Forem: Paul Welter The latest articles on Forem by Paul Welter (@pwelter34). https://forem.com/pwelter34 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3480679%2F3ae8f578-890c-4583-aec9-9e40a8bd2703.png Forem: Paul Welter https://forem.com/pwelter34 en Blazilla: FluentValidation Integration for Blazor Forms Paul Welter Wed, 17 Sep 2025 17:00:00 +0000 https://forem.com/loresoft/blazilla-fluentvalidation-integration-for-blazor-forms-23pp https://forem.com/loresoft/blazilla-fluentvalidation-integration-for-blazor-forms-23pp <p>Form validation is a critical aspect of any web application, and Blazor developers have long sought a clean, powerful way to integrate FluentValidation with Blazor's <code>EditForm</code> component. Enter <strong>Blazilla</strong> - a library that bridges this gap perfectly, providing seamless integration between <a href="https://fluentvalidation.net/" rel="noopener noreferrer">FluentValidation</a> and Blazor forms.</p> <h2> What is Blazilla? </h2> <p>Blazilla is a lightweight .NET library designed specifically to integrate FluentValidation's robust validation capabilities with Blazor's <code>EditForm</code> component. Whether you're building Blazor Server or Blazor WebAssembly applications, Blazilla provides a clean, efficient way to implement client-side validation using FluentValidation's expressive syntax.</p> <h2> Why Another FluentValidation for Blazor Library? </h2> <p>You might be wondering: "There are already FluentValidation integrations for Blazor out there, so why create another one?" The answer lies in the complex integration challenges that existing solutions don't fully address. Blazilla was built to solve specific technical problems that arise when bridging FluentValidation with Blazor's component model.</p> <h3> The FieldIdentifier Challenge </h3> <p>One of the most significant hurdles in integrating FluentValidation with Blazor is the mismatch between how Blazor identifies form fields and how FluentValidation references properties. Blazor uses <code>FieldIdentifier</code> objects to track form fields, while FluentValidation uses string-based property paths.</p> <p>Blazilla automatically handles this conversion through sophisticated object tree analysis:</p> <ul> <li> <strong>Simple Properties</strong>: <code>{ Model = person, FieldName = "FirstName" }</code> → <code>"FirstName"</code> </li> <li> <strong>Nested Properties</strong>: <code>{ Model = address, FieldName = "Street" }</code> → <code>"Address.Street"</code> </li> <li> <strong>Collection Items</strong>: <code>{ Model = phoneNumber, FieldName = "Number" }</code> → <code>"PhoneNumbers[0].Number"</code> </li> </ul> <p>This automatic path conversion ensures that validation messages from FluentValidation rules are correctly associated with their corresponding Blazor input components, regardless of object complexity.</p> <h3> Blazor's Async Validation Limitations </h3> <p>Blazor's built-in validation system has fundamental limitations when it comes to asynchronous validation:</p> <ol> <li><p><strong>OnValidSubmit Timing Issue</strong>: The <code>OnValidSubmit</code> event fires immediately after synchronous validation passes, without waiting for async validation operations to complete. This means forms can prematurely submit while async validation is still running, potentially allowing invalid data through.</p></li> <li><p><strong>EditContext.Validate() Limitations</strong>: The standard <code>EditContext.Validate()</code> method only performs synchronous validation and doesn't trigger or wait for async validation rules.</p></li> </ol> <p>These limitations affect <strong>all</strong> validation libraries attempting to integrate with Blazor, not just FluentValidation. Many existing solutions simply don't address these issues properly, leading to forms that can submit with incomplete validation results.</p> <p>Blazilla solves this by:</p> <ul> <li>Providing an opt-in <code>AsyncMode</code> parameter that allows proper async validation handling when needed</li> <li>Extending <code>EditContext</code> with a <code>ValidateAsync()</code> method that properly waits for all async operations</li> <li>Offering clear guidance on when to use <code>OnSubmit</code> vs <code>OnValidSubmit</code> </li> </ul> <h3> Performance Optimization Through Expression Trees </h3> <p>Form validation can be a performance bottleneck, especially in complex applications. Blazilla addresses this through:</p> <ul> <li> <strong>Compiled Expression Trees</strong>: Validation contexts are created using compiled expressions for optimal performance</li> <li> <strong>Singleton Validator Pattern</strong>: Proper DI registration guidance ensures validators are stateless and cached</li> <li> <strong>Smart Async Handling</strong>: Only enables async overhead when actually needed</li> </ul> <h3> Real-World Integration Complexity </h3> <p>Existing FluentValidation integrations often work well for simple scenarios but fall short when dealing with:</p> <ul> <li><strong>Complex nested object hierarchies</strong></li> <li><strong>Dynamic form scenarios with rule sets</strong></li> <li> <strong>Mixed sync/async validation requirements</strong> </li> <li><strong>Custom validator selector needs</strong></li> <li><strong>Performance-critical applications</strong></li> </ul> <p>Blazilla was designed from the ground up to handle these real-world complexities while maintaining a clean, intuitive API.</p> <h3> Developer Experience Focus </h3> <p>Rather than just providing basic FluentValidation integration, Blazilla prioritizes developer experience by:</p> <ul> <li> <strong>Seamless Integration</strong>: Works with existing Blazor validation patterns without breaking changes</li> <li> <strong>Clear Error Messages</strong>: Provides helpful guidance when configuration issues arise</li> <li> <strong>Comprehensive Documentation</strong>: Includes detailed examples for complex scenarios</li> <li> <strong>Best Practice Guidance</strong>: Built-in patterns that encourage proper architecture</li> <li> <strong>Extensive Unit Tests</strong>: The library includes comprehensive unit test coverage ensuring reliability and stability across different scenarios</li> <li> <strong>Sample Complex Forms</strong>: Real-world examples demonstrate advanced features like nested validation, async rules, and rule sets in action</li> </ul> <p>Blazilla isn't just another validation library—it's a comprehensive solution to the real integration challenges developers face when building production Blazor applications with FluentValidation.</p> <h3> Try It Live </h3> <p>Want to see Blazilla in action before diving into the code? The library includes live interactive sample forms that showcase all the key features in a real Blazor application. Visit <a href="https://loresoft.com/Blazilla/" rel="noopener noreferrer">https://loresoft.com/Blazilla/</a> to explore:</p> <ul> <li> <strong>Basic Form Validation</strong>: Simple examples showing real-time validation in action</li> <li> <strong>Async Validation Demos</strong>: See how async validation rules work with database lookups and API calls</li> <li> <strong>Nested Object Forms</strong>: Complex forms with nested properties and collection validation</li> <li> <strong>Rule Set Examples</strong>: Dynamic validation scenarios using different rule sets</li> <li> <strong>Performance Benchmarks</strong>: Live examples demonstrating the performance optimizations</li> </ul> <p>These interactive samples are not just demos—they're fully functional examples with complete source code that you can reference when implementing similar features in your own applications. Each sample includes detailed explanations of the validation rules and implementation patterns used.</p> <h2> Key Features </h2> <p>Blazilla brings a comprehensive set of features that make form validation in Blazor applications both powerful and developer-friendly:</p> <ul> <li> <strong>Real-time Validation</strong>: Fields are validated as users type or change values, providing immediate feedback without requiring form submission.</li> <li> <strong>Form-level Validation</strong>: Complete model validation occurs on form submission, ensuring data integrity before processing.</li> <li> <strong>Nested Object Validation</strong>: Full support for complex object hierarchies, allowing validation of deeply nested properties.</li> <li> <strong>Asynchronous Validation</strong>: Built-in support for async validation rules, perfect for database lookups or API calls during validation.</li> <li> <strong>Rule Sets</strong>: Execute specific groups of validation rules based on context (e.g., "Create" vs "Update" scenarios).</li> <li> <strong>Custom Validator Selectors</strong>: Fine-grained control over which validation rules execute in different situations.</li> <li> <strong>Dependency Injection Integration</strong>: Automatic validator resolution from the DI container, following .NET best practices.</li> <li> <strong>Performance Optimized</strong>: Uses compiled expression trees for fast validation context creation, ensuring minimal performance overhead.</li> </ul> <h2> Installation </h2> <p>Getting started with Blazilla is straightforward. Install the package via NuGet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Blazilla </code></pre> </div> <p>Or via Package Manager Console:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-Package</span><span class="w"> </span><span class="nx">Blazilla</span><span class="w"> </span></code></pre> </div> <h2> Quick Start Guide </h2> <p>Let's walk through a complete example to see how easy it is to get started with Blazilla.</p> <h3> 1. Create Your Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Person</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">FirstName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">LastName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Age</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">EmailAddress</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 2. Create a FluentValidation Validator </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">FluentValidation</span><span class="p">;</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">PersonValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">PersonValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">FirstName</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"First name is required"</span><span class="p">)</span> <span class="p">.</span><span class="nf">MaximumLength</span><span class="p">(</span><span class="m">50</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"First name cannot exceed 50 characters"</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">LastName</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Last name is required"</span><span class="p">)</span> <span class="p">.</span><span class="nf">MaximumLength</span><span class="p">(</span><span class="m">50</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Last name cannot exceed 50 characters"</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Age</span><span class="p">)</span> <span class="p">.</span><span class="nf">GreaterThanOrEqualTo</span><span class="p">(</span><span class="m">0</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Age must be greater than or equal to 0"</span><span class="p">)</span> <span class="p">.</span><span class="nf">LessThan</span><span class="p">(</span><span class="m">150</span><span class="p">).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Age must be less than 150"</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">EmailAddress</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Email address is required"</span><span class="p">)</span> <span class="p">.</span><span class="nf">EmailAddress</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Please provide a valid email address"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Register the Validator </h3> <h4> Blazor Server (<code>Program.cs</code>) </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">FluentValidation</span><span class="p">;</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddRazorPages</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddServerSideBlazor</span><span class="p">();</span> <span class="c1">// Register FluentValidation validators as singletons for better performance</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddSingleton</span><span class="p">&lt;</span><span class="n">IValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;,</span> <span class="n">PersonValidator</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="c1">// ... rest of configuration</span> </code></pre> </div> <h4> Blazor WebAssembly (<code>Program.cs</code>) </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">FluentValidation</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.AspNetCore.Components.Web</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.AspNetCore.Components.WebAssembly.Hosting</span><span class="p">;</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebAssemblyHostBuilder</span><span class="p">.</span><span class="nf">CreateDefault</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">RootComponents</span><span class="p">.</span><span class="n">Add</span><span class="p">&lt;</span><span class="n">App</span><span class="p">&gt;(</span><span class="s">"#app"</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">RootComponents</span><span class="p">.</span><span class="n">Add</span><span class="p">&lt;</span><span class="n">HeadOutlet</span><span class="p">&gt;(</span><span class="s">"head::after"</span><span class="p">);</span> <span class="c1">// Register FluentValidation validators as singletons for better performance</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddSingleton</span><span class="p">&lt;</span><span class="n">IValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;,</span> <span class="n">PersonValidator</span><span class="p">&gt;();</span> <span class="k">await</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">().</span><span class="nf">RunAsync</span><span class="p">();</span> </code></pre> </div> <h3> 4. Use in Your Blazor Component </h3> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>@page "/person-form" <span class="nt">&lt;h3&gt;</span>Person Form<span class="nt">&lt;/h3&gt;</span> <span class="nt">&lt;EditForm</span> <span class="na">Model=</span><span class="s">"@person"</span> <span class="na">OnValidSubmit=</span><span class="s">"@HandleValidSubmit"</span><span class="nt">&gt;</span> <span class="nt">&lt;FluentValidator</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationSummary</span> <span class="nt">/&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"mb-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"firstName"</span> <span class="na">class=</span><span class="s">"form-label"</span><span class="nt">&gt;</span>First Name<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;InputText</span> <span class="na">id=</span><span class="s">"firstName"</span> <span class="na">class=</span><span class="s">"form-control"</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"person.FirstName"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationMessage</span> <span class="na">For=</span><span class="s">"@(() =&gt; person.FirstName)"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"mb-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"lastName"</span> <span class="na">class=</span><span class="s">"form-label"</span><span class="nt">&gt;</span>Last Name<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;InputText</span> <span class="na">id=</span><span class="s">"lastName"</span> <span class="na">class=</span><span class="s">"form-control"</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"person.LastName"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationMessage</span> <span class="na">For=</span><span class="s">"@(() =&gt; person.LastName)"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"mb-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"age"</span> <span class="na">class=</span><span class="s">"form-label"</span><span class="nt">&gt;</span>Age<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;InputNumber</span> <span class="na">id=</span><span class="s">"age"</span> <span class="na">class=</span><span class="s">"form-control"</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"person.Age"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationMessage</span> <span class="na">For=</span><span class="s">"@(() =&gt; person.Age)"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;div</span> <span class="na">class=</span><span class="s">"mb-3"</span><span class="nt">&gt;</span> <span class="nt">&lt;label</span> <span class="na">for=</span><span class="s">"email"</span> <span class="na">class=</span><span class="s">"form-label"</span><span class="nt">&gt;</span>Email<span class="nt">&lt;/label&gt;</span> <span class="nt">&lt;InputText</span> <span class="na">id=</span><span class="s">"email"</span> <span class="na">class=</span><span class="s">"form-control"</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"person.EmailAddress"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationMessage</span> <span class="na">For=</span><span class="s">"@(() =&gt; person.EmailAddress)"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span><span class="nt">&gt;</span>Submit<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/EditForm&gt;</span> @code { private Person person = new(); private async Task HandleValidSubmit() { // Handle successful form submission Console.WriteLine("Form submitted successfully!"); } } </code></pre> </div> <p>That's it! With just a few lines of code, you have a fully functional form with real-time validation powered by FluentValidation.