRequired (supported values: true, false)
Username: set via AuthSettings:Username
Password: set via AuthSettings:Password
You can manage the state of the Swagger UI with the following configuration:
Enable/Disable Swagger UI: set via SwaggerSettings:IsEnabled (supported values: true, false)
💡 Usage Examples
[!WARNING]
The library is still under development, so the Program.cs configuration may change in future updates.
public class Program
{
public static async Task Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
var minioOptions = builder.Services.ConfigureAndGet<MinioOptions>(builder.Configuration, nameof(MinioOptions)) ?? new MinioOptions();
builder.Host.UseSerilogToStorageCloud((context, services, config)
=> config.ReadFrom.Configuration(context.Configuration), minioOptions);
var appSettings = builder.Services.ConfigureAndGet<AppSettings>(builder.Configuration, nameof(AppSettings)) ?? new();
var jwtOptions = builder.Services.ConfigureAndGet<JwtOptions>(builder.Configuration, nameof(JwtOptions)) ?? new();
var swaggerSettings = builder.Services.ConfigureAndGet<SwaggerSettings>(builder.Configuration, nameof(SwaggerSettings)) ?? new();
var corsOptions = builder.Services.ConfigureAndGet<CorsOptions>(builder.Configuration, nameof(CorsOptions)) ?? new();
builder.Services.AddRegisterDefaultServices<MinimalApiAuthDbContext>(builder.Configuration, appSettings, jwtOptions);
//If you need to register services with a lifecycle other than Transient, do not modify this configuration,
//but create one (or more) duplicates of this configuration, modifying it as needed.
builder.Services.AddRegisterServices(options =>
{
options.Interfaces = [typeof(IAuthService)]; // Register your interfaces here, but do not remove the IAuthService service.
options.StringEndsWith = "Service"; // This will register all services that end with "Service" in the assembly.
options.Lifetime = ServiceLifetime.Transient; // This will register the services with a Transient lifetime.
});
builder.Services.AddAuthorization(options =>
{
options.AddDefaultSecurityOptions();
// Here you can add additional authorization policies
});
var app = builder.Build();
var activeModules = RegisterServicesExtensions.ReadFeatureFlags(appSettings);
var appName = app.Environment.ApplicationName;
await RegisterServicesExtensions.ConfigureDatabaseAsync(app.Services);
// If behind a proxy, uncomment and configure the KnownProxies collection
//app.UseForwardedHeaders(new()
//{
// ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
// KnownProxies = { }
//});
app.UseHttpsRedirection();
app.UseStatusCodePages();
app.UseMiddleware<MinimalApiExceptionMiddleware>();
if (swaggerSettings.IsEnabled)
{
if (swaggerSettings.AuthSettings.IsRequired)
{
app.UseMiddleware<SwaggerBasicAuthMiddleware>();
}
app.UseSwagger();
app.UseSwaggerUI(options => options.SwaggerEndpoint("/swagger/v1/swagger.json", $"{appName} v1"));
}
app.UseRouting();
app.UseCors(corsOptions.PolicyName);
app.UseAuthentication();
app.UseAuthorization();
app.UseMapEndpoints(activeModules);
await app.RunAsync();
}
}
🔐 Authentication
The following authentication types are currently supported:
JWT Bearer Token
🧑💼 Administrator Account
A default administrator account is created automatically with the following configuration:
Email: set via AppSettings:AssignAdminEmail
Username: set via AppSettings:AssignAdminUsername
Password: set via AppSettings:AssignAdminPassword
🏆 Badges
🗺️ Roadmap
Replacing exceptions with implementation of operation results
Replacing the hosted service email sender using Coravel jobs
Code Review and Refactoring
Migrate solution to .NET 9
Migrate FeatureFlagsOptions to Feature Management (package Microsoft.FeatureManagement)
Migrate SwaggerSettings configuration to database
Migrate SmtpOptions configuration to database
Add endpoints for two-factor authentication and management
Add endpoints for downloading and deleting personal data
Code Review and Refactoring
Migrate solution to .NET 10
Add support for multi tenancy
Align endpoints with the updated version of ASP.NET Core Identity
Change the entity ID type from INT to GUID
Make the ID entity type dynamic, so that it can accept both INT and GUID at runtime
🚀 Future implementations
Add authentication support from third-party providers (e.g. Auth0, KeyCloak, GitHub, Azure)
📜 License
This project is licensed under the MIT License - see the LICENSE file for details.
⭐ Give a Star
Don't forget that if you find this project helpful, please give it a ⭐ on GitHub to show your support and help others discover it.
🤝 Contributing
The project is constantly evolving. Contributions are always welcome. Feel free to report issues and submit pull requests to the repository, following the steps below:
Fork the repository
Create a feature branch (starting from the develop branch)
Make your changes
Submit a pull requests (targeting develop)
🆘 Support
If you have any questions or need help, read here to find out what to do.
