{"id":23164759,"url":"https://github.com/godeltech/godeltech.microservices.security","last_synced_at":"2026-02-08T20:14:16.736Z","repository":{"id":42465019,"uuid":"281497351","full_name":"GodelTech/GodelTech.Microservices.Security","owner":"GodelTech","description":"GodelTech.Microservices.Security","archived":false,"fork":false,"pushed_at":"2024-12-15T20:41:54.000Z","size":1499,"stargazers_count":0,"open_issues_count":3,"forks_count":1,"subscribers_count":11,"default_branch":"main","last_synced_at":"2024-12-15T21:28:52.400Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GodelTech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-21T20:27:05.000Z","updated_at":"2024-07-02T18:19:53.000Z","dependencies_parsed_at":"2024-12-15T21:24:08.589Z","dependency_job_id":"949985e9-ad75-4105-9384-11cec431fded","html_url":"https://github.com/GodelTech/GodelTech.Microservices.Security","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GodelTech%2FGodelTech.Microservices.Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GodelTech%2FGodelTech.Microservices.Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GodelTech%2FGodelTech.Microservices.Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GodelTech%2FGodelTech.Microservices.Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GodelTech","download_url":"https://codeload.github.com/GodelTech/GodelTech.Microservices.Security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230202349,"owners_count":18189437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-18T01:12:48.326Z","updated_at":"2026-02-08T20:14:16.706Z","avatar_url":"https://github.com/GodelTech.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GodelTech.Microservices.Security\n\n## Overview\n\n**GodelTech.Microservices.Security** contains initializer responsible for REST API endpoint security configuration.\n\n## Quick Start\n\n### REST API Security\nIn order to configure REST API security `Startup.cs` and application configuration files must be updated. `Startup` class must use `ApiSecurityInitializer`. The following snippet demonstrates one of possible options how to `Startup` may look like:\n\n```c#\n public class Startup : MicroserviceStartup\n {\n public Startup(IConfiguration configuration) \n : base(configuration)\n {\n\n }\n\n protected override IEnumerable\u003cIMicroserviceInitializer\u003e CreateInitializers()\n {\n yield return new DeveloperExceptionPageInitializer(Configuration);\n yield return new HstsInitializer();\n\n yield return new GenericInitializer(null, (app, _) =\u003e app.UseRouting());\n\n yield return new ApiSecurityInitializer(\n options =\u003e Configuration.Bind(\"ApiSecurityOptions\", options),\n new PolicyFactory()\n );\n\n yield return new ApiInitializer(Configuration);\n }\n }\n```\nPolicyFactory class:\n```c#\n public class PolicyFactory : IAuthorizationPolicyFactory\n {\n public IReadOnlyDictionary\u003cstring, AuthorizationPolicy\u003e Create()\n {\n return new Dictionary\u003cstring, AuthorizationPolicy\u003e\n {\n [\"add\"] = GetAuthorizationPolicy(\"fake.add\"),\n [\"edit\"] = GetAuthorizationPolicy(\"fake.edit\"),\n [\"delete\"] = GetAuthorizationPolicy(\"fake.delete\")\n };\n }\n\n private static AuthorizationPolicy GetAuthorizationPolicy(string requiredScope)\n {\n var policyBuilder = new AuthorizationPolicyBuilder();\n\n policyBuilder.RequireAuthenticatedUser();\n policyBuilder.RequireClaim(\"scope\", requiredScope);\n\n return policyBuilder.Build();\n }\n }\n```\nConfiguration file may have configuration section similar to this:\n\n```json\n \"ApiSecurityOptions\": {\n \"RequireHttpsMetadata\": false,\n \"Authority\": \"https://localhost:44300\",\n \"Issuer\": \"https://localhost:44300\",\n \"Audience\": \"DemoApi\",\n \"TokenValidation\": {\n \"ValidateAudience\": true\n }\n }\n```\n\n**NOTE:** You controller or method must be decorated with `[Authorize]` attribute which has policy name specified. Here is how it may look like:\n\n```c#\n [Authorize]\n [Route(\"fakes\")]\n [ApiController]\n public class FakeController : ControllerBase\n {\n [HttpGet]\n [ProducesResponseType(typeof(IList\u003cFakeModel\u003e), StatusCodes.Status200OK)]\n public IActionResult GetList()\n {\n ...