</p> <h2> Advanced Features </h2> <h3> Asynchronous Validation </h3> <p>One of Blazilla's standout features is its support for asynchronous validation. This is particularly useful for scenarios like checking username availability or validating data against external APIs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">PersonValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">PersonValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">EmailAddress</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Email is required"</span><span class="p">)</span> <span class="p">.</span><span class="nf">EmailAddress</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Please provide a valid email address"</span><span class="p">)</span> <span class="p">.</span><span class="nf">MustAsync</span><span class="p">(</span><span class="k">async</span> <span class="p">(</span><span class="n">email</span><span class="p">,</span> <span class="n">cancellation</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="c1">// Simulate async validation (e.g., database check)</span> <span class="k">await</span> <span class="n">Task</span><span class="p">.</span><span class="nf">Delay</span><span class="p">(</span><span class="m">500</span><span class="p">,</span> <span class="n">cancellation</span><span class="p">);</span> <span class="k">return</span> <span class="p">!</span><span class="n">email</span><span class="p">?.</span><span class="nf">Equals</span><span class="p">(</span><span class="s">"admin@example.com"</span><span class="p">,</span> <span class="n">StringComparison</span><span class="p">.</span><span class="n">OrdinalIgnoreCase</span><span class="p">)</span> <span class="p">??</span> <span class="k">true</span><span class="p">;</span> <span class="p">}).</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"This email address is not available"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>When using async validation, you'll need to handle form submission differently:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;EditForm</span> <span class="na">Model=</span><span class="s">"@person"</span> <span class="na">OnSubmit=</span><span class="s">"@HandleSubmit"</span><span class="nt">&gt;</span> <span class="nt">&lt;FluentValidator</span> <span class="na">AsyncMode=</span><span class="s">"true"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;ValidationSummary</span> <span class="nt">/&gt;</span> <span class="c">&lt;!-- form fields --&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"submit"</span> <span class="na">class=</span><span class="s">"btn btn-primary"</span> <span class="na">disabled=</span><span class="s">"@isSubmitting"</span><span class="nt">&gt;</span> @(isSubmitting ? "Validating..." : "Submit") <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/EditForm&gt;</span> @code { private Person person = new(); private bool isSubmitting = false; private async Task HandleSubmit(EditContext editContext) { isSubmitting = true; StateHasChanged(); try { // Use ValidateAsync to ensure all async validation completes var isValid = await editContext.ValidateAsync(); if (isValid) { // Form is valid, proceed with submission await ProcessValidForm(); } } finally { isSubmitting = false; StateHasChanged(); } } private async Task ProcessValidForm() { Console.WriteLine("Form submitted successfully!"); await Task.Delay(1000); // Simulate form processing } } </code></pre> </div> <h3> Rule Sets </h3> <p>Rule sets allow you to execute specific groups of validation rules based on context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">PersonValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">PersonValidator</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Default rules (always executed)</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">FirstName</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">();</span> <span class="c1">// Rules in specific rule sets</span> <span class="nf">RuleSet</span><span class="p">(</span><span class="s">"Create"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">EmailAddress</span><span class="p">)</span> <span class="p">.</span><span class="nf">NotEmpty</span><span class="p">()</span> <span class="p">.</span><span class="nf">EmailAddress</span><span class="p">();</span> <span class="p">});</span> <span class="nf">RuleSet</span><span class="p">(</span><span class="s">"Update"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">LastName</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then use specific rule sets in your component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- Execute only the "Create" rule set --&gt;</span> <span class="nt">&lt;FluentValidator</span> <span class="na">RuleSets=</span><span class="s">"@(new[] { "</span><span class="na">Create</span><span class="err">"</span> <span class="err">})"</span> <span class="nt">/&gt;</span> <span class="c">&lt;!-- Execute all rules including those in rule sets --&gt;</span> <span class="nt">&lt;FluentValidator</span> <span class="na">AllRules=</span><span class="s">"true"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h3> Nested Object Validation </h3> <p>Blazilla excels at validating complex objects with nested properties:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Person</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">FirstName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">LastName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">Address</span><span class="p">?</span> <span class="n">Address</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">Address</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">Street</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">City</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">PostalCode</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">AddressValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Address</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">AddressValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">a</span> <span class="p">=&gt;</span> <span class="n">a</span><span class="p">.</span><span class="n">Street</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Street is required"</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">a</span> <span class="p">=&gt;</span> <span class="n">a</span><span class="p">.</span><span class="n">City</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"City is required"</span><span class="p">);</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">a</span> <span class="p">=&gt;</span> <span class="n">a</span><span class="p">.</span><span class="n">PostalCode</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">().</span><span class="nf">WithMessage</span><span class="p">(</span><span class="s">"Postal code is required"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">PersonValidator</span> <span class="p">:</span> <span class="n">AbstractValidator</span><span class="p">&lt;</span><span class="n">Person</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">PersonValidator</span><span class="p">()</span> <span class="p">{</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">FirstName</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">();</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">LastName</span><span class="p">).</span><span class="nf">NotEmpty</span><span class="p">();</span> <span class="c1">// Validate nested Address object</span> <span class="nf">RuleFor</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Address</span><span class="p">!)</span> <span class="p">.</span><span class="nf">SetValidator</span><span class="p">(</span><span class="k">new</span> <span class="nf">AddressValidator</span><span class="p">())</span> <span class="p">.</span><span class="nf">When</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Address</span> <span class="k">is</span> <span class="k">not</span> <span class="k">null</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Component Parameters </h2> <p>The <code>FluentValidator</code> component provides several parameters for customization:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Parameter</th> <th>Type</th> <th>Default</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>Validator</code></td> <td><code>IValidator?</code></td> <td>null</td> <td>Custom validator instance to use instead of DI resolution</td> </tr> <tr> <td><code>RuleSets</code></td> <td><code>IEnumerable&lt;string&gt;?</code></td> <td>null</td> <td>Specific rule sets to execute</td> </tr> <tr> <td><code>AllRules</code></td> <td><code>bool</code></td> <td>false</td> <td>Execute all rules including those in rule sets</td> </tr> <tr> <td><code>AsyncMode</code></td> <td><code>bool</code></td> <td>false</td> <td>Enable asynchronous validation mode</td> </tr> <tr> <td><code>Selector</code></td> <td><code>IValidatorSelector?</code></td> <td>null</td> <td>Custom validator selector for advanced scenarios</td> </tr> </tbody> </table></div> <h2> Performance Considerations </h2> <p>Blazilla is designed with performance in mind:</p> <ul> <li> <strong>Singleton Registration</strong>: Validators should be registered as singletons in the DI container since they are stateless</li> <li> <strong>Expression Tree Compilation</strong>: Validation contexts are created using compiled expression trees for optimal performance</li> <li> <strong>Async Optimization</strong>: Only enable <code>AsyncMode</code> when you have actual async validation rules to avoid unnecessary overhead</li> </ul> <h2> Conclusion </h2> <p>Blazilla represents a significant step forward for Blazor form validation. By bridging the gap between FluentValidation's powerful rule system and Blazor's component model, it provides developers with a clean, efficient, and feature-rich solution for form validation.</p> <p>Whether you're building simple forms or complex multi-step wizards with nested validation, Blazilla provides the tools you need to create robust, user-friendly forms in your Blazor applications.</p> <p>The library is actively maintained, well-documented, and designed with real-world usage in mind. If you're working with Blazor forms and want to leverage FluentValidation's capabilities, Blazilla is definitely worth adding to your toolkit.</p> <h2> Resources </h2> <ul> <li> <strong>Live Demo</strong>: <a href="https://loresoft.com/Blazilla/" rel="noopener noreferrer">https://loresoft.com/Blazilla/</a> </li> <li> <strong>GitHub Repository</strong>: <a href="https://github.com/loresoft/Blazilla" rel="noopener noreferrer">https://github.com/loresoft/Blazilla</a> </li> <li> <strong>NuGet Package</strong>: <a href="https://www.nuget.org/packages/Blazilla/" rel="noopener noreferrer">https://www.nuget.org/packages/Blazilla/</a> </li> <li> <strong>FluentValidation</strong>: <a href="https://fluentvalidation.net/" rel="noopener noreferrer">https://fluentvalidation.net/</a> </li> <li> <strong>License</strong>: MIT License</li> </ul> <p>Ready to get started? Install Blazilla today and experience the power of seamless FluentValidation integration in your Blazor applications!</p> blazor fluentvalidation aspnetcore validation HashGate - HMAC Authentication Implementation Paul Welter Mon, 25 Aug 2025 14:07:26 +0000 https://forem.com/loresoft/hashgate-hmac-authentication-implementation-5fbk https://forem.com/loresoft/hashgate-hmac-authentication-implementation-5fbk <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnv84g7fbw7ozl9tbiekv.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnv84g7fbw7ozl9tbiekv.jpg" alt="HMAC Authentication" width="800" height="533"></a></p> <p>In today's microservices landscape, secure server-to-server communication is more critical than ever. While OAuth and JWT tokens are popular choices for user authentication, they often introduce unnecessary complexity and dependencies for service-to-service communication. That's where <strong>HashGate</strong> comes in - a lightweight, powerful HMAC authentication library designed specifically for ASP.NET Core applications.</p> <p><a href="https://github.com/loresoft/HashGate" rel="noopener noreferrer">https://github.com/loresoft/HashGate</a></p> <h2> What is HashGate? </h2> <p>HashGate is a comprehensive HMAC (Hash-based Message Authentication Code) authentication system that provides both server-side authentication middleware and client-side HTTP handlers. Inspired by AWS Signature Version 4 and Azure HMAC Authentication, HashGate ensures that every HTTP request is cryptographically signed, providing request integrity and authenticity without the overhead of traditional token-based systems.</p> <h2> Why Choose HMAC Authentication? </h2> <p>Before diving into HashGate's features, let's explore why HMAC authentication is particularly well-suited for modern distributed systems:</p> <h3> Enhanced Security </h3> <ul> <li> <strong>No credentials in transit</strong>: Unlike bearer tokens, HMAC signatures are computed from request data, meaning the actual secret never travels over the network</li> <li> <strong>Request integrity</strong>: Each request is cryptographically signed, ensuring the payload hasn't been tampered with during transmission</li> <li> <strong>Replay attack protection</strong>: Built-in timestamp validation prevents malicious replaying of captured requests</li> </ul> <h3> Microservices Architecture Benefits </h3> <ul> <li> <strong>Stateless authentication</strong>: No need for centralized token stores or session management across services</li> <li> <strong>Service-to-service isolation</strong>: Each service can have unique HMAC keys, limiting blast radius if one service is compromised</li> <li> <strong>Zero-dependency authentication</strong>: No reliance on external identity providers or token validation services</li> </ul> <h3> Operational Advantages </h3> <ul> <li> <strong>High performance</strong>: HMAC computation is fast and doesn't require network calls to validate authenticity</li> <li> <strong>Reduced infrastructure</strong>: No need for token refresh endpoints, session stores, or identity service dependencies</li> <li> <strong>Deterministic debugging</strong>: Failed requests can be reproduced locally since signatures are deterministic</li> <li> <strong>Language agnostic</strong>: Any programming language can call HMAC-authenticated endpoints - Python, JavaScript, Java, Go, PHP, Ruby, and more can all generate the required HMAC signatures using standard cryptographic libraries</li> </ul> <h2> Key Features </h2> <p>HashGate brings enterprise-grade HMAC authentication to your .NET applications with these features:</p> <ul> <li> <strong>Secure HMAC-SHA256 authentication</strong> with timestamp validation</li> <li> <strong>Easy integration</strong> with ASP.NET Core authentication system</li> <li> <strong>Client library included</strong> for .NET HttpClient integration</li> <li> <strong>Request replay protection</strong> with configurable time windows</li> <li> <strong>Highly configurable</strong> key providers and validation options</li> </ul> <h2> Getting Started </h2> <p>Getting HashGate up and running is straightforward. The library provides separate NuGet packages for server and client implementations:</p> <h3> Installation </h3> <p>For your ASP.NET Core server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package HashGate.AspNetCore </code></pre> </div> <p>For your .NET client applications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package HashGate.HttpClient </code></pre> </div> <h3> Server Setup </h3> <p>Setting up HMAC authentication on your ASP.NET Core server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">HashGate.AspNetCore</span><span class="p">;</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// Add HMAC authentication</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span> <span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddHmacAuthentication</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthentication</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="c1">// Your protected endpoints</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/api/secure"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Hello, authenticated user!"