Centeva.RequestAuthorization 2.1.0

Prefix Reserved
dotnet add package Centeva.RequestAuthorization --version 2.1.0                
NuGet\Install-Package Centeva.RequestAuthorization -Version 2.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Centeva.RequestAuthorization" Version="2.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Centeva.RequestAuthorization --version 2.1.0                
#r "nuget: Centeva.RequestAuthorization, 2.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Centeva.RequestAuthorization as a Cake Addin
#addin nuget:?package=Centeva.RequestAuthorization&version=2.1.0

// Install Centeva.RequestAuthorization as a Cake Tool
#tool nuget:?package=Centeva.RequestAuthorization&version=2.1.0                

Centeva Request Authorization

Centeva.RequestAuthorization is a .NET library that provides a method for authorizing MediatR requests via a set of defined requirements.

This enables authorization at the request level instead of inside ASP.Net Core controllers, separating authorization logic from the presentation layer.

Built With

Installation

Import the Centeva.RequestAuthorization package to your projects where needed, along with the desired provider sub-packages:

Dependency Injection

Register authorizers, requirement handlers, and the MediatR pipeline behavior in your DI container:

services.AddRequestAuthorization(typeof(DeleteItemAuthorizer).Assembly);

OR if you have multiple assemblies with authorizers/handlers:

services.AddRequestAuthorization(typeof(DeleteItemAuthorizer).Assembly, typeof(OtherAuthorizer).Assembly);

Alternatively, register authorizers, handlers, and the pipeline separately:

builder.Services.AddRequestAuthorizersFromAssembly(typeof(DeleteItemAuthorizer).Assembly);
builder.Services.AddRequestAuthorizationHandlersFromAssembly(typeof(MustBeItemOwnerHandler).Assembly);

builder.Services.AddMediatR(cfg =>
{
    cfg.RegisterServicesFromAssembly(Assembly.GetExecutingAssembly());
    cfg.AddOpenBehavior(typeof(RequestAuthorizationBehavior<,>));
});

Authorization Requirements

Implement IRequestAuthorizationRequirement and IRequestAuthorizationHandler<TRequirement> to create reusable authorization rules:

public class MustBeItemOwnerRequirement : IRequestAuthorizationRequirement
{
  public int UserId { get; set; }
  public int ItemId { get; set; }
}

public class MustBeItemOwnerHandler : IRequestAuthorizationHandler<MustBeItemOwnerRequirement>
{
  public MustBeItemOwnerHandler(IItemRepository itemRepository)
  {
    _itemRepository = itemRepository;
  }

  public async Task<AuthorizationResult> Handle(
    MustBeItemOwnerRequirement requirement, 
    CancellationToken cancellationToken)
  {
    var item = await _itemRepository.Get(requirement.ItemId, cancellationToken);

    if (item != null && item.OwnerId == requirement.UserId)
      return AuthorizationResult.Succeed();

    return AuthorizationResult.Fail("Must be the owner of this item");
  }
}

Each IAuthorizationHandler must return either a success or failure result based on the logic in the Handle method.

Request Authorizers

Derive from AbstractRequestAuthorizer<TRequest> and implement BuildPolicy to compose requirements for authorizing the given MediatR request:

public class DeleteItemAuthorizer : AbstractRequestAuthorizer<DeleteItemCommand>
{
  public DeleteItemAuthorizer(ICurrentUserService currentUserService)
  {
      _currentUserService = currentUserService;
  }

  public override void BuildPolicy(DeleteItemCommand request)
  {
      UseRequirement(new MustBeItemOwnerRequirement
      {
        UserId = _currentUserService.UserId,
        ItemId = request.ItemId
      });
  }
}

Contributing

Please use a Pull Request to suggest changes to this library. As this is a shared library, strict semantic versioning rules should be followed to avoid unexpected breaking changes.

Running Tests

From Windows, use the dotnet test command, or your Visual Studio Test Explorer.

Deployment

This library is versioned by GitVersion. Create a Git tag for an official release (e.g., "v1.0.0"). Version numbers can be incremented via commit message using the GitVersion approaches.

Resources

This is based heavily on this article: Handling Authorization In Clean Architecture with ASP.NET Core and MediatR from Austin Davies.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.1.0 207 6/5/2024
2.0.0 174 2/20/2024
1.0.0 245 12/26/2023
0.2.0 181 12/6/2023
0.1.0 142 12/6/2023