ProtectorTokenAuth 1.0.1
dotnet add package ProtectorTokenAuth --version 1.0.1
NuGet\Install-Package ProtectorTokenAuth -Version 1.0.1
<PackageReference Include="ProtectorTokenAuth" Version="1.0.1" />
paket add ProtectorTokenAuth --version 1.0.1
#r "nuget: ProtectorTokenAuth, 1.0.1"
// Install ProtectorTokenAuth as a Cake Addin
#addin nuget:?package=ProtectorTokenAuth&version=1.0.1
// Install ProtectorTokenAuth as a Cake Tool
#tool nuget:?package=ProtectorTokenAuth&version=1.0.1
Protector Auth Token
Simple token authentication for .NET Core API and MVC projects. It looks for an access token in the request header under the "ProtectorToken" key and verifies its validity when accessing a controller or an action tagged with the [Protect] attribute.
This project uses Microsoft's Data Protection library (https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/introduction?view=aspnetcore-6.0) to secure the access token.
Usage:
- Add the ProtectorTokenAuth (https://www.nuget.org/packages/ProtectorTokenAuth/) Nuget package to your .NET Core API or MVC project.
- Enable it in your project's Startup.cs:
public void ConfigureServices(IServiceCollection services) {
services.AddProtectorAuth();
}
NOTE: It is recommended to use the AddProtectorAuthWithOptions() method and specify your own unique provider name so that tokens issued from other systems won't be valid on yours.
- Inject the IAuthService authentication service into any controllers or services you wish to create or validate access tokens and hash passwords:
public class MyController : ControllerBase
{
public MyController(IAuthService authService)
{
this.authService = authService;
}
}
- Issue a token on successful login like so:
public string YourLoginMethod()
{
// ... login functionality here
return authService.CreateAccessToken(new TokenPayload
{
Username = username,
UserRoles = new string[] { roleName },
CustomData = new Dictionary<string,string>()
});
}
- Protect your controllers or actions using the [Protect] attribute. You can also specify which roles the attribute should allow.
[Protect]
public StatusMessageVM SomeMethod() {
// ...
}
[Protect("Admin")]
public StatusMessageVM AdminOnlyMethod() {
// ...
}
[Protect("Admin", "Moderator")]
public StatusMessageVM AdminAndModeratorOnlyMethod() {
// ...
}
You can access a user's name, roles and custom data everywhere the IAuthService is injected by looking at
authService.ActiveUser,authService.ActiveUserRolesandauthService.ActiveUserDataYou can use the
HashPasswordof theAuthServiceto hash passwords before storing them to your database. It has an optional salt parameter for further security.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- Microsoft.AspNetCore.DataProtection (>= 6.0.5)
- Microsoft.AspNetCore.DataProtection.Abstractions (>= 6.0.5)
- Microsoft.AspNetCore.Mvc.Core (>= 2.2.5)
- Microsoft.Extensions.DependencyInjection (>= 6.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 6.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Exposed user custom data through AuthService.