</span><span class="p">)</span> <span class="p">.</span><span class="nf">RequireAuthorization</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <p>Configure your HMAC secrets in <code>appsettings.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"HmacSecrets"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"MyClientId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-secret-key-here"</span><span class="p">,</span><span class="w"> </span><span class="nl">"AnotherClient"</span><span class="p">:</span><span class="w"> </span><span class="s2">"another-secret-key"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>Note</strong>: For advanced scenarios requiring custom key storage or validation logic (such as database-backed keys, key rotation, or custom claims), implement the <code>IHmacKeyProvider</code> interface. This allows you to control how keys are retrieved and what claims are generated for authenticated clients. See the Advanced Features section for detailed implementation examples.</p> </blockquote> <h3> Client Setup </h3> <p>The client side is equally straightforward:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">HashGate.HttpClient</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.Extensions.DependencyInjection</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.Extensions.Hosting</span><span class="p">;</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">Host</span><span class="p">.</span><span class="nf">CreateApplicationBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// Add HMAC authentication services</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddHmacAuthentication</span><span class="p">();</span> <span class="c1">// Configure HttpClient with HMAC authentication</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span> <span class="p">.</span><span class="nf">AddHttpClient</span><span class="p">(</span><span class="s">"SecureApi"</span><span class="p">,</span> <span class="n">client</span> <span class="p">=&gt;</span> <span class="n">client</span><span class="p">.</span><span class="n">BaseAddress</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">Uri</span><span class="p">(</span><span class="s">"https://api.example.com"</span><span class="p">))</span> <span class="p">.</span><span class="n">AddHttpMessageHandler</span><span class="p">&lt;</span><span class="n">HmacAuthenticationHttpHandler</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="c1">// Make authenticated requests</span> <span class="kt">var</span> <span class="n">httpClientFactory</span> <span class="p">=</span> <span class="n">app</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">IHttpClientFactory</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">httpClient</span> <span class="p">=</span> <span class="n">httpClientFactory</span><span class="p">.</span><span class="nf">CreateClient</span><span class="p">(</span><span class="s">"SecureApi"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span><span class="s">"/api/secure"</span><span class="p">);</span> </code></pre> </div> <p>Client configuration in <code>appsettings.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"HmacAuthentication"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Client"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MyClientId"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Secret"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-secret-key-here"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> How It Works </h2> <p>HashGate implements a straightforward authentication flow that ensures request integrity and authenticity:</p> <h3> Authentication Flow Overview </h3> <ol> <li> <strong>Client Credentials</strong>: Each client has a unique identifier and secret key</li> <li> <strong>Request Signing</strong>: Client calculates HMAC signature of request details</li> <li> <strong>Headers Added</strong>: Authentication headers are added to the request</li> <li> <strong>Server Validation</strong>: Server validates the signature using the shared secret</li> </ol> <h3> Required Headers </h3> <p>Every authenticated request must include these four essential headers:</p> <ul> <li> <strong>Host</strong>: Internet host and port number (e.g., <code>api.example.com</code>)</li> <li> <strong>x-timestamp</strong>: Unix timestamp in seconds when the request was created (must be within server's time tolerance window, typically 5 minutes)</li> <li> <strong>x-content-sha256</strong>: Base64-encoded SHA256 hash of the request body (required even for requests with empty bodies)</li> <li> <strong>Authorization</strong>: HMAC authentication information containing client ID, signed headers, and signature</li> </ul> <h3> String-to-Sign Construction </h3> <p>The heart of HMAC authentication is the canonical string-to-sign format, which must be constructed precisely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{HTTP_METHOD_UPPERCASE}\n{PATH_WITH_QUERY}\n{SEMICOLON_SEPARATED_HEADER_VALUES} </code></pre> </div> <h4> Construction Rules </h4> <ul> <li> <strong>HTTP Method</strong>: Must be uppercase (GET, POST, PUT, DELETE, etc.)</li> <li> <strong>Path with Query</strong>: Full path including query string parameters in their original order</li> <li> <strong>Header Values</strong>: Semicolon-separated values in the exact order specified by the <code>SignedHeaders</code> parameter</li> <li> <strong>Encoding</strong>: Use UTF-8 encoding and consistent newline characters (<code>\n</code>, not <code>\r\n</code>)</li> </ul> <h4> Examples </h4> <p>GET request with query parameters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET\n/api/users?page=1&amp;limit=10\napi.example.com;1640995200;47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= </code></pre> </div> <p>POST request with body:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST\n/api/users\napi.example.com;1640995201;jZKwqY8QqKqzQe7xJKwqY8QqKqzQe7xKwqY8QqKqzQe= </code></pre> </div> <h3> Authorization Header Format </h3> <p>The authorization header follows a specific structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>HMAC Client={CLIENT_ID}&amp;SignedHeaders={HEADER_NAMES}&amp;Signature={BASE64_SIGNATURE} </code></pre> </div> <h4> Component Breakdown </h4> <ul> <li> <strong>Scheme Name</strong>: Always starts with <code>HMAC</code> (case-sensitive)</li> <li> <strong>Client Parameter</strong>: Your unique client identifier (e.g., <code>demo-client</code>)</li> <li> <strong>SignedHeaders Parameter</strong>: Semicolon-separated list of header names included in the signature (e.g., <code>host;x-timestamp;x-content-sha256</code>)</li> <li> <strong>Signature Parameter</strong>: Base64-encoded HMAC-SHA256 signature of the string-to-sign</li> </ul> <h4> Example Authorization Headers </h4> <p>Basic authorization header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>HMAC Client=demo-client&amp;SignedHeaders=host;x-timestamp;x-content-sha256&amp;Signature=abc123def456ghi789jkl012mno345pqr678stu901vwx234yz567890= </code></pre> </div> <p>With custom headers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>HMAC Client=mobile-app&amp;SignedHeaders=host;x-timestamp;x-content-sha256;content-type&amp;Signature=xyz789abc123def456ghi789jkl012mno345pqr678stu901vwx234yz= </code></pre> </div> <h3> Cryptographic Operations </h3> <p>HashGate performs two key cryptographic operations:</p> <ol> <li> <strong>Content Hash</strong>: SHA256 hash of UTF-8 encoded request body, then Base64 encode (required even for empty bodies)</li> <li> <strong>Signature Generation</strong>: HMAC-SHA256 of the string-to-sign using UTF-8 encoded secret key, then Base64 encode</li> </ol> <h3> Implementation Algorithm </h3> <p>The complete algorithm follows these steps:</p> <ol> <li>Extract host from request URL</li> <li>Generate current Unix timestamp</li> <li>Calculate SHA256 hash of request body (use empty content hash constant for empty bodies)</li> <li>Create header values array in order: <code>[host, timestamp, content_hash]</code> </li> <li>Create string-to-sign: <code>"METHOD\nPATH\nheader_values_joined_by_semicolon"</code> </li> <li>Generate HMAC-SHA256 signature of string-to-sign using secret key</li> <li>Base64 encode the signature</li> <li>Create authorization header with client ID, signed headers, and signature</li> <li>Add all required headers to request</li> </ol> <h3> Validation on Server </h3> <p>The server performs these validation steps:</p> <ul> <li> <strong>Timestamp</strong>: Must be within server's time tolerance window</li> <li> <strong>Content Hash</strong>: Must match actual request body hash</li> <li> <strong>Signature</strong>: Must match server's calculated signature using the same algorithm</li> <li> <strong>Headers</strong>: All signed headers must be present and match signed values</li> </ul> <p>This comprehensive approach ensures that any tampering with the request will be detected, and only clients with valid credentials can successfully authenticate.</p> <h2> Advanced Features </h2> <h3> Custom Key Providers </h3> <p>HashGate allows you to implement custom key providers for advanced scenarios:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">DatabaseKeyProvider</span> <span class="p">:</span> <span class="n">IHmacKeyProvider</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IKeyRepository</span> <span class="n">_keyRepository</span><span class="p">;</span> <span class="k">public</span> <span class="nf">DatabaseKeyProvider</span><span class="p">(</span><span class="n">IKeyRepository</span> <span class="n">keyRepository</span><span class="p">)</span> <span class="p">{</span> <span class="n">_keyRepository</span> <span class="p">=</span> <span class="n">keyRepository</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">?&gt;</span> <span class="nf">GetSecretAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">client</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">key</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_keyRepository</span><span class="p">.</span><span class="nf">GetKeyAsync</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">return</span> <span class="n">key</span><span class="p">?.</span><span class="n">Secret</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="n">ClaimsIdentity</span><span class="p">&gt;</span> <span class="nf">GenerateClaimsAsync</span><span class="p">(</span><span class="kt">string</span> <span class="n">client</span><span class="p">,</span> <span class="kt">string</span><span class="p">?</span> <span class="n">scheme</span> <span class="p">=</span> <span class="k">null</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">identity</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">ClaimsIdentity</span><span class="p">(</span><span class="n">scheme</span><span class="p">);</span> <span class="n">identity</span><span class="p">.</span><span class="nf">AddClaim</span><span class="p">(</span><span class="k">new</span> <span class="nf">Claim</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">client</span><span class="p">));</span> <span class="c1">// Add additional claims based on your requirements</span> <span class="kt">var</span> <span class="n">model</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_keyRepository</span><span class="p">.</span><span class="nf">GetClientAsync</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">model</span> <span class="p">!=</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="n">identity</span><span class="p">.</span><span class="nf">AddClaim</span><span class="p">(</span><span class="k">new</span> <span class="nf">Claim</span><span class="p">(</span><span class="s">"display_name"</span><span class="p">,</span> <span class="n">model</span><span class="p">.</span><span class="n">DisplayName</span><span class="p">));</span> <span class="c1">// Add role claims, permissions, etc. as needed</span> <span class="p">}</span> <span class="k">return</span> <span class="n">identity</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Register the custom key provider</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span> <span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="n">AddHmacAuthentication</span><span class="p">&lt;</span><span class="n">DatabaseKeyProvider</span><span class="p">&gt;();</span> </code></pre> </div> <h3> Configuration Options </h3> <p>HashGate provides extensive configuration options:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Server configuration with custom options</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span> <span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddHmacAuthentication</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">ToleranceWindow</span> <span class="p">=</span> <span class="m">10</span><span class="p">;</span> <span class="c1">// 10 minutes timestamp tolerance</span> <span class="n">options</span><span class="p">.</span><span class="n">SecretSectionName</span> <span class="p">=</span> <span class="s">"MyHmacSecrets"</span><span class="p">;</span> <span class="c1">// Custom config section</span> <span class="p">});</span> <span class="c1">// Client configuration with custom options</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddHmacAuthentication</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">Client</span> <span class="p">=</span> <span class="s">"MyClientId"</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">Secret</span> <span class="p">=</span> <span class="s">"my-secret-key"</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">SignedHeaders</span> <span class="p">=</span> <span class="p">[</span><span class="s">"host"</span><span class="p">,</span> <span class="s">"x-timestamp"</span><span class="p">,</span> <span class="s">"x-content-sha256"</span><span class="p">,</span> <span class="s">"content-type"</span><span class="p">];</span> <span class="p">});</span> </code></pre> </div> <h2> Sample Implementations </h2> <p>HashGate includes comprehensive sample implementations to help you get started quickly:</p> <ul> <li> <strong>Sample.MinimalApi</strong>: ASP.NET Core minimal API with protected endpoints</li> <li> <strong>Sample.Client</strong>: .NET client using HttpClient with HMAC authentication</li> <li> <strong>Sample.Bruno</strong>: Bruno API collection for testing HMAC endpoints</li> <li> <strong>Sample.JavaScript</strong>: JavaScript/Node.js client implementation</li> <li> <strong>Sample.Python</strong>: Python client implementation demonstrating HMAC authentication</li> </ul> <h2> Security Considerations </h2> <p>When implementing HashGate in production, keep these security best practices in mind:</p> <ul> <li>Always use HTTPS in production environments</li> <li>Protect HMAC secret keys - never expose them in client-side code</li> <li>Monitor timestamp tolerance - shorter windows provide better security</li> <li>Rotate keys regularly with proper key rotation policies</li> <li>Log authentication failures to monitor for potential attacks</li> <li>Validate all inputs, especially timestamp and signature formats</li> </ul> <h2> Use Cases Where HashGate Excels </h2> <p>HashGate is particularly well-suited for:</p> <ul> <li>Internal API gateways communicating with backend services</li> <li>Microservice mesh where services need to authenticate each other</li> <li>Webhook validation from external systems</li> <li>Background job services accessing protected APIs</li> <li>IoT device communication where OAuth flows are impractical</li> </ul> <h2> Conclusion </h2> <p>HashGate represents a modern approach to service-to-service authentication that prioritizes security, performance, and simplicity. By implementing proven HMAC authentication patterns used by major cloud providers, HashGate provides a robust foundation for securing your distributed applications.</p> <p>Whether you're building a microservices architecture, need secure webhook validation, or want to eliminate dependencies on external identity providers, HashGate offers a compelling solution that's both powerful and easy to implement.</p> <p>The library is open source and available on GitHub at <a href="https://github.com/loresoft/HashGate" rel="noopener noreferrer">https://github.com/loresoft/HashGate</a>, with comprehensive documentation and sample implementations to help you get started quickly.