{"id":13787848,"url":"https://github.com/build-security/OPA-AspDotNetCore-Middleware","last_synced_at":"2025-05-12T02:30:34.887Z","repository":{"id":40855265,"uuid":"317250223","full_name":"build-security/OPA-AspDotNetCore-Middleware","owner":"build-security","description":"ASP.NET authorization middleware that consults an external Open Policy Agent","archived":false,"fork":false,"pushed_at":"2022-12-08T11:55:31.000Z","size":88,"stargazers_count":65,"open_issues_count":2,"forks_count":10,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-13T03:40:02.790Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/build-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null}},"created_at":"2020-11-30T14:33:35.000Z","updated_at":"2024-08-07T08:40:12.000Z","dependencies_parsed_at":"2023-01-25T12:46:03.159Z","dependency_job_id":null,"html_url":"https://github.com/build-security/OPA-AspDotNetCore-Middleware","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/build-security%2FOPA-AspDotNetCore-Middleware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/build-security%2FOPA-AspDotNetCore-Middleware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/build-security%2FOPA-AspDotNetCore-Middleware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/build-security%2FOPA-AspDotNetCore-Middleware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/build-security","download_url":"https://codeload.github.com/build-security/OPA-AspDotNetCore-Middleware/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253662531,"owners_count":21944090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T21:00:32.323Z","updated_at":"2025-05-12T02:30:34.644Z","avatar_url":"https://github.com/build-security.png","language":"C#","funding_links":[],"categories":["Language and Platform Integrations"],"sub_categories":[".NET"],"readme":"# OPA-AspDotNetCore-Middleware\n\u003cp align=\"center\"\u003e\u003cimg src=\"Logo-build.png\" class=\"center\" alt=\"build-logo\" width=\"30%\"/\u003e\u003c/p\u003e\n\n## Abstract\n[build.security](https://docs.build.security/) provides simple development and management for your organization's authorization policy.\nOPA-AspDotNetCore-Middleware is a .Net middleware intended for performing authorization requests against build.security PDP(Policy Decision Point)/[OPA](https://www.openpolicyagent.org/).\n\n## Data Flow\n\u003cp align=\"center\"\u003e \u003cimg src=\"Data%20flow.png\" alt=\"drawing\" width=\"60%\"/\u003e\u003c/p\u003e\n\n## Usage\n\nBefore you start we recommend completing the onboarding tutorial.\n\n---\n\n**Important note**\n\nTo simplify the setup process, the following example uses a local [build.security PDP instance](https://docs.build.security/policy-decision-points-pdp/pdp-deployments/standalone-docker-1).\nIf you are already familiar with how to run your PDP, You can also run a PDP on you environment (Dev/Prod, etc).\n\nIn that case, don't forget to change the **hostname** and the **port** in your code.\n### Simple usage\nTo use the middleware add this to your startup.cs\n```c#\nservices.AddBuildAuthorization(options =\u003e\n{\n    options.Enable = true;\n    options.BaseAddress = \"http://localhost:8181\";\n    options.PolicyPath = \"/v1/data/authz/allow\";\n    options.AllowOnFailure = false;\n    options.Timeout = 5;\n});\n```\n\nYou can also add more context for the PDP authz decision using the `Authorize` attribute on a ASP.NET controller, [as shown in the sample application](https://github.com/build-security/OPA-AspDotNetCore-Middleware/blob/main/Source/SampleApplication/Controllers/BaseAuthController.cs#L6).\n\n### Mandatory configuration\n\n 1. `BaseAddress`: String. The address of the Policy Decision Point (PDP)\n\n### Optional configuration\n 1. `PolicyPath`: String. Full path to the policy (including the rule) that decides whether requests should be authorized. **/v1/data/authz/allow**\n 2. `AllowOnFailure`: Boolean. \"Fail open\" mechanism to allow access to the API in case the policy engine is not reachable. **Default is false**.\n 3. `IncludeBody`: Boolean. Whether or not to pass the request body to the policy engine. **Default is true**.\n 4. `IncludeHeaders`: Boolean. Whether or not to pass the request headers to the policy engine. **Default is true**\n 5. `Timeout`: Boolean. Amount of time to wait before request is abandoned and request is declared as failed. **Default is 1000ms**.\n 6. `Enable`: Boolean. Whether or not to consult with the policy engine for the specific request. **Default is true**\n 7. `IgnoreEndpoints`- String array. Determines what endpoint should be excluded from authorization.\n 8. `IgnoreRegex` - String array. Determines what endpoints should be excluded from authorization using regex.  \n\n### PDP Request example\n\nThis is what the input received by the PDP would look like:\n\n```\n{\n   \"input\":{\n      \"request\":{\n         \"method\":\"GET\",\n         \"query\":[\n            \n         ],\n         \"path\":\"/static/js/0.chunk.js\",\n         \"scheme\":\"http\",\n         \"host\":{\n            \"value\":\"localhost:5000\",\n            \"hasValue\":true,\n            \"host\":\"localhost\",\n            \"port\":5000\n         }\n      },\n      \"source\":{\n         \"ipAddress\":\"::1\",\n         \"port\":64288\n      },\n      \"destination\":{\n         \"ipAddress\":\"::1\",\n         \"port\":5000\n      },\n      \"resources\":{\n         \"requirements\":[\n            \n         ],\n         \"attributes\":{\n            \n         }\n      },\n      \"sample\":\"application\"\n   }\n}\n```\n\nIf everything works well you should receive the following response:\n\n```\n{\n    \"decision_id\":\"ef414180-05bd-4817-9634-7d1537d5a657\",\n    \"result\":true\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuild-security%2FOPA-AspDotNetCore-Middleware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuild-security%2FOPA-AspDotNetCore-Middleware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuild-security%2FOPA-AspDotNetCore-Middleware/lists"}