\n }\n\n [HttpGet(\"{id:int}\")]\n [ProducesResponseType(StatusCodes.Status404NotFound)]\n [ProducesResponseType(typeof(FakeModel), StatusCodes.Status200OK)]\n public IActionResult Get(int id)\n {\n ...\n }\n\n [Authorize(\"add\")]\n [HttpPost]\n [ProducesResponseType(typeof(FakeModel), StatusCodes.Status201Created)]\n public IActionResult Post([FromBody] FakePostModel model)\n {\n ...\n }\n }\n```\n\n### UI Security\n\nIn order to configure UI security `Startup.cs` file needs to be updated. `UiSecurityInitializer` must be added to list of initializers. Here is example how your `Startup` class may look like:\n\n```c#\n public class Startup : MicroserviceStartup\n {\n public Startup(IConfiguration configuration)\n : base(configuration)\n {\n\n }\n\n protected override IEnumerable\u003cIMicroserviceInitializer\u003e CreateInitializers()\n {\n yield return new DeveloperExceptionPageInitializer();\n yield return new ExceptionHandlerInitializer(\"/Home/Error\");\n yield return new HstsInitializer();\n\n yield return new GenericInitializer(null, (app, _) =\u003e app.UseStaticFiles());\n\n yield return new GenericInitializer(null, (app, _) =\u003e app.UseRouting());\n\n yield return new UiSecurityInitializer(\n options =\u003e Configuration.Bind(\"UiSecurityOptions\", options)\n );\n\n yield return new MvcInitializer();\n }\n }\n```\n\nThe following configuration secription need to be added to `appsettings.json`:\n\n```json\n \"UiSecurityOptions\": {\n \"Authority\": \"https://localhost:44300\",\n \"Issuer\": \"https://localhost:44300\",\n \"ClientId\": \"Mvc\",\n \"ClientSecret\": \"secret\",\n \"RequireHttpsMetadata\": false,\n \"Scopes\": [\n \"openid\",\n \"profile\",\n \"offline_access\",\n \"api\"\n ]\n }\n```\n**NOTE:** You need to decorate your MVC / Razor Pages controllers with `[Authorize]` attribute or apply corresponding conventions by creating subclass of `RazorPagesInitializer`.\n\n## Configuration Options\n\n`ApiSecurityInitializer` uses `ApiSecurityOptions` class. Full list of settings can be found in the following snippet:\n\n```json\n \"ApiSecurityOptions\": {\n \"RequireHttpsMetadata\": false,\n \"Authority\": \"https://localhost:44300\",\n \"Issuer\": \"https://localhost:44300\",\n \"Audience\": \"DemoApi\",\n \"TokenValidation\": {\n \"ValidateAudience\": true,\n \"ValidateIssuer\": true,\n \"ValidateIssuerSigningKey\": true,\n \"ValidateLifetime\": true\n },\n \"SaveToken\": true,\n \"IncludeErrorDetails\": true\n }\n```\n**IMPORTANT:** By default all validation and security restrictions are turned ON.\n\n`UiSecurityInitializer` uses `UiSecurityOptions` class. Full list of settings can be found in the following snippet:\n\n```json\n \"UiSecurityOptions\": {\n \"Authority\": \"https://localhost:44300\",\n \"Issuer\": \"https://localhost:44300\",\n \"ClientId\": \"Mvc\",\n \"ClientSecret\": \"secret\",\n \"GetClaimsFromUserInfoEndpoint\": true,\n \"RequireHttpsMetadata\": false,\n \"ResponseType\": \"code\",\n \"Scopes\": [\n \"openid\",\n \"profile\",\n \"offline_access\",\n \"api\"\n ],\n \"UsePkce\": true,\n \"PublicAuthorityUri\": \"https://localhost:44300\",\n \"SaveTokens\": true\n }\n```\n\n**NOTE:** `PublicAuthorityUri` specific public address of identity provider. This setting might be useful when server-to-server communication happens within internal network (Kubernetes, docker-compose) but user uses public address to navigate to service.\n\n## Links\n\nThe following resources might be useful to understand internals of current project:\n* [IdentityServer Documentation](https://identityserver4.readthedocs.io/en/latest/quickstarts/0_overview.html)\n* [IdentityServer Examples](https://github.com/IdentityServer/IdentityServer4/tree/main/samples)\n* [IdentityModel.AspNetCore](https://identitymodel.readthedocs.io/en/latest/aspnetcore/overview.html)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgodeltech%2Fgodeltech.microservices.security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgodeltech%2Fgodeltech.microservices.security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgodeltech%2Fgodeltech.microservices.security/lists"}