</p> security authentication aspnetcore dotnet Privileged: A Powerful Authorization Library for .NET Paul Welter Sat, 23 Aug 2025 04:17:45 +0000 https://forem.com/loresoft/privileged-a-powerful-authorization-library-for-net-1fmj https://forem.com/loresoft/privileged-a-powerful-authorization-library-for-net-1fmj <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8m9hu01dlrrx1cgnxoct.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8m9hu01dlrrx1cgnxoct.jpg" alt="Privileged Authorization Library" width="800" height="533"></a></p> <p><strong>Privileged</strong>, a .NET authorization library that makes implementing rule-based permissions both simple and powerful. Whether you're building a basic web application or a complex enterprise system, Privileged provides the flexibility to scale from simple claim-based authorization to a fully-featured subject and attribute-based authorization system.</p> <p><a href="https://github.com/loresoft/Privileged" rel="noopener noreferrer">https://github.com/loresoft/Privileged</a></p> <h2> What is Privileged? </h2> <p>Privileged is an authorization library that operates on rules defining what a user can actually do in your application. It's designed to be incrementally adoptable - you can start simple and add complexity as your authorization requirements grow.</p> <p>The library is built around three core concepts:</p> <ol> <li> <strong>Action</strong> - What the user wants to do (e.g., <code>read</code>, <code>write</code>, <code>delete</code>)</li> <li> <strong>Subject</strong> - The resource being accessed (e.g., <code>Post</code>, <code>User</code>, <code>Document</code>) </li> <li> <strong>Qualifiers</strong> - Field-level restrictions for fine-grained control (e.g., <code>title</code>, <code>content</code>)</li> </ol> <h2> Key Features </h2> <ul> <li> <strong>Versatile</strong>: Incrementally adoptable and easily scales between simple claim-based and fully-featured authorization</li> <li> <strong>Isomorphic</strong>: Works on both frontend and backend with complementary packages</li> <li> <strong>Declarative</strong>: Serializable rules that can be shared between UI and API</li> <li> <strong>Rule-based</strong>: Support for both allow and forbid rules with precedence</li> <li> <strong>Aliases</strong>: Create reusable aliases for actions, subjects, and qualifiers</li> <li> <strong>Field-level permissions</strong>: Fine-grained control with qualifier support</li> <li> <strong>ASP.NET Core Integration</strong>: Seamless integration with attribute-based policies</li> <li> <strong>Blazor Integration</strong>: Ready-to-use components for conditional rendering</li> <li> <strong>Performance Optimized</strong>: Efficient rule evaluation and matching algorithms</li> </ul> <h2> Getting Started </h2> <p>Install the core package via NuGet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Privileged </code></pre> </div> <p>For ASP.NET Core applications, also install the authorization package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Privileged.Authorization </code></pre> </div> <p>For Blazor applications, add the components package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Privileged.Components </code></pre> </div> <h2> Basic Usage </h2> <p>Here's how to create and use basic authorization rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">PrivilegeBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"write"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">)</span> <span class="p">.</span><span class="nf">Forbid</span><span class="p">(</span><span class="s">"delete"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">)</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="c1">// Check permissions</span> <span class="kt">bool</span> <span class="n">canReadPost</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">);</span> <span class="c1">// true</span> <span class="kt">bool</span> <span class="n">canWriteUser</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"write"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">);</span> <span class="c1">// true</span> <span class="kt">bool</span> <span class="n">canDeleteUser</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"delete"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">);</span> <span class="c1">// false</span> <span class="kt">bool</span> <span class="n">canReadUser</span> <span class="p">=</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">);</span> <span class="c1">// false (not explicitly allowed)</span> </code></pre> </div> <h3> Wildcard Rules </h3> <p>Use wildcards for broader permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">PrivilegeBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"test"</span><span class="p">,</span> <span class="n">PrivilegeRule</span><span class="p">.</span><span class="n">Any</span><span class="p">)</span> <span class="c1">// Allow 'test' action on any subject</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="n">PrivilegeRule</span><span class="p">.</span><span class="n">Any</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)</span> <span class="c1">// Allow any action on 'Post'</span> <span class="p">.</span><span class="nf">Forbid</span><span class="p">(</span><span class="s">"publish"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)</span> <span class="c1">// Forbid overrides allow</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> </code></pre> </div> <h3> Field-Level Permissions </h3> <p>Use qualifiers for fine-grained, field-level control:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">PrivilegeBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">,</span> <span class="p">[</span><span class="s">"title"</span><span class="p">,</span> <span class="s">"id"</span><span class="p">])</span> <span class="c1">// Only allow reading specific fields</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">)</span> <span class="c1">// Allow reading all User fields</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="c1">// Check field-specific permissions</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">,</span> <span class="s">"title"</span><span class="p">).</span><span class="nf">Should</span><span class="p">().</span><span class="nf">BeTrue</span><span class="p">();</span> <span class="c1">// Allowed</span> <span class="n">context</span><span class="p">.</span><span class="nf">Allowed</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">,</span> <span class="s">"content"</span><span class="p">).</span><span class="nf">Should</span><span class="p">().</span><span class="nf">BeFalse</span><span class="p">();</span> <span class="c1">// Not allowed</span> </code></pre> </div> <h2> ASP.NET Core Integration </h2> <p>The <code>Privileged.Authorization</code> package provides seamless integration with ASP.NET Core's authorization system.</p> <h3> Setup </h3> <p>Configure the authorization services in your <code>Program.cs</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">Privileged.Authorization</span><span class="p">;</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">(</span><span class="cm">/* your auth setup */</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="c1">// Register privilege services</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddPrivilegeAuthorization</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddScoped</span><span class="p">&lt;</span><span class="n">IPrivilegeContextProvider</span><span class="p">,</span> <span class="n">YourPrivilegeContextProvider</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthentication</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> </code></pre> </div> <h3> Using the Privilege Attribute </h3> <p>Use the <code>[Privilege]</code> attribute to declaratively specify authorization requirements:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"api/[controller]"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">PostsController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="p">[</span><span class="nf">Privilege</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">GetPosts</span><span class="p">()</span> <span class="p">=&gt;</span> <span class="nf">Ok</span><span class="p">();</span> <span class="p">[</span><span class="n">HttpPost</span><span class="p">]</span> <span class="p">[</span><span class="nf">Privilege</span><span class="p">(</span><span class="s">"create"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">CreatePost</span><span class="p">([</span><span class="n">FromBody</span><span class="p">]</span> <span class="n">CreatePostRequest</span> <span class="n">request</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="nf">Ok</span><span class="p">();</span> <span class="p">[</span><span class="nf">HttpPut</span><span class="p">(</span><span class="s">"{id}/title"</span><span class="p">)]</span> <span class="p">[</span><span class="nf">Privilege</span><span class="p">(</span><span class="s">"update"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">,</span> <span class="s">"title"</span><span class="p">)]</span> <span class="c1">// Field-level permission</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">UpdatePostTitle</span><span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">,</span> <span class="p">[</span><span class="n">FromBody</span><span class="p">]</span> <span class="kt">string</span> <span class="n">title</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="nf">Ok</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h3> Minimal API Support </h3> <p>The library also works great with minimal APIs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Simple attribute usage</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/api/posts"</span><span class="p">,</span> <span class="p">[</span><span class="nf">Privilege</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">)]</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Ok</span><span class="p">(</span><span class="k">new</span><span class="p">[]</span> <span class="p">{</span> <span class="k">new</span> <span class="p">{</span> <span class="n">Id</span> <span class="p">=</span> <span class="m">1</span><span class="p">,</span> <span class="n">Title</span> <span class="p">=</span> <span class="s">"Hello"</span> <span class="p">}</span> <span class="p">}));</span> <span class="c1">// Using RequirePrivilege extension</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapPut</span><span class="p">(</span><span class="s">"/api/posts/{id}/title"</span><span class="p">,</span> <span class="p">(</span><span class="kt">int</span> <span class="n">id</span><span class="p">,</span> <span class="kt">string</span> <span class="n">title</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Ok</span><span class="p">();</span> <span class="p">}).</span><span class="nf">RequirePrivilege</span><span class="p">(</span><span class="s">"update"</span><span class="p">,</span> <span class="s">"Post"</span><span class="p">,</span> <span class="s">"title"</span><span class="p">);</span> </code></pre> </div> <h2> Blazor Integration </h2> <p>The <code>Privileged.Components</code> package provides components for building privilege-aware UIs.</p> <h3> Conditional Rendering </h3> <p>Use the <code>PrivilegeView</code> component to conditionally show content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;PrivilegeView</span> <span class="na">Action=</span><span class="s">"read"</span> <span class="na">Subject=</span><span class="s">"Post"</span><span class="nt">&gt;</span> <span class="nt">&lt;p&gt;</span>You can read posts!<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/PrivilegeView&gt;</span> <span class="nt">&lt;PrivilegeView</span> <span class="na">Action=</span><span class="s">"delete"</span> <span class="na">Subject=</span><span class="s">"Post"</span><span class="nt">&gt;</span> <span class="nt">&lt;Allowed&gt;</span> <span class="nt">&lt;button</span> <span class="na">class=</span><span class="s">"btn btn-danger"</span><span class="nt">&gt;</span>Delete Post<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;/Allowed&gt;</span> <span class="nt">&lt;Forbidden&gt;</span> <span class="nt">&lt;span</span> <span class="na">class=</span><span class="s">"text-muted"</span><span class="nt">&gt;</span>Delete not allowed<span class="nt">&lt;/span&gt;</span> <span class="nt">&lt;/Forbidden&gt;</span> <span class="nt">&lt;/PrivilegeView&gt;</span> </code></pre> </div> <h3> Privilege-Aware Navigation </h3> <p>The <code>PrivilegeLink</code> component extends <code>NavLink</code> with privilege checking:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;nav</span> <span class="na">class=</span><span class="s">"navbar"</span><span class="nt">&gt;</span> <span class="nt">&lt;PrivilegeLink</span> <span class="na">Subject=</span><span class="s">"Post"</span> <span class="na">Action=</span><span class="s">"read"</span> <span class="na">href=</span><span class="s">"/posts"</span> <span class="na">class=</span><span class="s">"nav-link"</span><span class="nt">&gt;</span> Posts <span class="nt">&lt;/PrivilegeLink&gt;</span> <span class="nt">&lt;PrivilegeLink</span> <span class="na">Subject=</span><span class="s">"User"</span> <span class="na">Action=</span><span class="s">"manage"</span> <span class="na">href=</span><span class="s">"/users"</span> <span class="na">class=</span><span class="s">"nav-link"</span><span class="nt">&gt;</span> Users <span class="nt">&lt;/PrivilegeLink&gt;</span> <span class="nt">&lt;/nav&gt;</span> </code></pre> </div> <h3> Smart Input Components </h3> <p>Privilege-aware input components automatically handle read/write permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>@* Becomes read-only if user can't update *@ <span class="nt">&lt;PrivilegeInputText</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"@model.Title"</span> <span class="na">Subject=</span><span class="s">"Post"</span> <span class="na">Field=</span><span class="s">"title"</span> <span class="nt">/&gt;</span> @* Disables if user can't update *@ <span class="nt">&lt;PrivilegeInputSelect</span> <span class="err">@</span><span class="na">bind-Value=</span><span class="s">"@model.Status"</span> <span class="na">Subject=</span><span class="s">"Post"</span> <span class="na">Field=</span><span class="s">"status"</span><span class="nt">&gt;</span> <span class="nt">&lt;option</span> <span class="na">value=</span><span class="s">"draft"</span><span class="nt">&gt;</span>Draft<span class="nt">&lt;/option&gt;</span> <span class="nt">&lt;option</span> <span class="na">value=</span><span class="s">"published"</span><span class="nt">&gt;</span>Published<span class="nt">&lt;/option&gt;</span> <span class="nt">&lt;/PrivilegeInputSelect&gt;</span> </code></pre> </div> <h2> Advanced Features </h2> <h3> Aliases </h3> <p>Create reusable aliases for common permission groups:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">PrivilegeBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">Alias</span><span class="p">(</span><span class="s">"Manage"</span><span class="p">,</span> <span class="p">[</span><span class="s">"Create"</span><span class="p">,</span> <span class="s">"Update"</span><span class="p">,</span> <span class="s">"Delete"</span><span class="p">],</span> <span class="n">PrivilegeMatch</span><span class="p">.</span><span class="n">Action</span><span class="p">)</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"Manage"</span><span class="p">,</span> <span class="s">"Project"</span><span class="p">)</span> <span class="c1">// Allows all actions in the "Manage" alias</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> </code></pre> </div> <h3> Multiple Actions and Subjects </h3> <p>Use extension methods for bulk rule creation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">context</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">PrivilegeBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">([</span><span class="s">"read"</span><span class="p">,</span> <span class="s">"update"</span><span class="p">],</span> <span class="s">"Post"</span><span class="p">)</span> <span class="c1">// Multiple actions, single subject</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">(</span><span class="s">"read"</span><span class="p">,</span> <span class="p">[</span><span class="s">"Post"</span><span class="p">,</span> <span class="s">"User"</span><span class="p">])</span> <span class="c1">// Single action, multiple subjects</span> <span class="p">.</span><span class="nf">Allow</span><span class="p">([</span><span class="s">"create"</span><span class="p">,</span> <span class="s">"read"</span><span class="p">],</span> <span class="p">[</span><span class="s">"Post"</span><span class="p">,</span> <span class="s">"Comment"</span><span class="p">])</span> <span class="c1">// Multiple actions and subjects</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> </code></pre> </div> <h2> Implementation Strategy </h2> <h3> IPrivilegeContextProvider </h3> <p>Implement <code>IPrivilegeContextProvider</code> to load permissions from your data source:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">DatabasePrivilegeContextProvider</span> <span class="p">:</span> <span class="n">IPrivilegeContextProvider</span> <span class="p">{</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="n">PrivilegeContext</span><span class="p">&gt;</span> <span class="nf">GetContextAsync</span><span class="p">(</span><span class="n">ClaimsPrincipal</span><span class="p">?</span> <span class="n">claimsPrincipal</span> <span class="p">=</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">user</span> <span class="p">=</span> <span class="n">claimsPrincipal</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">user</span><span class="p">?.</span><span class="n">Identity</span><span class="p">?.</span><span class="n">IsAuthenticated</span> <span class="p">!=</span> <span class="k">true</span><span class="p">)</span> <span class="k">return</span> <span class="n">PrivilegeContext</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="kt">var</span> <span class="n">userId</span> <span class="p">=</span> <span class="n">user</span><span class="p">.</span><span class="nf">FindFirst</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">NameIdentifier</span><span class="p">)?.</span><span class="n">Value</span><span class="p">;</span> <span class="kt">var</span> <span class="n">permissions</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_permissionService</span><span class="p">.</span><span class="nf">GetUserPermissionsAsync</span><span class="p">(</span><span class="n">userId</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">PrivilegeContext</span><span class="p">(</span><span class="n">permissions</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Why Choose Privileged? </h2> <ol> <li> <strong>Simple to Start</strong>: Begin with basic allow/forbid rules and grow complexity as needed</li> <li> <strong>Framework Integration</strong>: First-class support for ASP.NET Core and Blazor</li> <li> <strong>Declarative</strong>: Rules can be serialized and shared between services</li> <li> <strong>Performance</strong>: Optimized for efficient rule evaluation</li> <li> <strong>Flexible</strong>: Supports everything from simple permissions to complex field-level authorization</li> <li> <strong>Type Safe</strong>: Strongly-typed APIs with comprehensive IntelliSense support</li> </ol> <h2> Conclusion </h2> <p>Privileged provides a clean, powerful approach to authorization that grows with your application. Whether you need simple role-based permissions or complex field-level authorization, the library provides the tools to implement it elegantly.</p> <p>The combination of declarative rules, seamless framework integration, and incremental adoption makes it an excellent choice for .NET applications that need robust authorization capabilities.</p> <h2> Resources </h2> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/loresoft/Privileged" rel="noopener noreferrer">https://github.com/loresoft/Privileged</a> </li> <li> <strong>NuGet Packages</strong>: <ul> <li> <a href="https://www.nuget.org/packages/Privileged/" rel="noopener noreferrer">Privileged</a> (Core library)</li> <li> <a href="https://www.nuget.org/packages/Privileged.Authorization/" rel="noopener noreferrer">Privileged.Authorization</a> (ASP.NET Core integration)</li> <li> <a href="https://www.nuget.org/packages/Privileged.Components/" rel="noopener noreferrer">Privileged.Components</a> (Blazor components)</li> <li> <a href="https://www.nuget.org/packages/Privileged.Endpoint/" rel="noopener noreferrer">Privileged.Endpoint</a> (Minimal API extensions)</li> </ul> </li> </ul> authorization security aspnetcore permissions Arbiter Project: A Modern Take on the Mediator Pattern in .NET Paul Welter Mon, 04 Aug 2025 17:00:00 +0000 https://forem.com/loresoft/arbiter-project-a-modern-take-on-the-mediator-pattern-in-net-4918 https://forem.com/loresoft/arbiter-project-a-modern-take-on-the-mediator-pattern-in-net-4918 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv5jcv53mkpkpocjgxr6z.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv5jcv53mkpkpocjgxr6z.jpg" alt="Arbiter Project" width="800" height="533"></a></p> <p>Discover the Arbiter project - a modern implementation of the Mediator pattern for .NET applications embracing clean architecture and CQRS principles.</p> <ul> <li><a href="https://github.com/loresoft/Arbiter" rel="noopener noreferrer">https://github.com/loresoft/Arbiter</a></li> <li><a href="https://www.nuget.org/packages/Arbiter" rel="noopener noreferrer">https://www.nuget.org/packages/Arbiter</a></li> </ul> <h2> What is the Arbiter Project? </h2> <p>The Arbiter project is a comprehensive suite of libraries that implements the Mediator pattern and Command Query Responsibility Segregation (CQRS) in .NET. At its core lies the <strong>Arbiter.Mediation</strong> library, which serves as the foundation for building loosely coupled, testable applications using clean architectural patterns like Vertical Slice Architecture and CQRS.</p> <h2> Why Another Mediator Library? </h2> <p>While libraries like MediatR have dominated the .NET mediator space, Arbiter.Mediation brings several distinctive features to the table:</p> <ul> <li> <strong>Lightweight and Extensible</strong>: Designed with performance and extensibility in mind</li> <li> <strong>Modern .NET Support</strong>: Built specifically for contemporary .NET applications</li> <li> <strong>Clean Architecture Focus</strong>: Explicitly designed for Vertical Slice Architecture and CQRS patterns</li> <li> <strong>Comprehensive Ecosystem</strong>: Part of a larger suite that includes Entity Framework, MongoDB, and communication libraries</li> </ul> <h2> Key Features of Arbiter.Mediation </h2> <h3> Request/Response Pattern </h3> <p>The library supports the classic request/response pattern using <code>IRequest&lt;TResponse&gt;</code> and <code>IRequestHandler&lt;TRequest, TResponse&gt;</code> interfaces:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">Ping</span> <span class="p">:</span> <span class="n">IRequest</span><span class="p">&lt;</span><span class="n">Pong</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">Message</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">PingHandler</span> <span class="p">:</span> <span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Ping</span><span class="p">,</span> <span class="n">Pong</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="n">Pong</span><span class="p">&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">Ping</span> <span class="n">request</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Simulate some work</span> <span class="k">await</span> <span class="n">Task</span><span class="p">.</span><span class="nf">Delay</span><span class="p">(</span><span class="m">100</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="n">Pong</span> <span class="p">{</span> <span class="n">Message</span> <span class="p">=</span> <span class="s">$"</span><span class="p">{</span><span class="n">request</span><span class="p">.</span><span class="n">Message</span><span class="p">}</span><span class="s"> Pong"</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Event Notifications </h3> <p>For scenarios requiring event-driven architecture, Arbiter.Mediation provides notification support through <code>INotification</code> and <code>INotificationHandler&lt;TNotification&gt;</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">OrderCreatedEvent</span> <span class="p">:</span> <span class="n">INotification</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">OrderId</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTime</span> <span class="n">CreatedAt</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">OrderCreatedHandler</span> <span class="p">:</span> <span class="n">INotificationHandler</span><span class="p">&lt;</span><span class="n">OrderCreatedEvent</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">OrderCreatedEvent</span> <span class="n">notification</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Handle the order created event</span> <span class="c1">// Send email, update inventory, etc.</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Pipeline Behaviors </h3> <p>One of the most powerful features is the pipeline behavior system, which acts like middleware for your requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">PingBehavior</span> <span class="p">:</span> <span class="n">IPipelineBehavior</span><span class="p">&lt;</span><span class="n">Ping</span><span class="p">,</span> <span class="n">Pong</span><span class="p">&gt;</span> <span class="p">{</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="n">Pong</span><span class="p">&gt;</span> <span class="nf">Handle</span><span class="p">(</span> <span class="n">Ping</span> <span class="n">request</span><span class="p">,</span> <span class="n">RequestHandlerDelegate</span><span class="p">&lt;</span><span class="n">Pong</span><span class="p">&gt;</span> <span class="n">next</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Pre-processing logic</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">$"Before handling: </span><span class="p">{</span><span class="n">request</span><span class="p">.</span><span class="n">Message</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="nf">next</span><span class="p">(</span><span class="n">cancellationToken</span><span class="p">);</span> <span class="c1">// Post-processing logic</span> <span class="n">Console</span><span class="p">.</span><span class="nf">WriteLine</span><span class="p">(</span><span class="s">$"After handling: </span><span class="p">{</span><span class="n">response</span><span class="p">.</span><span class="n">Message</span><span class="p">}</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="n">response</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This pattern enables cross-cutting concerns like logging, validation, caching, and performance monitoring without cluttering your business logic.</p> <h2> Setting Up Arbiter.Mediation </h2> <p>Getting started is straightforward. Install the NuGet package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package Arbiter.Mediation </code></pre> </div> <p>Register the services in your dependency injection container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Register Mediator services</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddMediator</span><span class="p">();</span> <span class="c1">// Register handlers</span> <span class="n">services</span><span class="p">.</span><span class="n">TryAddTransient</span><span class="p">&lt;</span><span class="n">IRequestHandler</span><span class="p">&lt;</span><span class="n">Ping</span><span class="p">,</span> <span class="n">Pong</span><span class="p">&gt;,</span> <span class="n">PingHandler</span><span class="p">&gt;();</span> <span class="c1">// Optionally register pipeline behaviors</span> <span class="n">services</span><span class="p">.</span><span class="n">AddTransient</span><span class="p">&lt;</span><span class="n">IPipelineBehavior</span><span class="p">&lt;</span><span class="n">Ping</span><span class="p">,</span> <span class="n">Pong</span><span class="p">&gt;,</span> <span class="n">PingBehavior</span><span class="p">&gt;();</span> </code></pre> </div> <p>Then inject and use the mediator in your controllers or services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">PingController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IMediator</span> <span class="n">_mediator</span><span class="p">;</span> <span class="k">public</span> <span class="nf">PingController</span><span class="p">(</span><span class="n">IMediator</span> <span class="n">mediator</span><span class="p">)</span> <span class="p">{</span> <span class="n">_mediator</span> <span class="p">=</span> <span class="n">mediator</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span><span class="p">&lt;</span><span class="n">IActionResult</span><span class="p">&gt;</span> <span class="nf">Get</span><span class="p">(</span> <span class="kt">string</span><span class="p">?</span> <span class="n">message</span> <span class="p">=</span> <span class="k">null</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">request</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Ping</span> <span class="p">{</span> <span class="n">Message</span> <span class="p">=</span> <span class="n">message</span> <span class="p">};</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_mediator</span><span class="p">.</span><span class="n">Send</span><span class="p">&lt;</span><span class="n">Ping</span><span class="p">,</span> <span class="n">Pong</span><span class="p">&gt;(</span><span class="n">request</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">return</span> <span class="nf">Ok</span><span class="p">(</span><span class="n">response</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Observability with OpenTelemetry </h2> <p>Modern applications require comprehensive observability. Arbiter.Mediation addresses this with the <code>Arbiter.Mediation.OpenTelemetry</code> package, providing built-in tracing and metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// Install: dotnet add package Arbiter.Mediation.OpenTelemetry</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddMediatorDiagnostics</span><span class="p">();</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddOpenTelemetry</span><span class="p">()</span> <span class="p">.</span><span class="nf">WithTracing</span><span class="p">(</span><span class="n">tracing</span> <span class="p">=&gt;</span> <span class="n">tracing</span> <span class="p">.</span><span class="nf">AddMediatorInstrumentation</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddConsoleExporter</span><span class="p">()</span> <span class="p">)</span> <span class="p">.</span><span class="nf">WithMetrics</span><span class="p">(</span><span class="n">metrics</span> <span class="p">=&gt;</span> <span class="n">metrics</span> <span class="p">.</span><span class="nf">AddMediatorInstrumentation</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddConsoleExporter</span><span class="p">()</span> <span class="p">);</span> </code></pre> </div> <p>This integration allows you to monitor request performance, track handler execution, and identify bottlenecks in your application.</p> <h2> The Broader Arbiter Ecosystem </h2> <p>While Arbiter.Mediation forms the core, the Arbiter project extends far beyond basic mediation:</p> <ul> <li> <strong>Arbiter.CommandQuery</strong>: CQRS framework with base commands and queries for CRUD operations</li> <li> <strong>Arbiter.CommandQuery.EntityFramework</strong>: Entity Framework Core handlers for database operations</li> <li> <strong>Arbiter.CommandQuery.MongoDB</strong>: MongoDB handlers for document-based storage</li> <li> <strong>Arbiter.CommandQuery.Endpoints</strong>: Minimal API endpoints for your commands and queries</li> <li> <strong>Arbiter.Communication</strong>: Message template communication for email and SMS services</li> </ul> <p>This comprehensive ecosystem enables you to build complete applications using consistent patterns across different layers and technologies.</p> <h2> When to Choose Arbiter.Mediation </h2> <p>Arbiter.Mediation is particularly well-suited for:</p> <ul> <li> <strong>Clean Architecture Applications</strong>: When you're implementing Vertical Slice Architecture or onion architecture patterns</li> <li> <strong>CQRS Systems</strong>: Applications that benefit from command-query separation</li> <li> <strong>Microservices</strong>: Services that need clear request/response boundaries and event handling</li> <li> <strong>Modern .NET Applications</strong>: Projects targeting recent .NET versions that want to leverage contemporary patterns</li> </ul> <h2> Performance Considerations </h2> <p>While specific benchmarks aren't publicly available, Arbiter.Mediation is designed with performance in mind. The use of <code>ValueTask&lt;T&gt;</code> instead of <code>Task&lt;T&gt;</code> in handler interfaces suggests attention to allocation efficiency, particularly for synchronous operations that complete immediately.</p> <p>The dependency injection-based resolution and pipeline behavior system provide flexibility without sacrificing performance, making it suitable for high-throughput applications.</p> <h2> Conclusion </h2> <p>The Arbiter project, with Arbiter.Mediation at its core, represents a modern, thoughtful approach to implementing the Mediator pattern in .NET applications. Its focus on clean architecture, comprehensive ecosystem, and built-in observability support make it a compelling choice for developers building maintainable, scalable applications.</p> <p>Whether you're starting a new project or looking to refactor existing code toward cleaner architecture patterns, Arbiter.Mediation provides the tools and structure to implement robust, loosely coupled systems that are easy to test and maintain.</p> <p>For teams already familiar with MediatR, the transition to Arbiter.Mediation should be relatively smooth, while offering additional features and a more comprehensive ecosystem for building complete applications.</p> <p><em>Learn more about the Arbiter project and explore the source code on <a href="https://github.com/loresoft/Arbiter" rel="noopener noreferrer">GitHub</a>.</em></p> dotnet mediator cqrs verticalslice AspNetCore.SecurityKey - Security API Key Authentication Implementation for ASP.NET Core Paul Welter Fri, 01 Aug 2025 17:00:00 +0000 https://forem.com/loresoft/aspnetcoresecuritykey-security-api-key-authentication-implementation-for-aspnet-core-53cg https://forem.com/loresoft/aspnetcoresecuritykey-security-api-key-authentication-implementation-for-aspnet-core-53cg <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1rjw0frsjrao1ndww0b.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1rjw0frsjrao1ndww0b.jpg" alt="Security API Key Authentication" width="800" height="533"></a></p> <p>A flexible and lightweight API key authentication library for ASP.NET Core applications that supports multiple authentication patterns and integrates seamlessly with ASP.NET Core's authentication and authorization infrastructure.</p> <ul> <li><a href="https://github.com/loresoft/AspNetCore.SecurityKey" rel="noopener noreferrer">https://github.com/loresoft/AspNetCore.SecurityKey</a></li> <li><a href="https://www.nuget.org/packages/AspNetCore.SecurityKey" rel="noopener noreferrer">https://www.nuget.org/packages/AspNetCore.SecurityKey</a></li> </ul> <h2> Overview </h2> <p>AspNetCore.SecurityKey provides a complete API key authentication solution for ASP.NET Core applications with support for modern development patterns and best practices.</p> <p><strong>Key Features:</strong></p> <ul> <li> <strong>Multiple Input Sources</strong> - API keys via headers, query parameters, or cookies</li> <li> <strong>Flexible Authentication</strong> - Works with ASP.NET Core's built-in authentication or as standalone middleware</li> <li> <strong>Extensible Design</strong> - Custom validation and extraction logic support</li> <li> <strong>Rich Integration</strong> - Controller attributes, middleware, and minimal API support</li> <li> <strong>OpenAPI Support</strong> - Automatic Swagger/OpenAPI documentation generation (.NET 9+)</li> <li> <strong>High Performance</strong> - Minimal overhead with optional caching</li> <li> <strong>Multiple Deployment Patterns</strong> - Attribute-based, middleware, or endpoint filters</li> </ul> <h2> Quick Start </h2> <ol> <li> <strong>Install the package</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> dotnet add package AspNetCore.SecurityKey </code></pre> </div> <ol> <li> <strong>Configure your API key</strong> in <code>appsettings.json</code>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"SecurityKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"your-secret-api-key-here"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li> <strong>Register services</strong> and secure endpoints: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddSecurityKey</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseSecurityKey</span><span class="p">();</span> <span class="c1">// Secures all endpoints</span> </code></pre> </div> <ol> <li> <strong>Call your API</strong> with the key: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> curl <span class="nt">-H</span> <span class="s2">"X-API-KEY: your-secret-api-key-here"</span> https://yourapi.com/endpoint </code></pre> </div> <h2> Installation </h2> <p>The library is available on <a href="https://www.nuget.org/packages/AspNetCore.SecurityKey/" rel="noopener noreferrer">nuget.org</a> via package name <code>AspNetCore.SecurityKey</code>.</p> <h3> Package Manager Console </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-Package</span><span class="w"> </span><span class="nx">AspNetCore.SecurityKey</span><span class="w"> </span></code></pre> </div> <h3> .NET CLI </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package AspNetCore.SecurityKey </code></pre> </div> <h3> PackageReference </h3> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"AspNetCore.SecurityKey"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h2> How to Pass API Keys </h2> <p>AspNetCore.SecurityKey supports multiple ways to pass API keys in requests, providing flexibility for different client scenarios:</p> <h3> Request Headers (Recommended) </h3> <p>The most common and secure approach for API-to-API communication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET https://api.example.com/users Accept: application/json X-API-KEY: 01HSGVBSF99SK6XMJQJYF0X3WQ </code></pre> </div> <h3> Query Parameters </h3> <p>Useful for simple integrations or when headers cannot be easily modified:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET https://api.example.com/users?X-API-KEY=01HSGVBSF99SK6XMJQJYF0X3WQ Accept: application/json </code></pre> </div> <blockquote> <p><strong>Security Note</strong>: When using query parameters, be aware that API keys may appear in server logs, browser history, and referrer headers. Headers are generally preferred for production use.</p> </blockquote> <h3> Cookies </h3> <p>Ideal for browser-based applications or when API keys need persistence:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET https://api.example.com/users Accept: application/json Cookie: X-API-KEY=01HSGVBSF99SK6XMJQJYF0X3WQ </code></pre> </div> <h2> Configuration </h2> <h3> Basic Setup </h3> <p>Configure your API keys in <code>appsettings.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"SecurityKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01HSGVBSF99SK6XMJQJYF0X3WQ"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Multiple API Keys </h3> <p>Support multiple valid API keys using semicolon separation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"SecurityKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"01HSGVBGWXWDWTFGTJSYFXXDXQ;01HSGVBSF99SK6XMJQJYF0X3WQ;01HSGVAH2M5WVQYG4YPT7FNK4K8"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Usage Patterns </h2> <p>AspNetCore.SecurityKey supports multiple integration patterns to fit different application architectures and security requirements.</p> <h3> 1. Middleware Pattern (Global Protection) </h3> <p>Apply API key requirement to all endpoints in your application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// Register services</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddSecurityKey</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="c1">// Apply security to ALL endpoints</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseSecurityKey</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="c1">// All these endpoints require valid API keys</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/weather"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">WeatherService</span><span class="p">.</span><span class="nf">GetForecast</span><span class="p">());</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/users"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">UserService</span><span class="p">.</span><span class="nf">GetUsers</span><span class="p">());</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/products"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">ProductService</span><span class="p">.</span><span class="nf">GetProducts</span><span class="p">());</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <h3> 2. Attribute Pattern (Selective Protection) </h3> <p>Apply API key requirement to specific controllers or actions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"[controller]"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">UsersController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="c1">// This action requires API key</span> <span class="p">[</span><span class="n">SecurityKey</span><span class="p">]</span> <span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="k">public</span> <span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">User</span><span class="p">&gt;</span> <span class="nf">GetUsers</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="n">UserService</span><span class="p">.</span><span class="nf">GetUsers</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// This action is public (no API key required)</span> <span class="p">[</span><span class="nf">HttpGet</span><span class="p">(</span><span class="s">"public"</span><span class="p">)]</span> <span class="k">public</span> <span class="n">IEnumerable</span><span class="p">&lt;</span><span class="n">User</span><span class="p">&gt;</span> <span class="nf">GetPublicUsers</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="n">UserService</span><span class="p">.</span><span class="nf">GetPublicUsers</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Or apply to entire controller</span> <span class="p">[</span><span class="n">SecurityKey</span><span class="p">]</span> <span class="p">[</span><span class="n">ApiController</span><span class="p">]</span> <span class="p">[</span><span class="nf">Route</span><span class="p">(</span><span class="s">"[controller]"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SecureController</span> <span class="p">:</span> <span class="n">ControllerBase</span> <span class="p">{</span> <span class="c1">// All actions in this controller require API key</span> <span class="p">[</span><span class="n">HttpGet</span><span class="p">]</span> <span class="k">public</span> <span class="n">IActionResult</span> <span class="nf">Get</span><span class="p">()</span> <span class="p">=&gt;</span> <span class="nf">Ok</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Endpoint Filter Pattern (Minimal APIs) </h3> <p>Secure specific minimal API endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddSecurityKey</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="c1">// Public endpoint (no API key required)</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/health"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Healthy"</span><span class="p">);</span> <span class="c1">// Secured endpoint using filter</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/users"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">UserService</span><span class="p">.</span><span class="nf">GetUsers</span><span class="p">())</span> <span class="p">.</span><span class="nf">RequireSecurityKey</span><span class="p">();</span> <span class="c1">// Multiple endpoints can be grouped</span> <span class="kt">var</span> <span class="n">securedGroup</span> <span class="p">=</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGroup</span><span class="p">(</span><span class="s">"/api/secure"</span><span class="p">)</span> <span class="p">.</span><span class="nf">RequireSecurityKey</span><span class="p">();</span> <span class="n">securedGroup</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/data"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Secured data"</span><span class="p">);</span> <span class="n">securedGroup</span><span class="p">.</span><span class="nf">MapPost</span><span class="p">(</span><span class="s">"/action"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Secured action"</span><span class="p">);</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <h3> 4. Authentication Scheme Pattern (Full Integration) </h3> <p>Integrate with ASP.NET Core's authentication system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// Register authentication with SecurityKey scheme</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span> <span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddSecurityKey</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddSecurityKey</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthentication</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="c1">// Use standard authorization attributes</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/users"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">UserService</span><span class="p">.</span><span class="nf">GetUsers</span><span class="p">())</span> <span class="p">.</span><span class="nf">RequireAuthorization</span><span class="p">();</span> <span class="c1">// Can also be combined with role-based authorization</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"/admin"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="s">"Admin data"</span><span class="p">)</span> <span class="p">.</span><span class="nf">RequireAuthorization</span><span class="p">(</span><span class="s">"AdminPolicy"</span><span class="p">);</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <h2> Advanced Customization </h2> <h3> Custom Security Key Validation </h3> <p>Implement custom validation logic by creating a class that implements <code>ISecurityKeyValidator</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">DatabaseSecurityKeyValidator</span> <span class="p">:</span> <span class="n">ISecurityKeyValidator</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IApiKeyRepository</span> <span class="n">_repository</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">DatabaseSecurityKeyValidator</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">DatabaseSecurityKeyValidator</span><span class="p">(</span> <span class="n">IApiKeyRepository</span> <span class="n">repository</span><span class="p">,</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">DatabaseSecurityKeyValidator</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_repository</span> <span class="p">=</span> <span class="n">repository</span><span class="p">;</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="kt">bool</span><span class="p">&gt;</span> <span class="nf">Validate</span><span class="p">(</span><span class="kt">string</span><span class="p">?</span> <span class="k">value</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrEmpty</span><span class="p">(</span><span class="k">value</span><span class="p">))</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">apiKey</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_repository</span><span class="p">.</span><span class="nf">GetApiKeyAsync</span><span class="p">(</span><span class="k">value</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">apiKey</span> <span class="p">==</span> <span class="k">null</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogWarning</span><span class="p">(</span><span class="s">"Invalid API key attempted: {Key}"</span><span class="p">,</span> <span class="k">value</span><span class="p">);</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span><span class="n">apiKey</span><span class="p">.</span><span class="n">IsExpired</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogWarning</span><span class="p">(</span><span class="s">"Expired API key used: {Key}"</span><span class="p">,</span> <span class="k">value</span><span class="p">);</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Update last used timestamp</span> <span class="k">await</span> <span class="n">_repository</span><span class="p">.</span><span class="nf">UpdateLastUsedAsync</span><span class="p">(</span><span class="k">value</span><span class="p">,</span> <span class="n">DateTime</span><span class="p">.</span><span class="n">UtcNow</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">return</span> <span class="k">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">ex</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogError</span><span class="p">(</span><span class="n">ex</span><span class="p">,</span> <span class="s">"Error validating API key"</span><span class="p">);</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">public</span> <span class="k">async</span> <span class="n">ValueTask</span><span class="p">&lt;</span><span class="n">ClaimsIdentity</span><span class="p">&gt;</span> <span class="nf">Authenticate</span><span class="p">(</span><span class="kt">string</span><span class="p">?</span> <span class="k">value</span><span class="p">,</span> <span class="n">CancellationToken</span> <span class="n">cancellationToken</span> <span class="p">=</span> <span class="k">default</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="kt">string</span><span class="p">.</span><span class="nf">IsNullOrEmpty</span><span class="p">(</span><span class="k">value</span><span class="p">))</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">ClaimsIdentity</span><span class="p">();</span> <span class="kt">var</span> <span class="n">apiKey</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_repository</span><span class="p">.</span><span class="nf">GetApiKeyAsync</span><span class="p">(</span><span class="k">value</span><span class="p">,</span> <span class="n">cancellationToken</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">apiKey</span><span class="p">?.</span><span class="n">User</span> <span class="p">==</span> <span class="k">null</span><span class="p">)</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">ClaimsIdentity</span><span class="p">();</span> <span class="kt">var</span> <span class="n">identity</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">ClaimsIdentity</span><span class="p">(</span><span class="n">SecurityKeyAuthenticationDefaults</span><span class="p">.</span><span class="n">AuthenticationScheme</span><span class="p">);</span> <span class="n">identity</span><span class="p">.</span><span class="nf">AddClaim</span><span class="p">(</span><span class="k">new</span> <span class="nf">Claim</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">apiKey</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="n">Name</span><span class="p">));</span> <span class="n">identity</span><span class="p">.</span><span class="nf">AddClaim</span><span class="p">(</span><span class="k">new</span> <span class="nf">Claim</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">NameIdentifier</span><span class="p">,</span> <span class="n">apiKey</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="n">Id</span><span class="p">));</span> <span class="c1">// Add role claims</span> <span class="k">foreach</span> <span class="p">(</span><span class="kt">var</span> <span class="n">role</span> <span class="k">in</span> <span class="n">apiKey</span><span class="p">.</span><span class="n">User</span><span class="p">.</span><span class="n">Roles</span><span class="p">)</span> <span class="p">{</span> <span class="n">identity</span><span class="p">.</span><span class="nf">AddClaim</span><span class="p">(</span><span class="k">new</span> <span class="nf">Claim</span><span class="p">(</span><span class="n">ClaimTypes</span><span class="p">.</span><span class="n">Role</span><span class="p">,</span> <span class="n">role</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="n">identity</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Register custom validator</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddScoped</span><span class="p">&lt;</span><span class="n">IApiKeyRepository</span><span class="p">,</span> <span class="n">ApiKeyRepository</span><span class="p">&gt;();</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">AddSecurityKey</span><span class="p">&lt;</span><span class="n">DatabaseSecurityKeyValidator</span><span class="p">&gt;();</span> </code></pre> </div> <h2> License </h2> <p>This project is licensed under the MIT License</p> aspnetcore authentication apikey security Equatable.Generator - Source generator for Equals and GetHashCode Paul Welter Sat, 07 Sep 2024 17:00:00 +0000 https://forem.com/loresoft/equatablegenerator-source-generator-for-equals-and-gethashcode-1lfb https://forem.com/loresoft/equatablegenerator-source-generator-for-equals-and-gethashcode-1lfb <p>Source generator for <code>Equals</code> and <code>GetHashCode</code></p> <ul> <li><a href="https://github.com/loresoft/Equatable.Generator" rel="noopener noreferrer">https://github.com/loresoft/Equatable.Generator</a></li> <li><a href="https://www.nuget.org/packages/Equatable.Generator" rel="noopener noreferrer">https://www.nuget.org/packages/Equatable.Generator</a></li> </ul> <h2> Features </h2> <ul> <li>Override <code>Equals</code> and <code>GetHashCode</code> </li> <li>Implement <code>IEquatable&lt;T&gt;</code> </li> <li>Support <code>class</code>, <code>record</code> and <code>struct</code> types</li> <li>Support <code>EqualityComparer</code> per property</li> <li>Attribute based control of equality implementation</li> <li>Comparers supported: String, Sequence, Dictionary, HashSet, Reference, and Custom</li> <li>No runtime dependencies. Library is compile time dependence only.</li> </ul> <h3> Usage </h3> <h4> Add package </h4> <p>Add the nuget package to your projects.</p> <p><code>dotnet add package Equatable.Generator</code></p> <p>Prevent including Equatable.Generator as a dependency<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"Equatable.Generator"</span> <span class="na">PrivateAssets=</span><span class="s">"all"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h3> Requirements </h3> <p>This library requires:</p> <ul> <li>Target framework .NET Standard 2.0 or greater</li> <li>Project C# <code>LangVersion</code> 8.0 or higher</li> </ul> <h3> Equatable Attributes </h3> <p>Place equatable attribute on a <code>class</code>, <code>record</code> or <code>struct</code>. The source generator will create a partial with overrides for <code>Equals</code> and <code>GetHashCode</code>.</p> <ul> <li> <code>[Equatable]</code> Marks the class to generate overrides for <code>Equals</code> and <code>GetHashCode</code> </li> </ul> <p>The default comparer used in the implementation of <code>Equals</code> and <code>GetHashCode</code> is <code>EqualityComparer&lt;T&gt;.Default</code>. Customize the comparer used with the following attributes.</p> <ul> <li> <code>[IgnoreEquality]</code> Ignore property in <code>Equals</code> and <code>GetHashCode</code> implementations</li> <li> <code>[StringEquality]</code> Use specified <code>StringComparer</code> when comparing strings</li> <li> <code>[SequenceEquality]</code> Use <code>Enumerable.SequenceEqual</code> to determine whether enumerables are equal</li> <li> <code>[DictionaryEquality]</code> Use to determine if dictionaries are equal</li> <li> <code>[HashSetEquality]</code> Use <code>ISet&lt;T&gt;.SetEquals</code> to determine whether enumerables are equal</li> <li> <code>[ReferenceEquality]</code> Use <code>Object.ReferenceEquals</code> to determines whether instances are the same instance</li> <li> <code>[EqualityComparer]</code> Use the specified <code>EqualityComparer</code> </li> </ul> <h3> Example Usage </h3> <p>Example of using the attributes to customize the source generation of <code>Equals</code> and <code>GetHashCode</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">Equatable</span><span class="p">]</span> <span class="k">public</span> <span class="k">partial</span> <span class="k">class</span> <span class="nc">UserImport</span> <span class="p">{</span> <span class="p">[</span><span class="nf">StringEquality</span><span class="p">(</span><span class="n">StringComparison</span><span class="p">.</span><span class="n">OrdinalIgnoreCase</span><span class="p">)]</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">EmailAddress</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="k">null</span><span class="p">!;</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">DisplayName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">FirstName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">LastName</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTimeOffset</span><span class="p">?</span> <span class="n">LockoutEnd</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTimeOffset</span><span class="p">?</span> <span class="n">LastLogin</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="n">IgnoreEquality</span><span class="p">]</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">FullName</span> <span class="p">=&gt;</span> <span class="s">$"</span><span class="p">{</span><span class="n">FirstName</span><span class="p">}</span><span class="s"> </span><span class="p">{</span><span class="n">LastName</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="p">[</span><span class="n">HashSetEquality</span><span class="p">]</span> <span class="k">public</span> <span class="n">HashSet</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">&gt;?</span> <span class="n">Roles</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="n">DictionaryEquality</span><span class="p">]</span> <span class="k">public</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">int</span><span class="p">&gt;?</span> <span class="n">Permissions</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">[</span><span class="n">SequenceEquality</span><span class="p">]</span> <span class="k">public</span> <span class="n">List</span><span class="p">&lt;</span><span class="n">DateTimeOffset</span><span class="p">&gt;?</span> <span class="n">History</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> dotnet gethashcode equals sourcegenerator Injectio - Source Generator for Dependency Injection Paul Welter Tue, 01 Nov 2022 17:00:00 +0000 https://forem.com/loresoft/injectio-source-generator-for-dependency-injection-4582 https://forem.com/loresoft/injectio-source-generator-for-dependency-injection-4582 <p>Source generator that helps register discovered services in the dependency injection container</p> <ul> <li><a href="https://github.com/loresoft/Injectio" rel="noopener noreferrer">https://github.com/loresoft/Injectio</a></li> <li><a href="https://www.nuget.org/packages/Injectio" rel="noopener noreferrer">https://www.nuget.org/packages/Injectio</a></li> </ul> <h2> Features </h2> <ul> <li>Transient, Singleton, Scoped service registration</li> <li>Factory registration</li> <li>Module method registration</li> <li>Duplicate Strategy - Skip,Replace,Append</li> <li>Registration Strategy - Self, Implemented Interfaces, Self With Interfaces</li> </ul> <h3> Usage </h3> <h4> Add package </h4> <p>Add the nuget package project to your projects.</p> <p><code>dotnet add package Injectio</code></p> <p>Prevent dependances from including Injectio<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PackageReference</span> <span class="na">Include=</span><span class="s">"Injectio"</span> <span class="na">PrivateAssets=</span><span class="s">"all"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h3> Registration Attributes </h3> <p>Place registration attribute on class. The class will be discovered and registered.</p> <ul> <li> <code>[RegisterSingleton]</code> Marks the class as a singleton service</li> <li> <code>[RegisterScoped]</code> Marks the class as a scoped service</li> <li> <code>[RegisterTransient]</code> Marks the class as a transient service</li> <li> <code>[RegisterServices]</code> Marks the method to be called to register services</li> </ul> <h4> Attribute Properties </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Property</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>ImplementationType</td> <td>The type that implements the service. If not set, the class the interface is on will be used.</td> </tr> <tr> <td>ServiceType</td> <td>The type of the service. If not set, the Registration property used to determine what is registered.</td> </tr> <tr> <td>Factory</td> <td>Name of a factory method to create new instances of the service implementation.</td> </tr> <tr> <td>Duplicate</td> <td>How the generator handles duplicate registrations. See Duplicate Strategy</td> </tr> <tr> <td>Registration</td> <td>How the generator determines what to register. See Registration Strategy</td> </tr> </tbody> </table></div> <h4> Duplicate Strategy </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Value</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Skip</td> <td>Skips registrations for services that already exists</td> </tr> <tr> <td>Replace</td> <td>Replaces existing service registrations</td> </tr> <tr> <td>Append</td> <td>Appends a new registration for existing services</td> </tr> </tbody> </table></div> <h4> Registration Strategy </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Value</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Self</td> <td>Registers each matching concrete type as itself</td> </tr> <tr> <td>ImplementedInterfaces</td> <td>Registers each matching concrete type as all of its implemented interfaces</td> </tr> <tr> <td>SelfWithInterfaces</td> <td>Registers each matching concrete type as all of its implemented interfaces and itself</td> </tr> </tbody> </table></div> <h4> Singleton services </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">RegisterSingleton</span><span class="p">]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SingletonService</span> <span class="p">:</span> <span class="n">IService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>Explicit service type<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">RegisterSingleton</span><span class="p">(</span><span class="n">ServiceType</span> <span class="p">=</span> <span class="k">typeof</span><span class="p">(</span><span class="n">IService</span><span class="p">))]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">SingletonService</span> <span class="p">:</span> <span class="n">IService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <h4> Scoped Services </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">RegisterScoped</span><span class="p">]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ScopedService</span> <span class="p">:</span> <span class="n">IService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <h4> Transient Services </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="n">RegisterTransient</span><span class="p">]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">TransientService</span> <span class="p">:</span> <span class="n">IService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <h4> Factories </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">RegisterTransient</span><span class="p">(</span><span class="n">Factory</span> <span class="p">=</span> <span class="k">nameof</span><span class="p">(</span><span class="n">ServiceFactory</span><span class="p">))]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">FactoryService</span> <span class="p">:</span> <span class="n">IFactoryService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">IService</span> <span class="n">_service</span><span class="p">;</span> <span class="k">public</span> <span class="nf">FactoryService</span><span class="p">(</span><span class="n">IService</span> <span class="n">service</span><span class="p">)</span> <span class="p">{</span> <span class="n">_service</span> <span class="p">=</span> <span class="n">service</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">static</span> <span class="n">IFactoryService</span> <span class="nf">ServiceFactory</span><span class="p">(</span><span class="n">IServiceProvider</span> <span class="n">serviceProvider</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">FactoryService</span><span class="p">(</span><span class="n">serviceProvider</span><span class="p">.</span><span class="n">GetService</span><span class="p">&lt;</span><span class="n">IService</span><span class="p">&gt;());</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> Open Generic </h4> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">RegisterSingleton</span><span class="p">(</span><span class="n">ImplementationType</span> <span class="p">=</span> <span class="k">typeof</span><span class="p">(</span><span class="n">OpenGeneric</span><span class="p">&lt;&gt;),</span> <span class="n">ServiceType</span> <span class="p">=</span> <span class="k">typeof</span><span class="p">(</span><span class="n">IOpenGeneric</span><span class="p">&lt;&gt;))]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">OpenGeneric</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="p">:</span> <span class="n">IOpenGeneric</span><span class="p">&lt;</span><span class="n">T</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <h4> Register Method </h4> <p>When the service registration is complex, use the <code>RegisterServices</code> attribute on a method that has a parameter of <code>IServiceCollection</code> or <code>ServiceCollection</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">class</span> <span class="nc">RegistrationModule</span> <span class="p">{</span> <span class="p">[</span><span class="n">RegisterServices</span><span class="p">]</span> <span class="k">public</span> <span class="k">static</span> <span class="k">void</span> <span class="nf">Register</span><span class="p">(</span><span class="n">IServiceCollection</span> <span class="n">services</span><span class="p">)</span> <span class="p">{</span> <span class="n">services</span><span class="p">.</span><span class="n">TryAddTransient</span><span class="p">&lt;</span><span class="n">IModuleService</span><span class="p">,</span> <span class="n">ModuleService</span><span class="p">&gt;();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> Add to container </h4> <p>The source generator creates an extension method with all the discovered services registered. Call the generated extension method to add the services to the container. The method will be called <code>Add[AssemblyName]</code>. The assembly name will have the dots removed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">services</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">ServiceCollection</span><span class="p">();</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddInjectioTestsConsole</span><span class="p">();</span> </code></pre> </div> <p>Override the extension method name by using the <code>InjectioName</code> MSBuild property.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;PropertyGroup&gt;</span> <span class="nt">&lt;InjectioName&gt;</span>Library<span class="nt">&lt;/InjectioName&gt;</span> <span class="nt">&lt;/PropertyGroup&gt;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">services</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">ServiceCollection</span><span class="p">();</span> <span class="n">services</span><span class="p">.</span><span class="nf">AddLibrary</span><span class="p">();</span> </code></pre> </div> dependencyinjection sourcegenerator csharp dotnet Entity Framework Core Generator - Generating a model from an existing database Paul Welter Wed, 14 Nov 2018 18:00:00 +0000 https://forem.com/loresoft/entity-framework-core-generator-generating-a-model-from-an-existing-database-ddh https://forem.com/loresoft/entity-framework-core-generator-generating-a-model-from-an-existing-database-ddh <h2> Overview </h2> <p>.NET Core command-line (CLI) tool to generate Entity Framework Core model from an existing database.</p> <ul> <li>NuGet: <a href="https://nuget.org/packages/EntityFrameworkCore.Generator" rel="noopener noreferrer">https://nuget.org/packages/EntityFrameworkCore.Generator</a> </li> <li>Source: <a href="https://github.com/loresoft/EntityFrameworkCore.Generator" rel="noopener noreferrer">http://github.com/loresoft/EntityFrameworkCore.Generator</a> </li> <li>Documentation: <a href="https://efg.loresoft.com" rel="noopener noreferrer">https://efg.loresoft.com</a> </li> </ul> <h2> Features </h2> <ul> <li>Entity Framework Core database first model generation</li> <li>Safe regeneration via region replacement</li> <li>Safe Renaming via mapping file parsing</li> <li>Optionally generate read, create and update models from entity</li> <li>Optionally generate validation and object mapper classes</li> </ul> <h2> Documentation </h2> <p>Entity Framework Core Generator documentation is available via <a href="https://efg.loresoft.com" rel="noopener noreferrer">Read the Docs</a></p> <h2> Installation </h2> <p>To install EntityFrameworkCore.Generator tool, run the following command in the console<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet tool <span class="nb">install</span> <span class="nt">--global</span> EntityFrameworkCore.Generator </code></pre> </div> <p>After the tool has been install, the <code>efg</code> command line will be available. Run <code>efg --help</code> for command line options</p> <h2> Generate Command </h2> <p>Entity Framework Core Generator (efg) creates source code files from a database schema. To generate the files with no configuration, run the following<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>efg generate <span class="nt">-c</span> &lt;ConnectionString&gt; </code></pre> </div> <p>Replace <code>&lt;ConnectionString&gt;</code> with a valid database connection string.</p> <h3> Generation Output </h3> <p>The <code>generate</code> command will create the follow files and directory structure by default. The root directory defaults to the current working directory. Most of the output names and locations can be customized in the <a href="https://efg.loresoft.com/en/latest/configuration/" rel="noopener noreferrer">configuration file</a></p> <h4> Data Context Output </h4> <p>The EntityFramework DbContext file will be created in the root directory.</p> <h4> Entities Output </h4> <p>The entities directory will contain the generated source file for entity class representing each table.</p> <h4> Mapping Output </h4> <p>The mapping directory contains a fluent mapping class to map each entity to its table.</p> <h2> Initialize Command </h2> <p>The <code>initialize</code> command is used to create the configuration yaml file and optionally set the <a href="https://efg.loresoft.com/en/latest/connectionString/" rel="noopener noreferrer">connection string</a>. The configuration file has many options to configure the generated output. See the <a href="https://efg.loresoft.com/en/latest/configuration/" rel="noopener noreferrer">configuration file</a> documentation for more details.</p> <p>The following command will create an initial <code>generation.yaml</code> configuration file as well as setting a user secret to store the connection string.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>efg initialize <span class="nt">-c</span> &lt;ConnectionString&gt; </code></pre> </div> <p>When a <code>generation.yaml</code> configuration file exists, you can run <code>efg generate</code> in the same directory to generate the source using that configuration file.</p> <h2> Regeneration </h2> <p>Entity Framework Core Generator supports safe regeneration via region replacement and source code parsing. A typical workflow for a project requires many database changes and updates. Being able to regenerate the entities and associated files is a huge time saver.</p> <h3> Region Replacement </h3> <p>All the templates output a region on first generation. On future regeneration, only the regions are replaced. This keeps any other changes you've made to the source file.</p> <p>Example of a generated entity class<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">public</span> <span class="k">partial</span> <span class="k">class</span> <span class="nc">Status</span> <span class="p">{</span> <span class="k">public</span> <span class="nf">Status</span><span class="p">()</span> <span class="p">{</span> <span class="err">#</span><span class="n">region</span> <span class="n">Generated</span> <span class="n">Constructor</span> <span class="n">Tasks</span> <span class="p">=</span> <span class="k">new</span> <span class="n">HashSet</span><span class="p">&lt;</span><span class="n">Task</span><span class="p">&gt;();</span> <span class="err">#</span><span class="n">endregion</span> <span class="p">}</span> <span class="err">#</span><span class="n">region</span> <span class="n">Generated</span> <span class="n">Properties</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">Id</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Name</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">Description</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">int</span> <span class="n">DisplayOrder</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">bool</span> <span class="n">IsActive</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTimeOffset</span> <span class="n">Created</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">CreatedBy</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">DateTimeOffset</span> <span class="n">Updated</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="kt">string</span> <span class="n">UpdatedBy</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="n">Byte</span><span class="p">[]</span> <span class="n">RowVersion</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="err">#</span><span class="n">endregion</span> <span class="err">#</span><span class="n">region</span> <span class="n">Generated</span> <span class="n">Relationships</span> <span class="k">public</span> <span class="k">virtual</span> <span class="n">ICollection</span><span class="p">&lt;</span><span class="n">Task</span><span class="p">&gt;</span> <span class="n">Tasks</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="err">#</span><span class="n">endregion</span> <span class="p">}</span> </code></pre> </div> <p>When the <code>generate</code> command is re-run, the <code>Generated Constructor</code>, <code>Generated Properties</code> and <code>Generated Relationships</code> regions will be replace with the current output of the template. Any other changes outside those regions will be safe.</p> <h3> Source Parsing </h3> <p>In order to capture and preserve Entity, Property and DbContext renames, the <code>generate</code> command parses any existing mapping and DbContext class to capture how things are named. This allows you to use the full extend of Visual Studio's refactoring tools to rename things as you like. Then, when regenerating, those changes won't be lost.</p> <h2> Database Providers </h2> <p>Entity Framework Core Generator supports the following databases.</p> <ul> <li>SQL Server</li> <li>PostgreSQL <em>Coming Soon</em> </li> <li>MySQL <em>Coming Soon</em> </li> <li>Sqlite <em>Coming Soon</em> </li> </ul> <p>The provider can be set via command line or via the <a href="https://efg.loresoft.com/en/latest/configuration/" rel="noopener noreferrer">configuration file</a>.</p> <p>Set via command line<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>efg generate <span class="nt">-c</span> &lt;ConnectionString&gt; <span class="nt">-p</span> &lt;Provider&gt; </code></pre> </div> <p>Set in configuration file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">database</span><span class="pi">:</span> <span class="na">connectionString</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Data</span><span class="nv"> </span><span class="s">Source=(local);Initial</span><span class="nv"> </span><span class="s">Catalog=Tracker;Integrated</span><span class="nv"> </span><span class="s">Security=True'</span> <span class="na">provider</span><span class="pi">:</span> <span class="s">SqlServer</span> </code></pre> </div> <h2> Database Schema </h2> <p>The database schema is loaded from the metadata model factory implementation of <code>IDatabaseModelFactory</code>. Entity Framework Core Generator uses the implemented interface from each of the supported providers similar to how <code>ef dbcontext scaffold</code> works.</p> <h2> View Models </h2> <p>Entity Framework Core Generator supports generating <a href="https://efg.loresoft.com/en/latest/md/read/" rel="noopener noreferrer">Read</a>, <a href="https://efg.loresoft.com/en/latest/md/create/" rel="noopener noreferrer">Create</a> and <a href="https://efg.loresoft.com/en/latest/md/update/" rel="noopener noreferrer">Update</a> view models from an entity. Many projects rely on view models to shape data. The model templates can be used to quickly get the basic view models created. The model templates also support regeneration so any database change can easily be sync'd to the view models.</p> entityframeworkcore dotnet csharp EntityChange - Library to compare two entity object graphs Paul Welter Mon, 28 Nov 2016 18:00:00 +0000 https://forem.com/loresoft/entitychange-library-to-compare-two-entity-object-graphs-36cn https://forem.com/loresoft/entitychange-library-to-compare-two-entity-object-graphs-36cn <h2> Overview </h2> <p>Library to compare two entity object graphs detecting changes</p> <h2> Features </h2> <ul> <li>Compare complete entity graph including child entities, collections and dictionaries</li> <li>Collection compare by index or element equality</li> <li>Dictionary compare by key</li> <li>Custom value string formatter</li> <li>Custom entity equality compare</li> <li>Markdown or Html change report formatter</li> </ul> <h2> Download </h2> <p>The EntityChange library is available on nuget.org via package name <code>EntityChange</code>.</p> <p>To install EntityChange, run the following command in the Package Manager Console<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-Package</span><span class="w"> </span><span class="nx">EntityChange</span><span class="w"> </span></code></pre> </div> <ul> <li>NuGet: <a href="https://nuget.org/packages/EntityChange" rel="noopener noreferrer">https://nuget.org/packages/EntityChange</a> </li> <li>Source: <a href="https://github.com/loresoft/EntityChange" rel="noopener noreferrer">http://github.com/loresoft/EntityChange</a> </li> </ul> <h2> Configuration </h2> <p>Configure the Contact properties and collections.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">EntityChange</span><span class="p">.</span><span class="n">Configuration</span><span class="p">.</span><span class="n">Default</span><span class="p">.</span><span class="nf">Configure</span><span class="p">(</span><span class="n">config</span> <span class="p">=&gt;</span> <span class="n">config</span> <span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">Contact</span><span class="p">&gt;(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="c1">// set the FirstName display name</span> <span class="n">e</span><span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">FirstName</span><span class="p">).</span><span class="nf">Display</span><span class="p">(</span><span class="s">"First Name"</span><span class="p">);</span> <span class="c1">// compare the Roles collection by string equality</span> <span class="n">e</span><span class="p">.</span><span class="nf">Collection</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Roles</span><span class="p">)</span> <span class="p">.</span><span class="nf">CollectionComparison</span><span class="p">(</span><span class="n">CollectionComparison</span><span class="p">.</span><span class="n">ObjectEquality</span><span class="p">)</span> <span class="p">.</span><span class="nf">ElementEquality</span><span class="p">(</span><span class="n">StringEquality</span><span class="p">.</span><span class="n">OrdinalIgnoreCase</span><span class="p">);</span> <span class="c1">// set how to format the EmailAddress entity as a string</span> <span class="n">e</span><span class="p">.</span><span class="nf">Collection</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">EmailAddresses</span><span class="p">).</span><span class="nf">ElementFormatter</span><span class="p">(</span><span class="n">v</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="kt">var</span> <span class="n">address</span> <span class="p">=</span> <span class="n">v</span> <span class="k">as</span> <span class="n">EmailAddress</span><span class="p">;</span> <span class="k">return</span> <span class="n">address</span><span class="p">?.</span><span class="n">Address</span><span class="p">;</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="n">Entity</span><span class="p">&lt;</span><span class="n">EmailAddress</span><span class="p">&gt;(</span><span class="n">e</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">e</span><span class="p">.</span><span class="nf">Property</span><span class="p">(</span><span class="n">p</span> <span class="p">=&gt;</span> <span class="n">p</span><span class="p">.</span><span class="n">Address</span><span class="p">).</span><span class="nf">Display</span><span class="p">(</span><span class="s">"Email Address"</span><span class="p">);</span> <span class="p">})</span> <span class="p">);</span> </code></pre> </div> <h2> Comparison </h2> <p>Compare to Contact entities<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="c1">// create comparer using default configuration</span> <span class="kt">var</span> <span class="n">comparer</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">EntityComparer</span><span class="p">();</span> <span class="c1">// compare original and current instances generating change list </span> <span class="kt">var</span> <span class="n">changes</span> <span class="p">=</span> <span class="n">comparer</span><span class="p">.</span><span class="nf">Compare</span><span class="p">(</span><span class="n">original</span><span class="p">,</span> <span class="n">current</span><span class="p">).</span><span class="nf">ToList</span><span class="p">();</span> </code></pre> </div> <h2> Change Report </h2> <p>Sample output from the <code>MarkdownFormatter</code></p> <p><strong>OUTPUT</strong></p> <ul> <li>Removed <code>Administrator</code> from <code>Roles</code> </li> <li>Changed <code>Email Address</code> from <code>user@Personal.com</code> to <code>user@gmail.com</code> </li> <li>Added <code>user@home.com</code> to <code>Email Addresses</code> </li> <li>Changed <code>Status</code> from <code>New</code> to <code>Verified</code> </li> <li>Changed <code>Updated</code> from <code>5/17/2016 8:51:59 PM</code> to <code>5/17/2016 8:52:00 PM</code> </li> <li>Changed <code>Zip</code> from <code>10026</code> to <code>10027</code> </li> <li>Changed <code>Number</code> from <code>888-555-1212</code> to <code>800-555-1212</code> </li> <li>Added <code>Blah</code> to <code>Categories</code> </li> <li>Changed <code>Data</code> from <code>1</code> to <code>2</code> </li> <li>Changed <code>Data</code> from <code>./home</code> to <code>./path</code> </li> </ul> dotnet compare changedetection objectgraph